CyberWire Daily - Inside job interrupted.
Episode Date: November 24, 2025CrowdStrike fires an insider who allegedly shared screenshots with hackers. Google agrees, it wasn’t Salesforce. Cox Enterprises confirms Oracle EBS breach. Alleged Transport for London hackers plea...d not guilty. Hackers exploit new WSUS bug to deploy ShadowPad backdoor. Iberia discloses breach of customer data. Harvard discloses voice-phishing breach exposing alumni and donor data. We have our Monday Business Briefing. Our guest today is Brandon Karpf, friend of the show discussing maritime GPS jamming and spoofing. And the launderers who wanted a bank for Christmas. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Brandon Karpf, friend of the show discussing maritime GPS jamming and spoofing. Selected Reading CrowdStrike fires 'suspicious insider' who passed information to hackers (TechCrunch) Google says hackers stole data from 200 companies following Gainsight breach (TechCrunch) Cox Confirms Oracle EBS Hack as Cybercriminals Name 100 Alleged Victims (SecurityWeek) Teens plead not guilty over TfL cyber-attack (BBC) Attackers deliver ShadowPad via newly patched WSUS RCE bug (Security Affairs) Iberia discloses customer data leak after vendor security breach (Bleeping Computer) Harvard University discloses data breach affecting alumni, donors (Bleeping Computer) Doppel secures $70 million in a Series C round. (N2K Pro Business Briefing) Russia-linked crooks bought a bank for Christmas to launder cyber loot (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
AI agents are now reading sensitive data, executing actions, and making decisions across our environments.
But are we managing their access safely? Join Dave Bittner and Barack Shalef from Oasis Security on Wednesday, December 3rd, at 1-Py,
Eastern for a live discussion on agentic access management and how to secure non-human identities
without slowing innovation. Can't make it live? Register now to get on-demand access after the event.
Visit events.thecyberwire.com. That's events with an s.thecyberwire.com to save your spot.
What's your 2 a.m. security worry? Is it, do I have the right controls in place? Maybe are my vendors secure? Or the one that really keeps you up at night? How do I get out from under these old tools and manual processes? That's where Vanta comes in. Vanta automates the manual works so you can stop sweating over spreadsheets, chasing audit evidence, and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralized,
your data and simplifies your security at scale.
And it fits right into your workflows,
using AI to streamline evidence collection,
flag risks, and keep your program audit ready all the time.
With Vanta, you get everything you need to move faster,
scale confidently, and finally get back to sleep.
Get started at Vanta.com slash cyber.
That's V-A-N-T-A-com slash cyber.
CrowdStrike fires an insider who allegedly shared screenshots with hackers.
Cox Enterprises confirms Oracle EBS breach.
Alleged transport for London hackers plead not guilty.
Iberia discloses reach of customer data.
We have our Monday business briefing.
And our guest today is Brandon Karp, friend of the show.
discussing maritime GPS jamming and spoofing,
and the launderers who wanted a bank for Christmas.
Today is Monday, November 24th, 2025.
I'm Maria Vermazza, host of T-minus Space Daily,
in for Dave Bittner, as he's defrauded.
casting his turkey. And this is your Cyberwire Intel Briefing.
Thank you for joining me, everyone. Let's dive in.
CrowdStrike has fired an insider who allegedly shared screenshots of internal systems
with hackers, according to a report from TechCrunch. The scattered Lapsus hunters published
the screenshots in a telegram channel last week, claiming to have gained access to crowd
Strikes systems after breaching gain site. Crowdstrike says these claims are false, stating that,
quote, its systems were never compromised and customers remained protected throughout. The company
says the hackers obtained the screenshots from a malicious insider whose access has been
terminated. Bleeping computer cites a shiny hunters member who said the group offered the insider
$25,000 to grant access to Crowdstrikes networks, but the insider was detected and locked out before
they could do so. These details have not, however, been confirmed by CrowdStrike.
In related news, Google's Threat Intelligence Group reports that hackers accessed and stole data
from over 200 instances of Salesforce via third-party apps published by GainSight.
The campaign claimed by the Scattered Lapsus Hunters Collective, including Shiny Hunters,
exploited integrations, not the core Salesforce platform, to infiltrate high-profile
targets such as Dentor Sign, LinkedIn, and Verizon.
Salesforce says the breach, quote, is not the result of any vulnerability in the Salesforce platform.
