Risky Bulletin: Myanmar Scam Compound Goes Boom!

Podcast: Risky Bulletin by risky.biz
Date: November 10, 2025
Host/Reader: Claire Aird
Prepared by: Catalyn Kimparnu

Episode Overview

This episode delivers a rapid-fire update on global cybersecurity news, focusing on law enforcement actions against scam operations in Southeast Asia, major data breaches, global cyber policy changes, sanctions against nation-state hackers, and noteworthy developments in spyware and internet infrastructure. The tone is concise and authoritative, reflecting the Risky Bulletin’s signature news-digest style.

Key Discussion Points & Insights

1. Myanmar Demolishes Major Scam Compound

[00:04]

Top Story: Myanmar's military junta is actively destroying the KK Park scam compound in Miwodi, the country’s largest known scam operation center.
- Controlled demolitions started on October 23.
- 24 out of 250 buildings have been destroyed via dynamite by local border forces.
Significance: Indicates a rare law enforcement move against organized cybercrime infrastructure in Southeast Asia.

2. Prominent Data Breaches & Cyberattacks

[01:02]

US Congressional Budget Office Hacked:
- Believed to be the work of a foreign APT.
- Stolen data includes emails and internal chat logs; investigation ongoing.
- Quote:
  
  “The office creates economic projections for proposed bills.” — Claire Aird [01:10]
Hungary’s Tisa Party Breached (Again):
- Details of over 200,000 users from the opposition party’s mobile app leaked.
- Second data breach this year.
- Party leader blames Russian hackers.

3. Sanctions on North Korean Hackers

[02:10]

Australia imposes financial sanctions and travel bans on one hacker and four related entities.
Targets include major groups: Kimsuki, Lazarus, Andariel, WannaCry developer Pak Jin Yeok, and Chosun Expo.

4. Singapore’s Extreme Anti-Scam Measures

[02:38]

Law amended to allow cane beatings as punishment:
- 6 to 24 lashes for scammers.
- Up to 12 for money mules.
- Quote:
  
  "Scams make up Singapore 60% of crimes reported in the country." — Singaporean Minister [02:47]

5. NSO Group Leadership Change

[03:13]

David Friedman, former Trump lawyer and US Ambassador to Israel, is now chairman after US investors acquire the company.
Intends to lift US sanctions against NSO and re-enter US markets.

6. Major Arrests and Law Enforcement Actions

[03:40]

Russian Initial Access Broker Pleads Guilty:
- Alexei Olegavich Volkov, aka "Chewbaccacore," sold network access to ransomware groups.
- Involved in 7 attacks, pocketed $1.5 million.
- Arrested in Rome; extradited to the US.
Arrests in Southeast Asia:
- Cambodia: 650+ suspects detained in cyberscam compound raids; focus on impersonation and investment scams.
- Singapore: Three Chinese nationals sentenced (min 2 years, 4 months) for gambling site hacks, data theft.

7. Cybercrime Prosecutions & Investigations

[04:13]

FBI Criminal Probe into Archive.is:
- Focused on its use to bypass news paywalls.
Samurai Wallet CEO Sentenced:
- Keon Rodriguez gets 5 years for laundering $237 million tied to criminal enterprise.
- CTO to be sentenced later in the month.
Crypto Bot Case in NY Mistrial:
- Brothers accused of exploiting bots and laundering $25 million using “novel trading strategy”; no verdict reached.

8. Global Data Sale and Privacy Concerns

[05:15]

Pakistan:
- Man arrested for selling millions of citizens’ data online; included sensitive ID and travel records.

9. Internet Policy and Regulatory News

[05:38]

EU GDPR:
- Proposed amendments would let users set cookie preferences at the browser/device level.
- Potential for huge fines for non-compliance.
Google Chrome Deprecates XSLT:
- XSLT support to be removed in Chrome 155 (due November 2026) for security reasons.
- Firefox and Safari to follow suit.

10. Spyware and Advanced Threats in the Middle East

[06:26]

New Android spyware campaign (Landfall) in the Middle East.
- Used Samsung zero-day, patched in April 2025.
- Attribution still unclear.

11. North Korean Hackers Targeting Human Rights Activists

[06:58]

"Connie APT" breaching PCs, spamming contacts via KakaoTalk and then wiping Android phones to limit traceability and victim response.

12. Security Vulnerabilities & Technical Trends

[07:25]

Django framework patched for a major SQL injection bug; highlights systemic risk to wide swaths of Python-based web apps.

13. Russian Internet Restrictions Escalate

[07:49]

Russia begins blocking Akamai CDN, causing disruptions.
- Foreign cloud providers required to localize operations or risk blocks.

