Risky Bulletin: China Breaches US National Guard

Host: Claire Aird
Release Date: July 16, 2025

Introduction

In this episode of Risky Bulletin, host Claire Aird delivers a comprehensive update on the latest developments in cybersecurity, ranging from state-sponsored attacks to significant corporate security breaches. Below is a detailed summary of the key topics discussed.

1. Chinese APT Salt Typhoon's Breach of US National Guard

Timestamp: [00:04]
The episode kicks off with a concerning revelation about the Chinese Advanced Persistent Threat (APT) group, Salt Typhoon, successfully breaching at least one U.S. state's National Guard systems. A Pentagon memo obtained by NBC News indicates that this breach persisted for nine months, highlighting the sophistication and persistence of the attack.

Claire Aird: "Chinese Apt Salt Typhoon has breached at least one US state's National Guard... the breach lasted for nine months" (00:04)

Additional Impact: Salt Typhoon has also targeted a dozen U.S. and Canadian telecommunications companies. The group is believed to be operated by China's Ministry of State Security, underscoring potential state-sponsored motives behind these cyber incursions.

2. Microsoft's Controversial Collaboration with Chinese Engineers

Timestamp: [00:04]
In a surprising move, Microsoft has been utilizing Chinese engineers to manage and troubleshoot certain U.S. Department of Defense systems. These engineers gain indirect access to sensitive U.S. government networks through a "digital escort" mechanism.

Claire Aird: "Microsoft is utilising Chinese engineers to manage and troubleshoot some US Defence Department systems... the scheme has been in place for nearly a decade" (00:04)

Issues Highlighted: An unnamed digital escort disclosed to ProPublica that these engineers often lack the technical expertise to fully comprehend the operations they oversee. Furthermore, both current and former U.S. government officials were reportedly unaware of this long-standing arrangement.

3. UK's Relocation of Afghans Following Data Leak

Timestamp: [00:04]
The British government has undertaken the relocation of thousands of Afghans to the UK in response to a significant data breach at the Ministry of Defence in 2023. This breach compromised the personal information of over 33,000 Afghan nationals who supported British troops during the Afghan war.

Claire Aird: "The UK government has spent over 2 billion pounds since the breach to relocate more than 20,000 affected individuals" (00:04)

Impact: The financial and logistical efforts reflect the gravity of the data leak and its repercussions on both the individuals affected and the UK's commitments to their security and well-being.

4. Ukrainian Hacktivists Strike Russian UAV Maker Gaskar

Timestamp: [00:04]
Two Ukrainian hacktivist groups, BO Team and the Ukrainian Cyber Alliance, have launched a coordinated attack against Russian UAV manufacturer Gaskar. The cyberattack resulted in the theft of 47 terabytes of technical data and the subsequent wiping of the company’s servers and backups.

Claire Aird: "They have stolen 47 terabytes of technical data before wiping servers and backups" (00:04)

Consequences: This breach has reportedly halted production at Gaskar's facilities, demonstrating the significant disruption that cyberattacks can inflict on critical defense industries.

5. Russia's Deployment of AI-Based Security Systems at Airports

Timestamp: [00:04]
In response to increasing security threats, the Russian government plans to implement an AI-based security system across its major airports. Developed by Entec Lab, a company already under EU and U.S. sanctions, this system aims to detect attempts to bypass security checks or access restricted areas.

Claire Aird: "The Russian government will deploy an AI based security system at its major airports... developed by IT company Entec Lab" (00:04)

Implications: The deployment of such advanced technology highlights Russia's emphasis on enhancing airport security, albeit through a firm with existing international sanctions.

6. Dragon Force Ransomware Group’s Assault on US and UK Retail Chains

Timestamp: [00:04]
The Dragon Force ransomware group has claimed responsibility for breaching the U.S. retail chain Belk, resulting in several days of system outages as the company worked to recover from the May hack. This group has also been linked to attacks on prominent UK retailers, including Co Op, Harrods, and Marks and Spencer.

Claire Aird: "The Dragon Force ransomware was also used in attacks against UK retail chains Co Op, Harrods and Marks and Spencer" (00:04)

Financial Impact: These coordinated attacks have not only disrupted business operations but have also raised concerns about the vulnerability of major retail infrastructures to ransomware threats.

7. Theft of Cryptocurrency from Arcadia Finance

Timestamp: [00:04]
Hackers affiliated with the Scattered Spider Group have illicitly obtained $3.5 million worth of cryptocurrency from the decentralized finance (DeFi) platform Arcadia Finance. Exploiting vulnerabilities in the platform's smart contracts, the attackers successfully diverted funds directly from customer wallets rather than accessing a shared pool.

Claire Aird: "Hackers have stolen $3.5 million worth of cryptocurrency assets from Defi platform Arcadia Finance" (00:04)

Security Concerns: This incident underscores the critical need for robust security measures in DeFi platforms to protect individual investors from sophisticated cyber threats.