U.S.-based global conglomerate Cox Enterprises has confirmed that its Oracle E Business Suite, or EBS, instance, was breached, leading to the theft of personal information belonging to nearly 9,500 individuals, according to a report from Security Week.
Cox is one of the more than 100 entities named by the Klop ransomware gang as victims of a campaign targeting a zero-day flaw in Oracle EBS.
Logitech, Harvard University, The Washington Post, Envoy Air, and Mazda have also confirmed that they were targeted by this campaign.
Mazda told Security Week, however, that its defenses prevented the attackers from exfiltrating information.
Two alleged scattered spider hackers have pleaded not guilty to charges related to last year's cyber attack against transport for London, according to a BBC report.
The defendants, 19-year-old Talha Joubert from East London and 18-year-old Owen Flowers from the West Midlands were arrested last year and charged with offenses under the Computer Misuse Act.
Flowers has also been charged with attempting to hack two U.S.-based health care entities,
The two defendants will be held in custody until their trial in June 2026.
Attackers have exploited a recently patched vulnerability in Windows server update services,
more commonly known as WSSS, and it is CVE 2025-59-287, rated as a CVSS score of 9.8,
enabling unauthenticated remote code execution at the system level.
Once inside WS-enabled servers, the adversary deploy.
the sophisticated backdoor shadow pad by chaining tools like Powercat, cert util, and curl to download and side load a malicious DLL, which then persists via scheduled tasks and system process injection.
SISA has added the flaw to its known exploited vulnerabilities catalog, and organizations using WSUS are urged to patch immediately, restrict access, and audit for abnormal activity.
Spanish airline Iberia has disclosed a breach affecting customers' names, email addresses,
and loyalty card identification numbers, according to a new report from bleeping computer.
The incident did not affect login credentials or financial details.
The airline has attributed the breach to a third-party vendor, saying in a statement,
quote, as soon as we became aware of the incident, we activated our security protocol and procedures,
and implemented all necessary technical and organizational measures to contain it,
mitigate its effects and prevent its recurrence.
The bleeping computer story also notes that a threat actor posted on a criminal forum
claiming to have stolen data from Iberia and offering to sell it for $150,000.
It is unclear if these claims are related, however, since the threat actor claimed to have
breached Iberia's own servers and stolen technical details related to aircraft.
Harvard University has disclosed that its alumni affairs and development
systems were compromised following a voice fishing attack on November 18, 2025, which allowed an
unauthorized party to access data related to alumni, donors, students, faculty, and staff.
The exposed information includes email addresses, phone numbers, home and business addresses,
donation and event attendance records, but notably not social security numbers, payment card data,
or financial account credentials. The university is working with law enforcement and
third-party cybersecurity experts and has begun notifying affected individuals.
And now it's time for your Monday business briefing.
Last week's business breakdown highlights just over $180 million raised across seven
investments and three acquisitions.
On the investment front, U.S.-based social engineering defense company Dopple raised
$70 million in a series C-round.
With this new funding, Dopple aims to expand its digital risk protection product portfolio.
alongside expanding its existing human risk management offerings.
Additionally, bedrock data, a U.S.-based data security firm, raised $25 million in a series A round.
Through this funding, the company aims to accelerate product development timelines
and invest in scaling its data security, integrations, classification, and AI governance.
Additionally, the company also aims to meet its growing enterprise demand for infrastructure,
platforms and software as a service, and AI systems at the multi-petabyte scale.
For acquisitions, Cloudflare announced its intention to acquire Replicate,
and that's a U.S.-based AI model development company.
Through Replicate, Cloudflare is looking to expand its Cloudflare workers' offering
to allow it to build scalable and reliable AI applications.
Additionally, Cloudflare aims to enable developers to access AI models across the globe with minimal code.
And that wraps up this week's business breakdown.
For deeper analysis on major business moves shaping the cybersecurity landscape, subscribe to N2K Pro, and check out thecyberwire.com every Wednesday for the latest updates.
Now make sure to stick around after the break because Dave Bittner and I recently sat down with Branden.
Karp, friend of the show, as we discuss maritime GPS jamming and spoofing.
And the launderers who wanted a bank for Christmas.
From fishing to ransomware, cyber threats are constant, but with Nordlayer, your defense can be
Nordlayer brings together secure access and advanced threat protection in a single, seamless platform.
It helps your team spot suspicious activity before it becomes a problem,
by blocking malicious links and scanning downloads in real time,
preventing malware from reaching your network.
It's quick to deploy, easy to scale, and built on zero-trust principles,
so only the right people get access to the right resources.
