Risky Bulletin: US Raids SIM Farm in New York

Podcast: Risky Bulletin
Host: risky.biz
Date: September 24, 2025
Summary prepared by: Catalyn Kim Panu, read by Claire Airdrop

Main Theme

This episode delivers a roundup of the latest cyber incidents and security updates, with a focus on a dramatic US Secret Service raid on a massive SIM farm operation in New York. The bulletin also covers ransomware attacks impacting European airports and major carmakers, sensitive data breaches, physical crimes facilitated by cyber attacks, critical infrastructure threats, and the latest in security patches and defenses.

Key Stories & Discussion Points

1. US Secret Service Raids New York SIM Farm

[00:09] The Secret Service seized 300 servers from five sites in the New York Tri-state area.
- The farm managed over 100,000 SIM cards.
- The investigation began after White House officials received death threats traced to the operation.
- Quote: “White House officials received anonymous death threats earlier this year from the sim farm, which prompted the investigation.” – [00:17]

2. European Airport Disruptions & Ransomware

[00:24] Ransomware attack disrupts European airports.
- The EU's cybersecurity agency identified the ransomware; law enforcement is on the case.
- Attack targeted Collins Aerospace, which operates self check-in kiosks.
- Disruptions expected for the rest of the week.

3. NPM Security Overhaul by GitHub

[00:37] GitHub mandates FIDO-based two-factor authentication for NPM package updates.
- This follows a recent supply chain attack and worm incident.
- Legacy NPM tokens are being deprecated in favor of new, short-duration tokens (7 days).

4. Ransomware Impact on Jaguar Land Rover

[00:48] Jaguar Land Rover halts production until October 1st due to ransomware.
- Impacted suppliers report potential bankruptcy risk.
- Losses surpass £50 million since early September.

5. Automotive Data Breaches

[01:01] Hackers steal customer contact info from Stellantis (Maserati, Jeep, Alfa Romeo, Fiat).
- Breach affected a third-party service provider.
[01:11] Digital Charging Solutions (DCS), a European EV charging firm, reports a breach.
- Unauthorized third-party accessed customer info.
- BMW and Kia notified as DCS partners.

6. Museum Gold Heist Linked to Cyber Attack

[01:23] €600,000 in gold nuggets stolen from the French Natural History Museum.
- Physical security (alarms, cameras) downed by preceding cyber attack.
- Quote: “The thieves appear to have known about the lack of surveillance.” – [01:32]

7. Retail and Transit Sector Attacks

[01:36] 400 Circle K stores in Hong Kong disrupted by a cyber attack.
- Only accepting Octopus card payments; email and loyalty down.
[01:47] Maryland Public Transport Agency investigates internal breach.
- Affected mainly call centers for on-demand and paratransit services.

8. Crypto Platform Hacked – Instant Karma

[01:56] UX Link crypto platform breached; ~$30 million in assets and trillions of custom coins stolen.
- The attacker themselves then fell for a phishing scam, losing $48 million.
- Quote: “In a rare case of instant karma, the attacker fell for a phishing attack shortly after the hack and lost $48 million.” – [02:04]

9. Failing Doxxing App Backfires

[02:10] Cancel the Hate – app to dox Charlie Kirk critics – leaks its own user data.
- Reporter intervention led to the app being taken offline.

10. EU Moves on Cookie Consent Law

[02:19] Proposed amendment to ePrivacy Directive would reduce required cookie pop-ups.
- Aims to simplify user experience and legal compliance.

11. Poland and Romania Threaten Hackback

[02:29] After attacks on critical infrastructure, Polish and Romanian officials publicly discuss retaliatory hacking capabilities.
- Polish Digital Affairs Minister:
  Quote: “Poland has threatened to hack back any country that cripples its critical infrastructure.” – [02:33]
Response to EU airport disruptions and Polish city water attack.

12. Crypto Fraud Ring Busted

[02:43] EU authorities dismantle Spanish and Portuguese organized crypto-fraud group.
- Stole over €100 million since 2018; suspects detained, accounts frozen.

13. Record DDoS Attack

[02:55] Cloudflare mitigates 22.2 Tbps DDoS attack—double previous record.
- Lasted 40 seconds; described as "hypervolumetric."