Notable Quotes & Memorable Moments

On Singapore’s Anti-Scamming Law:

"Scammers could receive between six and 24 lashes and money mules up to 12." — Claire Aird [02:38]
On Myanmar’s Crackdown:

"Controlled demolitions at KK park in the city of Miwodi began on 23 October. 24 of the park's 250 buildings have been destroyed with dynamite by the local border force." — Claire Aird [00:17]
On Global Cyber Sanctions:

"Sanctioned entities include the Kimsuki, Lazarus and Andariel hacking groups. WannaCry developer Pak Jin Yeok and his employer Chosun Expo have also been sanctioned." — Claire Aird [02:25]
On the EU GDPR Cookie Changes:

"If passed, companies that ignore device level tracking consent could be fined up to 20 million euros or 4% of their annual turnover." — Claire Aird [05:55]

Key Segment Timestamps

[00:04] — Myanmar scam compound demolitions
[01:02] — Congressional Budget Office hack
[02:10] — North Korea hacker sanctions
[02:38] — Singapore’s anti-scamming legislation (caning)
[03:13] — NSO Group new chairman appointment
[03:40] — Russian access broker plea/Arrests in Cambodia and Singapore
[04:13] — FBI probe of Archive.is / Samurai Wallet sentencing
[05:15] — Pakistan data sales
[05:38] — EU GDPR cookie initiative
[06:26] — Landfall spyware / Samsung zero-day campaign
[06:58] — North Korean APT targets activists, Android wipes
[07:25] — Django SQL injection vulnerability
[07:49] — Russian blocks Akamai CDN
[08:15] — Chrome drops XSLT support

Summary

This episode offers a global tour of the week’s most significant cybersecurity news, from high-profile law enforcement strikes against scam syndicates and notorious hackers, to regulatory and technical changes with wide-reaching impact. Whether you’re tracking the crackdown on Asian cyberscam empires, following regulatory shifts in the EU, or watching the evolution of spyware and vulnerability landscapes, this episode delivers a dense, informative digest in classic Risky Bulletin style.

Risky Bulletin: Myanmar Scam Compound Goes Boom!

Podcast: Risky Bulletin by risky.biz
Date: November 10, 2025
Host/Reader: Claire Aird
Prepared by: Catalyn Kimparnu

Episode Overview

Key Discussion Points & Insights

1. Myanmar Demolishes Major Scam Compound

[00:04]

Top Story: Myanmar's military junta is actively destroying the KK Park scam compound in Miwodi, the country’s largest known scam operation center.
- Controlled demolitions started on October 23.
- 24 out of 250 buildings have been destroyed via dynamite by local border forces.
Significance: Indicates a rare law enforcement move against organized cybercrime infrastructure in Southeast Asia.

2. Prominent Data Breaches & Cyberattacks

[01:02]

US Congressional Budget Office Hacked:
- Believed to be the work of a foreign APT.
- Stolen data includes emails and internal chat logs; investigation ongoing.
- Quote:
  
  “The office creates economic projections for proposed bills.” — Claire Aird [01:10]
Hungary’s Tisa Party Breached (Again):
- Details of over 200,000 users from the opposition party’s mobile app leaked.
- Second data breach this year.
- Party leader blames Russian hackers.

3. Sanctions on North Korean Hackers

[02:10]

Australia imposes financial sanctions and travel bans on one hacker and four related entities.
Targets include major groups: Kimsuki, Lazarus, Andariel, WannaCry developer Pak Jin Yeok, and Chosun Expo.

4. Singapore’s Extreme Anti-Scam Measures

[02:38]

Law amended to allow cane beatings as punishment:
- 6 to 24 lashes for scammers.
- Up to 12 for money mules.
- Quote:
  
  "Scams make up Singapore 60% of crimes reported in the country." — Singaporean Minister [02:47]

5. NSO Group Leadership Change

[03:13]

David Friedman, former Trump lawyer and US Ambassador to Israel, is now chairman after US investors acquire the company.
Intends to lift US sanctions against NSO and re-enter US markets.

6. Major Arrests and Law Enforcement Actions

[03:40]

Russian Initial Access Broker Pleads Guilty:
- Alexei Olegavich Volkov, aka "Chewbaccacore," sold network access to ransomware groups.
- Involved in 7 attacks, pocketed $1.5 million.
- Arrested in Rome; extradited to the US.
Arrests in Southeast Asia:
- Cambodia: 650+ suspects detained in cyberscam compound raids; focus on impersonation and investment scams.
- Singapore: Three Chinese nationals sentenced (min 2 years, 4 months) for gambling site hacks, data theft.

7. Cybercrime Prosecutions & Investigations

[04:13]

FBI Criminal Probe into Archive.is:
- Focused on its use to bypass news paywalls.
Samurai Wallet CEO Sentenced:
- Keon Rodriguez gets 5 years for laundering $237 million tied to criminal enterprise.
- CTO to be sentenced later in the month.
Crypto Bot Case in NY Mistrial:
- Brothers accused of exploiting bots and laundering $25 million using “novel trading strategy”; no verdict reached.

