Risky Bulletin: US Indicts Two Rogue Cybersecurity Employees for Ransomware Attacks

Podcast: Risky Bulletin
Host: Risky.biz (read by Claire Aird)
Date: November 5, 2025

Episode Overview

This installment of Risky Bulletin provides a rapid-fire roundup of the week’s most significant cybersecurity news. The central focus is the US indictment of two former cybersecurity professionals for orchestrating ransomware attacks against American companies—a case that highlights insider threats within security communities. Additional coverage includes global cybercrime cases, major data breaches, regulatory developments, and critical vulnerabilities.

Key Discussion Points & Insights

1. Headline Story: US Indicts Cybersecurity Employees for Ransomware

• [00:17] The US Justice Department has indicted Kevin Tyler Martin (ex-ransomware negotiator at Digital Mint) and Ryan Clifford Goldberg (ex-incident response manager at Signia), along with a third co-conspirator.
  • The group is accused of hacking into US companies and deploying ALFV ransomware.
  • They allegedly stole and encrypted data, extorting victims for over $1.2 million in ransom payments.
• Significance: Insider threats are not just a theoretical risk; even those in trusted security roles can be tempted.

2. Criminal Developer of Jabazus Banking Trojan Arrested

• [00:43] Yuri Ihorovich Rightsov, known online as "Mr. ICQ," was arrested in Italy 15 years after his Trojan group was active and extradited to the US.
  • Another Jabaz member already serving time; the leader received two concurrent nine-year US sentences.
• Quote:

  "The 41-year-old Ukrainian national was known online as Mr. ICQ." (Claire, 00:48)

3. Cyber Extortion in South Korean Massage Parlors

• [01:08] South Korea arrests a group for hacking local massage parlors:
  • Group tricked parlor owners into installing malicious apps.
  • Customer data was used to threaten and extort victims with video blackmail.
  • Net earnings: roughly $1.2 million from 62 victims across three years.

4. Indian Camera Hacking & Fetish Video Scheme

• [01:39] Indian police arrest suspects for hacking surveillance cameras in hospitals, schools, malls, and homes:
  • Exploited default or weak passwords to gain access.
  • Footage sold for up to $45 a clip via Telegram, later uploaded to fetish sites.

5. Organised Crime and Hacked Freight Firms

• [02:09] Criminal organisations collaborate with hackers:
  • Attack freight/trucking firms using remote access tools.
  • Perpetrators then bid for contracts, intercept shipments, and re-sell stolen cargo.
  • Quote:

    "The scheme involves hacking trucking firms...then bidding on freight haul contracts." (Claire, 02:13)

6. Large-scale Investment Fraud in the EU

• [02:37] Nine arrested in Cyprus, Spain, and Germany for scams netting over €600 million:
  • Lured victims through social media, cold calls, and fake celebrity endorsements.
  • Used fraudulent investment websites to steal funds.

7. International SMS Blaster Arrests

• [03:01] Two suspects in Cambodia arrested for using mobile SMS blasters:
  • Similar arrests took place in Switzerland and the Philippines.

8. University of Pennsylvania Data Breach

• [03:14] Major intrusion threatens to publicly release over 1.2 million financial donor records:
  • Started from an employee account compromise, then escalated.
  • Hackers mass-emailed students and staff about the breach.
  • Quote:

    "The intruders are threatening to release more than 1.2 million RESC records of financial donors." (Claire, 03:18)

9. Polish Loan Platform Super Grosch Breach

• [03:40] Hackers stole highly sensitive financial data, enabling possible future fraud:
  • Authorities urge affected citizens to secure their government ID numbers.

10. South Korea’s Largest Telco Compensates Breach Victims

• [03:58] Mediation panel mandates SK Telecom to reimburse 4,000 complainants with 300,000 won each.
  • Incident involved theft of SIM and personal data from over 23 million customers.
  • Company reports 90% drop in Q3 operating profit following the breach.

11. Crypto Heist at Balancer DeFi Platform

• [04:27] Hackers steal $128 million after compromising Balancer’s access controls:
  • Funds laundered through Tornado Cash.

