Risky Bulletin: eScan Antivirus Distributes Backdoor in Latest Supply Chain Attack

Podcast: Risky Bulletin | Host: risky.biz
Date: January 29, 2026

Episode Overview

This episode delivers the latest cybersecurity news round-up. The central focus is a significant supply chain attack involving eScan Antivirus, with other major stories encompassing data breaches, GDPR enforcement challenges, legal actions against cybercriminals, government interventions, and developments in the cyber threat landscape.

Key Discussion Points & Insights

1. eScan Antivirus Supply Chain Attack (00:10 – 01:10)

• Incident summary:
  • Hackers breached the update mechanism of eScan Antivirus.
  • The attack targeted a single regional update server for about one hour on January 20, 2026.
  • Distributed malware was a backdoor that prevented future updates and contacted a remote command-and-control server.
  • Quote (A/Amberly Jack):
    • “[The] payload was a backdoor that disabled future eScan updates and contacted a remote command and control server.” (00:38)

2. Preemptive US Cyber Command Actions on Disinformation Farms (01:10 – 01:36)

• US Cyber Command Operations:
  • Hacked Russian and Iranian troll farms ahead of the 2024 US elections.
  • Actions are notable as the Trump administration had previously shut down many counter-disinformation programs.
  • Quote:
    • “US cyber Command hacked foreign disinformation farms ahead of the country's 2024 elections.” (01:11)

3. Russian Data Wiper Attack on Poland's Energy Sector (01:36 – 02:27)

• 30 energy locations hit with a data wiper attack targeting Remote Terminal Units (RTUs).
• Devices rendered unrecoverable, but the attack did not crash the grid.
• Included heat/power plants and renewable management sites.
• Quote:
  • “[The] attack rendered the units beyond repair but did not crash the energy grid.” (01:57)

4. GDPR Fines Largely Uncollected in Ireland (02:27 – 02:54)

• Ireland’s Data Protection Agency collected only 0.5% of all GDPR fines (~€20 million out of €4 billion issued).
• Issues arise as most tech companies are Ireland-based and many fines are stuck in appeals.
• Quote:
  • “Most of the fines are stuck in the appeals process.” (02:48)

5. New Apple Privacy Settings (02:54 – 03:18)

• Apple introduces a feature to obscure users’ precise location from mobile/cell providers.
• Available in iOS 26.3+; only general area shown to telcos.
• Quote:
  • “The feature will allow users to hide their precise locations from their mobile and cell providers.” (02:59)

6. Google Legal Settlements (03:18 – 03:44)

• Google agrees to pay two class action settlements:
  • $135 million for collecting user location data without consent.
  • $68 million related to unauthorized voice assistant recordings.
• Noteworthy: Both settlements occurred in the same week.

7. South Korea’s Data Breach Notification Policy (03:44 – 04:09)

• New government framework requires citizen notification for both confirmed and suspected security breaches.
• Policy change in response to a string of high-profile breaches.

8. EU Cybersecurity Investment Criticism (04:09 – 04:35)

• ENISA chief Juhan Lepassaar says EU’s cyber investments are insufficient.
• Most European startups rely on American cyber intelligence (CISA, MITRE).
• Quote:
  • “Recent investments in the bloc's security have failed to adequately address cyber.” (04:24)

9. Crackdown on Chinese Cyberscam Compounds (04:35 – 05:01)

• Chinese authorities executed 11 members of the Ming crime family for operating scam compounds in Myanmar.
• Five Bai family members are currently awaiting execution.
• Notable moment:
  • “The suspects were executed following failed appeals.” (04:46)

10. FBI Seizes Ramp Cybercrime Forum (05:01 – 05:24)

• Major ransomware forum taken offline by FBI.
• RAMP admin confirmed the takedown on another cybercrime forum.

11. Google Disrupts IP Idea Proxy Botnet (05:24 – 05:51)

• Google shut down domains linked to IP Idea, a residential proxy botnet abused for cyberattacks.
• Plans to block Android apps using their SDKs.
• Quote:
  • “The company says the botnet had been used to hide the activities of multiple threat actors.” (05:35)

12. Empire Underground Drug Market Guilty Plea (05:51 – 06:09)

• Co-founder Raheem Hamilton pled guilty to US federal drug charges.
• Market sold over $375 million of drugs until 2020.

13. Crypto Scam Money Laundering Conviction (06:09 – 06:36)

• Xing Liang Su, a Chinese national, sentenced to 46 months for laundering $37 million of Cambodia scam proceeds.
• Chinese services now responsible for 20% of global on-chain crypto laundering—up massively since 2020.
• Quote:
  • “Chinese operators laundered more than $82 billion last year, up from just $10 billion in 2020.” (06:25)

14. LLM Server Abuse and Resale (06:36 – 06:54)

• Hackers scanning for misconfigured large-language model (LLM) servers (e.g., Ollama, vLLM) and selling compute access.
• Campaign traced to threat actor “Hekka.”

15. North Korean Labyrinth Kolyma Group Splits (06:54 – 07:17)

• CrowdStrike reports the group has split into three:
  • Core team continues cyber espionage.
  • “Golden” and “Pressure Kalima” branches now target crypto assets.

Notable Quotes and Memorable Moments

• eScan attack insight:
  • “The payload was a backdoor that disabled future E Scan updates and contacted a remote command and control server.” — Amberly Jack (00:38)
• Polish energy attack impact:
  • “The attack rendered the units beyond repair but did not crash the energy grid.” (01:57)
• On GDPR enforcement woes:
  • “Most of the fines are stuck in the appeals process.” (02:48)
• ENISA chief’s cyber investment critique:
  • "Recent investments in the bloc's security have failed to adequately address cyber.” (04:24)
• Crypto laundering growth:
  • “Chinese operators laundered more than $82 billion last year, up from just $10 billion in 2020.” (06:25)
• Law enforcement action against cybercrime:
  • “Chinese authorities executed 11 members of the Ming crime family for operating scam compounds in Myanmar.” (04:46)

Timestamps for Important Segments

| Segment | Timestamp | |---------------------------------------|---------------| | eScan Antivirus Supply Chain Attack | 00:10–01:10 | | US Cyber Command v. Disinformation | 01:10–01:36 | | Poland Energy Sector Wiper Attack | 01:36–02:27 | | Irish GDPR Fines Left Uncollected | 02:27–02:54 | | Apple New Privacy Feature | 02:54–03:18 | | Google Class Action Payouts | 03:18–03:44 | | South Korea Data Breach Rule | 03:44–04:09 | | EU Cybersecurity Investment | 04:09–04:35 | | Chinese Scam Operators Executed | 04:35–05:01 | | FBI Seizes Ramp Forum | 05:01–05:24 | | Google Disrupts Proxy Botnet | 05:24–05:51 | | Empire Market Drug Charges | 05:51–06:09 | | Crypto Scam Laundering Conviction | 06:09–06:36 | | LLM Server Hacking Campaign | 06:36–06:54 | | Labyrinth Kolyma Splits | 06:54–07:17 |

Tone and Style

Amberly Jack delivers the news in a concise, direct tone with clarity and attention to key facts—a hallmark of the Risky Business team's straightforward reporting.

This episode provides a comprehensive snapshot of major ongoing cyber threats, global law enforcement actions, and regulatory challenges, grounding each headline in broader context and impact.