Get 28% off on a yearly plan at Nordlayer.com,
slash Cyberwire Daily, with code Cyberwire-28.
That's Nordlayer.com slash Cyberwire Daily, code Cyberwire-28.
That's valid through December 10, 2025.
Most environments trust far more than they should, and attackers know it.
Threat Locker solves that by enforcing default deny at the point.
point of execution. With Threat Locker Allow listing, you stop unknown executables cold. With ring
fencing, you control how trusted applications behave, and with Threat Locker DAC, defense against
configurations, you get real assurance that your environment is free of misconfigurations
and clear visibility into whether you meet compliance standards. Threat Locker is the simplest
way to enforce zero-trust principles without the operational pain. It's powerful protection that gives
CISO's real visibility, real control, and real peace of mind.
Threat Locker make zero trust attainable, even for small security teams.
See why thousands of organizations choose Threat Locker to minimize alert fatigue,
stop ransomware at the source, and regain control over their environments.
Schedule your demo at Threatlocker.com slash N2K today.
Dave Bittner and I recently sat down with Brandon Karpf, friend of the show,
as we discussed maritime GPS jamming and spoofing.
Here's our conversation.
It is my pleasure to welcome Brandon Karpf to the show.
He is the leader for international public-private partnerships at NTT.
Brandon, welcome.
Thank you.
I was good to be here, Dave.
And of course, Maria Vermazas, host of the T-Minis Space Daily podcast.
Maria, thank you.
Thanks for having me, Dave.
Glad to be here.
And I, Brandon.
You are a graduate of the U.S. Naval Academy, and as such, have actually spent time out at sea.
So our topic today is GPS maritime spoofing.
And what we're seeing around the world when it comes to our adversaries, taking advantage of the GPS system and their ability to jam it or block it or do the things.
want to do. Can I just start with you, Brandon, for folks who aren't familiar with GPS and the
reliance of it from folks at sea, how would you describe that? Yeah, sure. So from a high level,
starting with what is this thing that we all do rely on? And every aspect of our daily lives
and economy today relies on this brilliant innovation from the U.S. military developed around the
1970s, that was really designed to drop a precision guided munition on Moscow during the Cold War.
Not to put too fine a point on it.
Which was the whole point of this thing.
It's always great talking to you, Brandon.
And then, you know, the private sector started realizing, hey, we can do a lot with this.
And early days, GPS, you know, the resolution was down to a few meters.
and then over the last 20 years, the U.S. military opened up more reserve frequencies
that allowed our iPhones to geolocate us to within really centimeters,
you know, incredibly high fidelity location that has opened up literally,
I mean, literally trillions of dollars of economic value have been attributed to GPS.
So talk about a great investment for the government to, for the U.S. government to put,
you know, into the economy.
We've literally gained trillions of dollars.
But when it comes to specific areas of the economy, you know, think any sort of transportation, whether it's aviation or maritime, having the ability to precisely geolocate where you are on Earth to navigate around things like hurricanes or typhoons or things like sea state that is beyond the capabilities of your ship to do things like autonomous navigation, where you now have ships who are pretty much, you know, these days the large American.
time trade ships pretty much drive themselves you know they have a small crew who are there to
really bring it in and out of port other than that these ships really kind of just drive themselves all
of that relies on and requires the accurate GPS signals from our position navigation and
timing satellites and Maria on the space side of things that's what we're talking about here this
is a constellation of satellites you're right there there are several different ones GPS is the
US-owned one. I'm sure Brandon was going to get to that. But there are many different ones.
Galileo is famously the one that Europe has, and then China has its own. And I'm sure there's
others that I'm forgetting. And there's always more being added. But there are sort of in the
industry is called either PNT position, navigation and timing, as Brandon said, or GNSS is another one,
sort of as the generic. But often, when you say GPS, people know what you mean. So, yeah,
but there are a lot. And there are going to be increasingly more because many global economies are
realizing that these are extraordinarily valuable and they're being increasingly tied to many
different markets where you might not, in ways you might not expect. I'm always surprised to find
where else it's turning up and what else were, is totally dependent on these satellites being
accessible and working correctly. So let's talk about the implications for the maritime industry
and indeed the military. I mean, we've got, as you say, Brandon, these ships that are relying on
GPS, but it is evidently easy or not too hard to jam or spoof, which can throw ships off course.
Yeah, most definitely.
The signal characteristics themselves are actually incredibly basic.
And just with some commercial off-the-shelf technology, you can replicate specifically a GPS signal.