14. Security Updates and Vulnerabilities

[03:04] SonicWall releases firmware update for SMA appliances to remove rootkits.
- Hackers had abused compromised passwords for rootkit and ransomware deployment.
[03:13] Libre ESVA patches email gateway zero-day exploited by a foreign state.
- Vulnerability: command injection via crafted compressed email attachments.
[03:22] Two new bugs in Dassault Delmia Apriso manufacturing platform allow remote takeover.
- Attackers could create privileged accounts and upload web shells.
- Previous exploits in the same platform also noted by CISA.

Notable Quotes & Memorable Moments

“White House officials received anonymous death threats earlier this year from the sim farm, which prompted the investigation.” – [00:17]
“The thieves appear to have known about the lack of surveillance.” – [01:32]
“In a rare case of instant karma, the attacker fell for a phishing attack shortly after the hack and lost $48 million.” – [02:04]
“Poland has threatened to hack back any country that cripples its critical infrastructure.” – [02:33]

Key Timestamps

00:09 – US SIM farm bust: scale, methods, investigation trigger
00:24 – European airports ransomware and ongoing disruption
00:37 – NPM/GitHub new security requirements and changes
00:48 – Jaguar Land Rover ransomware impact
01:11 – DCS and partner breach notifications
01:23 – Physical gold robbery linked to prior cyber attack
01:56 – UX Link hack and post-hack attacker phishing
02:10 – Cancel the Hate app doxxes supporters
02:29 – Poland/Romania hackback rhetoric
02:55 – Cloudflare record-breaking DDoS mitigation
03:04+ – SonicWall, Libre ESVA, and Delmia Apriso vulnerabilities

This fast-paced bulletin encapsulates the evolving risks and interplay between digital and physical security, highlighting both large-scale criminal innovation and failures, as well as the global urgency for proactive cyber defense.

Risky Bulletin: US Raids SIM Farm in New York

Podcast: Risky Bulletin
Host: risky.biz
Date: September 24, 2025
Summary prepared by: Catalyn Kim Panu, read by Claire Airdrop

Main Theme

Key Stories & Discussion Points

1. US Secret Service Raids New York SIM Farm

[00:09] The Secret Service seized 300 servers from five sites in the New York Tri-state area.
- The farm managed over 100,000 SIM cards.
- The investigation began after White House officials received death threats traced to the operation.
- Quote: “White House officials received anonymous death threats earlier this year from the sim farm, which prompted the investigation.” – [00:17]

2. European Airport Disruptions & Ransomware

[00:24] Ransomware attack disrupts European airports.
- The EU's cybersecurity agency identified the ransomware; law enforcement is on the case.
- Attack targeted Collins Aerospace, which operates self check-in kiosks.
- Disruptions expected for the rest of the week.

3. NPM Security Overhaul by GitHub

[00:37] GitHub mandates FIDO-based two-factor authentication for NPM package updates.
- This follows a recent supply chain attack and worm incident.
- Legacy NPM tokens are being deprecated in favor of new, short-duration tokens (7 days).

4. Ransomware Impact on Jaguar Land Rover

[00:48] Jaguar Land Rover halts production until October 1st due to ransomware.
- Impacted suppliers report potential bankruptcy risk.
- Losses surpass £50 million since early September.

5. Automotive Data Breaches

[01:01] Hackers steal customer contact info from Stellantis (Maserati, Jeep, Alfa Romeo, Fiat).
- Breach affected a third-party service provider.
[01:11] Digital Charging Solutions (DCS), a European EV charging firm, reports a breach.
- Unauthorized third-party accessed customer info.
- BMW and Kia notified as DCS partners.

6. Museum Gold Heist Linked to Cyber Attack

[01:23] €600,000 in gold nuggets stolen from the French Natural History Museum.
- Physical security (alarms, cameras) downed by preceding cyber attack.
- Quote: “The thieves appear to have known about the lack of surveillance.” – [01:32]

7. Retail and Transit Sector Attacks

[01:36] 400 Circle K stores in Hong Kong disrupted by a cyber attack.
- Only accepting Octopus card payments; email and loyalty down.
[01:47] Maryland Public Transport Agency investigates internal breach.
- Affected mainly call centers for on-demand and paratransit services.

8. Crypto Platform Hacked – Instant Karma

[01:56] UX Link crypto platform breached; ~$30 million in assets and trillions of custom coins stolen.
- The attacker themselves then fell for a phishing scam, losing $48 million.
- Quote: “In a rare case of instant karma, the attacker fell for a phishing attack shortly after the hack and lost $48 million.” – [02:04]

9. Failing Doxxing App Backfires

[02:10] Cancel the Hate – app to dox Charlie Kirk critics – leaks its own user data.
- Reporter intervention led to the app being taken offline.