8. Global Data Sale and Privacy Concerns

[05:15]

Pakistan:
- Man arrested for selling millions of citizens’ data online; included sensitive ID and travel records.

9. Internet Policy and Regulatory News

[05:38]

EU GDPR:
- Proposed amendments would let users set cookie preferences at the browser/device level.
- Potential for huge fines for non-compliance.
Google Chrome Deprecates XSLT:
- XSLT support to be removed in Chrome 155 (due November 2026) for security reasons.
- Firefox and Safari to follow suit.

10. Spyware and Advanced Threats in the Middle East

[06:26]

New Android spyware campaign (Landfall) in the Middle East.
- Used Samsung zero-day, patched in April 2025.
- Attribution still unclear.

11. North Korean Hackers Targeting Human Rights Activists

[06:58]

"Connie APT" breaching PCs, spamming contacts via KakaoTalk and then wiping Android phones to limit traceability and victim response.

12. Security Vulnerabilities & Technical Trends

[07:25]

Django framework patched for a major SQL injection bug; highlights systemic risk to wide swaths of Python-based web apps.

13. Russian Internet Restrictions Escalate

[07:49]

Russia begins blocking Akamai CDN, causing disruptions.
- Foreign cloud providers required to localize operations or risk blocks.

Notable Quotes & Memorable Moments

On Singapore’s Anti-Scamming Law:

"Scammers could receive between six and 24 lashes and money mules up to 12." — Claire Aird [02:38]
On Myanmar’s Crackdown:

"Controlled demolitions at KK park in the city of Miwodi began on 23 October. 24 of the park's 250 buildings have been destroyed with dynamite by the local border force." — Claire Aird [00:17]
On Global Cyber Sanctions:

"Sanctioned entities include the Kimsuki, Lazarus and Andariel hacking groups. WannaCry developer Pak Jin Yeok and his employer Chosun Expo have also been sanctioned." — Claire Aird [02:25]
On the EU GDPR Cookie Changes:

"If passed, companies that ignore device level tracking consent could be fined up to 20 million euros or 4% of their annual turnover." — Claire Aird [05:55]

Key Segment Timestamps

[00:04] — Myanmar scam compound demolitions
[01:02] — Congressional Budget Office hack
[02:10] — North Korea hacker sanctions
[02:38] — Singapore’s anti-scamming legislation (caning)
[03:13] — NSO Group new chairman appointment
[03:40] — Russian access broker plea/Arrests in Cambodia and Singapore
[04:13] — FBI probe of Archive.is / Samurai Wallet sentencing
[05:15] — Pakistan data sales
[05:38] — EU GDPR cookie initiative
[06:26] — Landfall spyware / Samsung zero-day campaign
[06:58] — North Korean APT targets activists, Android wipes
[07:25] — Django SQL injection vulnerability
[07:49] — Russian blocks Akamai CDN
[08:15] — Chrome drops XSLT support

Risky Bulletin: Myanmar scam compound goes boom!

Powered by Wave AI

Summary

Risky Bulletin: Myanmar Scam Compound Goes Boom!

Episode Overview

Key Discussion Points & Insights

1. Myanmar Demolishes Major Scam Compound

2. Prominent Data Breaches & Cyberattacks

3. Sanctions on North Korean Hackers

4. Singapore’s Extreme Anti-Scam Measures

5. NSO Group Leadership Change

6. Major Arrests and Law Enforcement Actions

7. Cybercrime Prosecutions & Investigations

8. Global Data Sale and Privacy Concerns

9. Internet Policy and Regulatory News

10. Spyware and Advanced Threats in the Middle East

11. North Korean Hackers Targeting Human Rights Activists

12. Security Vulnerabilities & Technical Trends

13. Russian Internet Restrictions Escalate

Notable Quotes & Memorable Moments

Key Segment Timestamps

Summary

Summary

Risky Bulletin: Myanmar Scam Compound Goes Boom!

Episode Overview

Key Discussion Points & Insights

1. Myanmar Demolishes Major Scam Compound

2. Prominent Data Breaches & Cyberattacks

3. Sanctions on North Korean Hackers

4. Singapore’s Extreme Anti-Scam Measures

5. NSO Group Leadership Change

6. Major Arrests and Law Enforcement Actions

7. Cybercrime Prosecutions & Investigations

8. Global Data Sale and Privacy Concerns

9. Internet Policy and Regulatory News

10. Spyware and Advanced Threats in the Middle East

11. North Korean Hackers Targeting Human Rights Activists

12. Security Vulnerabilities & Technical Trends

13. Russian Internet Restrictions Escalate

Notable Quotes & Memorable Moments

Key Segment Timestamps

Summary