And again, as Maria mentioned, there are multiple different constellations.
All of them have their own signal characteristics.
but the GPS signal itself is an incredibly low power signal. It's not very complex in terms of
the modulation. It uses a very basic form of modulation. So again, this is something that you could
probably buy maybe $50 of off-the-shelf equipment and create a spoofed GPS signal. In fact,
I've even heard of some companies who are doing precision robotics doing this inside their own labs
of spoofing these signals or replicating these signals, which is technically illegal. Technically illegal.
But it's so easy to do that when you need to create some sort of robotics laboratory,
you can really do it with literally probably about $50 of equipment.
Now, the problem there is that not only are military ships and equipment,
and by the way, we didn't mention, but military ships heavily reliant on GPS,
not just where you are, but also deconflicting where you are with other ships,
but also your munitions, as we talked about the original intent of GPS,
These days, smart munitions all rely on GPS.
And so what you're seeing is increasing incidents of GPS spoofing and jamming,
which are different things.
And we could talk about the difference there.
But GPS spoofing and jamming really kind of took off by the Russians in the Eastern Mediterranean
during the conflict in Syria and the mid to late 2010s has really expanded in the war in Ukraine
around the Black Sea and Ukraine.
We've seen it in the Western Pacific around Taiwan and even in some of the Straits,
the Straits of Malacca, and we are starting to see it in areas like the Red Sea, the Straits
or Hormuz, et cetera. And even recently, some reports of manipulated GPS signals off the coast
of Venezuela. We've heard rumors of whenever Vladimir Putin is on board of a ship and board
a ship's location. So I guess to make it a more difficult target to find or something like that.
His short, certainly, his dacha in the mountains of Russia, similarly,
no GPS signals will work anywhere near that location.
And we have seen this, of course, with foreign leaders or dictators
who understand how easy it is to manipulate these signals,
but also how much the U.S. and U.S. allies rely on these
for our military intelligence operations
and how pretty much everything we have today
in terms of those more technical operations
rely on an accurate geolocated signal.
And so right now, this is starting to occur regularly.
And as I mentioned, it's pretty inexpensive and easy to do this.
Brandon, can I ask you to walk us through
the different modes of jamming or swoving?
Because I think we often, and I know I often get confused
and when I read various mainline news stories
about some person doing something with a Bluetooth device
to do something to GPS,
and I'm going, well, what exactly happened there?
And my understanding is there's actually a couple different ways
to achieve this, and they all kind of be a little bit different.
So can you walk us through them?
Sure.
So the first I'll talk about is really kind of the least sophisticated form of jamming,
which is really just putting a whole bunch of noise out into the atmosphere.
So imagine you and I are having kind of like a little whispered conversation,
and then someone else just turns on a radio super loud,
and you can't hear yourself think,
that is barrage jamming.
That is just the simplest form of jamming.
You're just putting so much noise into the atmosphere
that whoever's trying to receive the correct signal
can't really hear the right signal,
can't distinguish the signal for the noise.
And that's the simplest form,
really easy to generate that,
and you're just putting a whole bunch of energy out there under the world.
There are techniques for getting around that.
Again, that's relatively unsophisticated.
And so there are some interesting modulation techniques
that you can actually still extract the signal
from that kind of a noise.
But that is still a very effective technique.
And when it comes to GPS,
you're just denying the availability of a user of GPS.
No one's going to have GPS there.
Now, a little more sophisticated
is when you talk about more spot jamming,
which is if you know the frequencies
that someone is going to communicate on,
which GPS is an open standard now,
everyone knows those frequencies,
even if it's moving frequencies,
you can, instead of putting out just noise
across the whole spectrum,
put out noise specifically over those frequencies.
And in that way, you're actually being much more efficient
with the energy that you need and the resources you need to jam,
and you're being much more effective in terms of jamming
the specific frequencies being used by whatever user.
But still jamming.
You're just denying availability of that signal for someone to collect on it.
Now, the much more sophisticated type
is actual GPS spoofing.
And GPS spoofing is where you actually copy the GPS signal itself.
You copy the modulation, you copy the frequencies,
you copy the power level that someone expects to see,
because devices are actually pretty smart,
and there are ways of seeing,
okay, this signal I'm receiving seems too powerful,
and so let's just ignore it or filter it out.
And so a really effective, sophisticated GPS spoofer
is going to copy that modulation,
copy the frequency, copy the power level,
and replicate that out into the environment.
and give you just a slight timing delay.