10. EU Moves on Cookie Consent Law

[02:19] Proposed amendment to ePrivacy Directive would reduce required cookie pop-ups.
- Aims to simplify user experience and legal compliance.

11. Poland and Romania Threaten Hackback

[02:29] After attacks on critical infrastructure, Polish and Romanian officials publicly discuss retaliatory hacking capabilities.
- Polish Digital Affairs Minister:
  Quote: “Poland has threatened to hack back any country that cripples its critical infrastructure.” – [02:33]
Response to EU airport disruptions and Polish city water attack.

12. Crypto Fraud Ring Busted

[02:43] EU authorities dismantle Spanish and Portuguese organized crypto-fraud group.
- Stole over €100 million since 2018; suspects detained, accounts frozen.

13. Record DDoS Attack

[02:55] Cloudflare mitigates 22.2 Tbps DDoS attack—double previous record.
- Lasted 40 seconds; described as "hypervolumetric."

14. Security Updates and Vulnerabilities

[03:04] SonicWall releases firmware update for SMA appliances to remove rootkits.
- Hackers had abused compromised passwords for rootkit and ransomware deployment.
[03:13] Libre ESVA patches email gateway zero-day exploited by a foreign state.
- Vulnerability: command injection via crafted compressed email attachments.
[03:22] Two new bugs in Dassault Delmia Apriso manufacturing platform allow remote takeover.
- Attackers could create privileged accounts and upload web shells.
- Previous exploits in the same platform also noted by CISA.

Notable Quotes & Memorable Moments

“White House officials received anonymous death threats earlier this year from the sim farm, which prompted the investigation.” – [00:17]
“The thieves appear to have known about the lack of surveillance.” – [01:32]
“In a rare case of instant karma, the attacker fell for a phishing attack shortly after the hack and lost $48 million.” – [02:04]
“Poland has threatened to hack back any country that cripples its critical infrastructure.” – [02:33]

Key Timestamps

00:09 – US SIM farm bust: scale, methods, investigation trigger
00:24 – European airports ransomware and ongoing disruption
00:37 – NPM/GitHub new security requirements and changes
00:48 – Jaguar Land Rover ransomware impact
01:11 – DCS and partner breach notifications
01:23 – Physical gold robbery linked to prior cyber attack
01:56 – UX Link hack and post-hack attacker phishing
02:10 – Cancel the Hate app doxxes supporters
02:29 – Poland/Romania hackback rhetoric
02:55 – Cloudflare record-breaking DDoS mitigation
03:04+ – SonicWall, Libre ESVA, and Delmia Apriso vulnerabilities

Risky Bulletin: US raids SIM farm in New York

Powered by Wave AI

Summary

Risky Bulletin: US Raids SIM Farm in New York

Main Theme

Key Stories & Discussion Points

1. US Secret Service Raids New York SIM Farm

2. European Airport Disruptions & Ransomware

3. NPM Security Overhaul by GitHub

4. Ransomware Impact on Jaguar Land Rover

5. Automotive Data Breaches

6. Museum Gold Heist Linked to Cyber Attack

7. Retail and Transit Sector Attacks

8. Crypto Platform Hacked – Instant Karma

9. Failing Doxxing App Backfires

10. EU Moves on Cookie Consent Law

11. Poland and Romania Threaten Hackback

12. Crypto Fraud Ring Busted

13. Record DDoS Attack

14. Security Updates and Vulnerabilities

Notable Quotes & Memorable Moments

Key Timestamps

Summary

Risky Bulletin: US Raids SIM Farm in New York

Main Theme

Key Stories & Discussion Points

1. US Secret Service Raids New York SIM Farm

2. European Airport Disruptions & Ransomware

3. NPM Security Overhaul by GitHub

4. Ransomware Impact on Jaguar Land Rover

5. Automotive Data Breaches

6. Museum Gold Heist Linked to Cyber Attack

7. Retail and Transit Sector Attacks

8. Crypto Platform Hacked – Instant Karma

9. Failing Doxxing App Backfires

10. EU Moves on Cookie Consent Law

11. Poland and Romania Threaten Hackback

12. Crypto Fraud Ring Busted

13. Record DDoS Attack

14. Security Updates and Vulnerabilities

Notable Quotes & Memorable Moments

Key Timestamps