12. CyberCorps Scholarship Program Policy Change

• [04:45] US CyberCorps extends job-seeking window for graduates:
  • Hiring freezes and layoffs put students at risk of defaulting on their obligations.
  • Quote:

    "Participants said they risked having to repay six-figure loans." (Claire, 04:53)

13. Australia Tightens Social Media Age Restrictions

• [05:03] Age blocks to apply to Reddit, Kik, Facebook, Instagram, X, YouTube, and others from December 10th:
  • All users under 16 to be barred from these platforms for compliance.

14. Microsoft Teams Vulnerabilities Patched

• [05:22] Four key bugs in Teams could allow impersonation, message tampering, and fake calls:
  • Check Point reported flaws in March; Microsoft patched them in October.

15. AMD Zen 5 RDSEED Randomness Weakness

• [05:44] Zen 5 CPUs generate flawed random numbers; kernel support disabled until AMD patches in November.

16. Critical POST SMTP Plugin Flaw Affects WordPress Sites

• [06:00] Over 400,000 sites at risk:
  • Remote attackers can access email logs and manipulate password reset processes.
  • Severity: 9.8/10.

17. Social Media Site X (Twitter) Profile Transparency Update

• [06:25] X to show creation date, country, name change count on profiles:
  • Aims to combat inauthentic engagement; mirrors Facebook/Instagram transparency features.
  • Quote:

    "Head of Product Nikita Beer says the change is designed to reduce inauthentic engagements." (Claire, 06:31)

Notable Quotes & Memorable Moments

• On Insiders Gone Rogue:

  "Two former employees of US cybersecurity firms have been indicted for deploying ransomware...they made more than $1.2 million in ransom payments." (Claire, 00:18)

• On Data Extortion Techniques:

  "The group tricked parlor owners into installing malicious apps...used to extort customers by threatening to release videos." (Claire, 01:13)

• On Industry Impact:

  "This week, the company told investors that the incident led to a 90% drop in operating profit for the third quarter." (Claire, 04:14)

Essential Timeline (Timestamps)

| Segment | Detail Example | Timestamp | |--------------------------|--------------------------------------------------------------------|-----------| | US cybersecurity indicted| “Two former employees… indicted for deploying ransomware…” | 00:18 | | Jabazus developer arrest | “Yuri Ihorovich Rightsov… arrested in Italy…” | 00:43 | | SK Massage parlor hack | “South Korean authorities… hacking massage parlors…” | 01:08 | | Indian camera hacking | “Multiple individuals arrested for hacking cameras…” | 01:39 | | Organised freight hacks | “Organised crime groups… infiltrate freight companies.” | 02:09 | | EU online scam arrests | “Nine people have been arrested in the EU…” | 02:37 | | SMS blaster arrests | “Two suspects have been arrested in Cambodia…” | 03:01 | | UPenn breach threat | “University of Pennsylvania has been hacked…” | 03:14 | | SK Telecom compensation | “Advised to pay 300,000 won to each customer…” | 03:58 | | Balancer crypto hack | “Hackers have stolen $128 million worth of crypto assets…” | 04:27 | | Age restrictions update | “Australia has expanded its upcoming social media age restrictions”| 05:03 | | Teams vulnerabilities | “Microsoft has patched four vulnerabilities in its Teams…” | 05:22 | | AMD Zen 5 flaw | “Chipmaker AMD has confirmed a weakness in the RD Seed…” | 05:44 | | WordPress plugin flaw | “More than 400,000 WordPress sites are vulnerable…” | 06:00 | | X (Twitter) transparency | “Social media site X plans to show more info about user profiles.” | 06:25 |

Summary Flow and Takeaways

This Risky Bulletin is a sweep of high-stakes security stories spanning criminal insider activity, global cyber-extortion, the persistent risk of default credentials, and mass scam operations. It accentuates the evolving criminal tactics facing businesses and consumers—from ransomware deployed by supposed defenders to elaborate scams fueled by breached data and weak infrastructure. The rapid-fire style keeps the audience alert to both immediate and future risks, while notable cases like insider cybercrime and mass credential breaches serve as cautionary tales for organizations worldwide.