And really, that's how the GPS signals work.
It's looking at the timing between you and multiple satellites,
you and multiple satellite transponders.
And if an adversary is spoofing that signal
and slowly introduces a timing offset
and slowly increases that timing offset over time,
the adversary is going to pull your GPS location
away from where it's supposed to be manipulating
where you think you are in the world.
That's so cool.
I hate that, that's my reaction.
Like, that's so smart.
And you can look up, you can look up, I mean, open source, you know, GitHub repos that do this,
you know, algorithms that do this, you know, any sort of software-defined radio has the ability to do this.
So one of the potential perils here that I've seen covered is that an adversary can, as you say,
lure a ship away from, say, an international shipping lane into an area where,
they shouldn't be, therefore giving that adversary an excuse to board that ship or fire upon
it. Certainly, right. And when you think about maritime, every country who has coastal regions
has this thing called an exclusive economic zone, and then this thing called territorial waters.
Your exclusive economic zone is within 200 nautical miles of your coast, and then territorial waters
is within 12 nautical miles of your coast. Certainly military operations are very sensitive not to infringe
upon that 12 nautical miles. Foreign nation military ships are not allowed to transit within 12,
that, you know, that territorial waters of a foreign nation without being invited. But that exclusive
economic zone is really, you know, gives that nation, you know, the nation permission to do
their fishing and mining and oil drilling, et cetera, without being infringed upon. And so certainly
the GPS spoofing would affect that, right, would affect a military's ability like ours, who's
doing something like a freedom of navigation operation, which is where we move a ship
between, say, Taiwan and mainland China and say, this is a free economic zone. Anyone can transit
here. We are participating in that freedom of navigation operation. But if the GPS signals
are spoofed in that area, it makes the U.S. military much more concerned that we might accidentally
infringe upon the territorial waters of a foreign nation. So they might be more sensitive to that
or pull further away.
Also just accurate navigation, right?
Ships are navigating based on charts
and shoal waters and other potential hazards.
And not having confidence in where you are
creates a massive amount of risk
that these ships might just not accept.
Brandon, when you were describing just the jamming
and spoofing techniques,
the thought that I had was we often shorthand talk
about these satellite hacking problems.
And it sounds like, yet again, it's really more a terminal, a ground terminal thing.
Is my read on that correct?
I mean, what is the mitigation here for, you know, somebody who's dealing with this in, you know, contested waters or whatnot?
Yeah, it is kind of a terminal, right?
Because it's all, you jam a receiver, not a transmitter, right?
When you jam something or spoof something, you are spoofing or jamming against the receiver, not the transmitter.
The GPS constellation is just a whole bunch of transponders in medium Earth orbit.
So, yeah, I mean, the problem is that the protocol itself, right, the modulation, the technology is so fundamental that it's just so easy to replicate.
But even if you did something much more complex, I mean, it could still be hacked, right?
You know, you can manipulate a cell signal using CDMA pretty easily.
You know, you see that all the time with like the cellular collection stingrays and things like that.
So that's even a more complex signal that's pretty easy to spoof.
So there are these things called navigation message authentications,
which essentially think of it like a digital signature, right,
where you can maybe sign the signal,
but that requires the receiver to have a little more processing power.
And so you're putting attacks on the terminal on the receiver
to actually do some calculation to take some CPU time
to authenticate these messages.
Really, that's to me really kind of the only solution here.
You know, those digital signatures, using kind of the techniques from authenticating communications
in network technologies and applying that to these GPS signals might be, I think, the best
solution.
That certainly has worked very well in terms of secure authentication in networks, secure software
updates, et cetera, making sure that the message you're receiving is actually coming
from who you think it's coming from.
To me, that's approved and a well-established solution in the network space probably applies quite well here also.
You mentioned earlier that the military at some point had opened up access to GPS.
And I remember when that happened, suddenly devices got a lot more accurate, as you say.
We're down to centimeter accuracy now.
Does the military have their own separate fallback on this?
are they still using the same system that all the rest of us use?
The military is very much using the same system that all the rest of us use.
There's been a lot of talk and some funding going towards the next generation of GPS.
And Maria, certainly, I'm curious what you've heard about this.
It's early days for those.
You know, there's a number of companies on those contracts.
But as of right now, military is totally reliant on the legacy GPS architecture.