8. Arrests Related to Ransomware and Phishing Campaigns

Timestamp: [00:04]

• Disc Station Ransomware Gang Leader Arrested: A 44-year-old Romanian national has been apprehended in Italy for orchestrating cyberattacks against local companies. He is allegedly the leader of the Disc Station ransomware gang, which targeted Synology NAS devices.

Claire Aird: "A 44 year old Romanian has been arrested in Italy for cyber attacks against local companies" (00:04)

• Phishing Campaign Targeting UK Tax Agency: Romanian and British authorities have detained 14 suspects involved in a phishing scheme aimed at the UK’s tax agency. The group exploited phishing techniques to gather UK citizens' data, subsequently filing fraudulent tax returns and amassing over £1 million in illicit refunds.

Claire Aird: "Romanian and British Authorities have detained 14 suspects over a phishing campaign targeting the UK tax agency" (00:04)

9. Legal Actions Against Bulgarian Cybersecurity Expert

Timestamp: [00:04]
Bulgarian cybersecurity expert Christian Boykoff received a suspended nine-month sentence for hacking the country's tax agency in 2019. While employed by the cybersecurity firm TAD Group at the time, Boykoff leaked a database containing personal details of over 5 million Bulgarians to reporters, leading to its dissemination on hacking forums.

Claire Aird: "Christian Boykoff hacked the agency in 2019... the data included the personal details of more than 5 million Bulgarians" (00:04)

10. Omani Police Detain Chinese Tourist for SMS Phishing

Timestamp: [00:04]
Authorities in Oman have detained a Chinese tourist suspected of conducting SMS phishing operations. The individual allegedly used an SMS blaster device in her vehicle to send fraudulent text messages impersonating a local bank, aiming to deceive recipients into divulging sensitive financial information.

Claire Aird: "The woman allegedly drove around Oman's capital city Muscat, with an SMS blaster inside her car... impersonating a local bank" (00:04)

11. UK Cybersecurity Agency's New Vulnerability Research Program

Timestamp: [00:04]
The UK’s cybersecurity agency has initiated a program to integrate external security experts into its vulnerability research team. These experts will assist in auditing and testing critical government and infrastructure systems for potential vulnerabilities. Interested researchers are encouraged to apply via email.

Claire Aird: "The UK cybersecurity agency has launched a program to bring external security experts into its vulnerability research team" (00:04)

12. Settlement with Maryland IT Provider for Fraudulent Practices

Timestamp: [00:04]
Maryland-based IT provider Hill Associates has agreed to pay $14.75 million to resolve claims that it falsified information to secure U.S. government contracts. Between 2018 and 2023, the company was accused of billing federal agencies for cybersecurity and IT services that its employees were reportedly unqualified to deliver.

Claire Aird: "A Maryland IT provider has agreed to pay $14.75 million to settle claims that it lied to obtain US government contracts" (00:04)

13. Security Vulnerability in Broadcom Altiris Endpoint Management Platform

Timestamp: [00:04]
A critical vulnerability has been identified in Broadcom’s Altiris endpoint management platform, which allows remote attackers to execute malicious .NET code without authentication. Discovered by cybersecurity firm LRQA during a penetration test, Broadcom released patches to address the issue last month.

Claire Aird: "A vulnerability in the Broadcom Altiris endpoint management platform can allow attackers to run malicious code" (00:04)

14. CrowdStrike Appoints Chief Resilience Officer Amidst Major Outage

Timestamp: [00:04]
In the wake of a significant outage last year that disrupted over 8.5 million customer systems, cybersecurity firm CrowdStrike is hiring a Chief Resilience Officer. This executive will focus on enhancing the company’s engineering practices and will report directly to CEO George Kurtz.

Claire Aird: "Security firm CrowdStrike plans to hire a chief resilience officer... after major outage" (00:04)

15. Microsoft Enhances Windows 11 Security Features

Timestamp: [00:04]
Microsoft has introduced a new security feature in Windows 11 aimed at mitigating file system redirection attacks. The Redirection Guard prevents privileged processes from following junction redirects created by non-admin accounts. Currently in testing within Windows 11 Insider builds, this feature is opt-in and must be enabled for each application running with elevated privileges. Microsoft has proactively enabled it for three sensitive Windows processes.

Claire Aird: "Microsoft has added a new security feature to Windows 11 that will mitigate file system redirection attacks" (00:04)

Conclusion

This episode of Risky Bulletin highlights the evolving landscape of cybersecurity threats, ranging from sophisticated state-sponsored attacks to significant vulnerabilities in major corporations' systems. The discussions emphasize the critical need for robust security measures, proactive vulnerability management, and international cooperation to combat the ever-present cyber threats.

For more detailed insights and updates, listen to the full episode of Risky Bulletin.