Yeah, I was just thinking of that, because just as you mentioned it, Dave, I was
racking my brains. I'm like, I know I've been hearing a lot about this, and it still
does sound very preliminary to Brandon's point. But I want to say I've also been hearing about
putting P&T in low Earth orbit, which is an interesting idea. I guess the idea there'd be
more redundancy, but just because of where it would be versus in medium Earth orbit, I'm just
kind of like, how would that work? Someone's figuring it out. But it's like, why low Earth orbit
in that case? What would be the advantage there?
aside from proliferation, I would assume.
Yeah, I've heard that as a defense against some other elements,
which is that's not necessarily defending against jamming and spoofing.
Or kinetic stuff?
It's more kinetic stuff, right?
It's more attacks against the space-based architecture itself.
In lower Earth orbit, you need a lot more satellites,
but those satellites can be a lot less exquisite because they're a lot closer.
I mean, a lot, a lot closer.
I mean, low Earth orbit, we're talking about.
like 300 miles. Medium Earth orbit is like 12,000 miles or something like. So the amount of power
you need to transmit down to ground much less. But then again, you need a lot more satellites to
provide that proper coverage. But, you know, I've heard talks about putting it on some of these
mega constellations, et cetera, as well. Yeah. But I mean, some of the other techniques here are
going away from space-based solutions altogether. There are terrestrial-based solutions in
One of them is a legacy technology called Lowran, which was originally invented during the Cold War using a much lower frequency communication, but an over-the-horizon frequency range that would allow kind of, I mean, it's really hard to jam that, really hard to spoof that.
But unfortunately, that also requires much larger equipment, at least back in the day, to properly receive those signals.
So there are other ideas out there.
There's some quantum stuff that I've been reading about
in terms of navigation and laser-based inertial navigation.
I mean, tons of different technologies
that people are actively investing in right now
to try to solve this problem.
That was Brandon Karp, friend of the show,
discussing maritime GPS jamming and spoofing.
at talus they secure what matters most the most trusted companies and organizations utilize talus cybersecurity products to protect critical applications sensitive data and identities anywhere at scale through their innovative services and integrated platforms talus provides customers a greater visibility of risks the ability to defend against cyber threats
close compliance gaps, and deliver trusted digital experiences for billions of consumers every day.
That's Talas, T-H-A-L-E-S.
Learn more at CPL.tallisgroup.com.
At Desjardin, we speak business.
We speak startup funding and comprehensive game plans.
We've mastered made-to-measure growth.
an expansion advice, and we can talk your ear off about transferring your business when the time
comes. Because at Desjardin business, we speak the same language you do, business. So join the more
than 400,000 Canadian entrepreneurs who already count on us, and contact Desjardin today. We'd love to
talk, business.
On Christmas Day, 2024, a Russian
linked crime network gifted itself something far more festive. A 75% stake in a Kyrgyzstani bank.
The UK's national crime agency says that Mary Bank mispurchase became a convenient machine for
washing cybercrime profits and channeling money into Moscow's war chest. Operation destabilized
found the scheme began with low-paid couriers roaming 28 UK towns, collecting envelopes of cash from drug,
firearm and immigration crimes. That cash was then flipped into crypto and funneled through
Karamit Bank, the one that they bought, to support Promsvias Bank, Russia's military lender.
At the top were two laundering crews, smart, allegedly led by Akaterina Jadanova and TGR, headed by
George Rossi. Each leader worked alongside two partners, and all six are now sanctioned by the U.S. Treasury.
The network also crossed paths with figures linked to Russian intelligence,
including a group led by convicted spy Orlin Rusev,
and drew in Russian Moldovan oligarch, Elon Shore,
and his sanctions dodging crypto ventures.
Curiers have already been jailed,
including one caught with 750,000 pounds at home,
and another pair who laundered 6 million pounds
under the guise of war-related transfers,
With more than 120 arrests and millions seized, the NCA says its crackdown is tightening the pressure.
And the money launderers?
Oh, yep, they know it.
And that's the Cyberwire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
We'd love to know what you think of our podcast.
Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity.
If you like our show, please share a rating and review in your podcast app.
Please also fill up the survey in the show notes or send an email to Cyberwire at N2K.com.
N2K's senior producer is Alice Caruth.
Our producer is Liz Stokes.
We are mixed by Elliot Peltzman and Trey Hester with original music by Elliot Peltzman.
Our executive producer is Jennifer Ibin.
Peter Kilby is our publisher.
And I'm your host, Maria Varmazes, in for Dave Bittner.
Thank you for listening.
We'll see you tomorrow.
Thank you.
Thank you.