CyberWire Daily - Listening In on the listeners.
Episode Date: August 28, 2025The FBI shares revelations on Salt Typhoon’s reach. Former NSA and FBI directors sound alarm on infrastructure cybersecurity gaps. Google is launching a new cyber “disruption unit”. A new repo...rt highlights cyber risks to the maritime industry. A Pennsylvania healthcare provider suffers a data breach affecting over six hundred thousand individuals. Citrix patches a critical vulnerability under active exploitation. The U.S. sanctions a North Korean-linked fraud network. Ransomware is rapidly evolving with generative AI. Our guest is Brandon Karpf, speaking with T-Minus host Maria Varmazis connecting three seemingly disparate stories. Who needs a tutor when you’ve got root access? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest today is Brandon Karpf, friend of the show, founder of T-Minus Space Daily, and cybersecurity expert talking with T-Minus host Maria Varmazis. Brandon decided to do a stump the host play for this month's space and cybersecurity segment. Selected Reading Chinese Spies Hit More Than 80 Countries in ‘Salt Typhoon’ Breach, FBI Reveals (WSJ) NSA and Others Provide Guidance to Counter China State-Sponsored Actors Targeting Critical Infrastructure Organizations (NSA) Critical Infrastructure Leaders and Former National Security Officials Address Escalating Cyber Threats at Exclusive GCIS Security Briefing (Business Wire) Google previews cyber ‘disruption unit’ as U.S. government, industry weigh going heavier on offense (CyberScoop) Maritime cybersecurity is the iceberg no one sees coming (Help Net Security) Healthcare Services Group reports data breach exposing information of over 624 K individuals (Beyond Machines) Over 28,000 Citrix devices vulnerable to new exploited RCE flaw (Bleeping Computer) US sanctions fraud network used by North Korean 'remote IT workers' to seek jobs and steal money (TechCrunch) The Era of AI-Generated Ransomware Has Arrived (WIRED) Spanish police arrest student suspected of hacking school system to change grades (The Record) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
The DMV has established itself as a top-tier player in the global cyber industry.
DMV rising is the premier event for cyber leaders and innovators
to engage in meaningful discussions and celebrate the innovation happening in and around the Washington
D.C. area. Join us on Thursday, September 18th, to connect with the leading minds shaping
our field and experience firsthand why the Washington, D.C. region is the beating heart of
cyber innovation. Visit DMVRising.com to secure your spot.
Risk and compliance shouldn't slow your business down. Hyperproof helps.
helps you automate controls, integrate real-time risk workflows, and build a centralized system of trust so your teams can focus on growth, not spreadsheets.
From faster audits to stronger stakeholder confidence, Hyperproof gives you the business advantage of smarter compliance.
Visit www.hyperproof.io to see how leading teams are transforming their GRC programs.
The FBI shares revelations on Salt Typhoon's Reach.
Former NSA and FBI directors sound alarms on infrastructure cybersecurity gaps.
Google is launching a new cyber disruption unit.
A new report highlights cyber risks to the maritime industry.
A Pennsylvania health care provider suffers a data breach affecting over 600,000,
thousand individuals. Citrix patches a critical vulnerability under active exploitation.
The U.S. sanctions a North Korea-linked fraud network. Ransomware is rapidly evolving with
generative AI. Our guest is Brandon Karp, speaking with T-minus host Maria Vermazas, connecting
three seemingly disparate stories. And who needs a tutor when you've got route access?
It's Thursday, August 28th, 2025.
I'm Dave Bittner, and this is your Cyberwire Intel briefing.
Thanks for joining us here today.
The Wall Street Journal reports that the China-linked cyber campaign, known as Salt Typhoon,
reached far beyond U.S. telecom carriers, hitting more than 80 countries
and compromising sensitive data on a scale investigators hadn't grasped until recently.
FBI cyber chief Brett Leatherman told the journal the intrusion gave Chinese intelligence
access to more than one million call records,
as well as systems used by law enforcement for court-approved wiretaps,
a development that he called among the most consequential breaches in U.S. history.
The operation also swept up private calls and texts from over 100 Americans
and allowed potential tracking of citizens' movements worldwide.
U.S. officials say the campaign, active since at least 2019,
was more sweeping and indiscriminate than typical espionage operations.
While Beijing denies involvement, the FBI has issued new technical details,
details to companies and allies aimed at spotting Salt Typhoon's lingering presence in networks.
The NSA, along with U.S. and foreign partners, has issued a joint cybersecurity advisory,
warning that Chinese state-sponsored hackers are targeting telecommunications, government,
transportation, lodging, and military networks worldwide.
The advisory ties the activity overlapping with reporting on groups like Salt Typhoon,
to several China-based firms providing services to the Ministry of State Security
and the People's Liberation Army.
The report titled,
Countering Chinese State-Sponsored Actors,
Compromise of Networks Worldwide Defeat Global Espionage Systems,
Details The Hacker's Tactics, Techniques, and Procedures,
including methods for exploitation, persistence, data collection, and exfiltration.
It also lists exploited vulnerabilities and indicators of compromise.
The Global Cyber Innovation Summit recently hosted an exclusive security briefing at One World Trade Center on national security threats to U.S. critical infrastructure.
The invitation-only event gathered executives, former national security leaders, technologists, and policy experts for a discussion on rising cyber risks and defense strategies.
Bob Ackerman, G-CIS founder, opened the event, followed by McKinsey's Ida Christensen,
who highlighted a projected $31.1 billion global risk from OT breaches in the coming year.
A panel featuring former NSA director General Paul Nakasone,
former FBI director Christopher Ray, AEP CEO Bill Furman,
and Drago CEO Robert M. Lee explored how threat actors increasingly target industrial
systems through IT to O.T. Pivots. Keynote speaker Thomas Fanning stressed the need for collaboration
across IT, OT, and executive leadership. Speakers underscored that cyberattacks on infrastructure
risk not just data, but public safety. Google is launching a new cyber disruption unit
aimed at proactively interfering with malicious online operations, a move that comes as
U.S. policymakers and industry leaders debate the future of offensive cyber strategies,
Sandra Joyce, vice president of Google Threat Intelligence Group, said the effort will focus on
legal and ethical disruption and invited partners to join. The initiative reflects a broader
conversation about the balance between active defense tactics such as honeypots and more
aggressive measures like hacking back, which remain legally restricted. At a cybersecurity,
Policy Conference, former officials and industry leaders debated whether the private sector should
play a larger role in offensive cyber operations. While legislation to authorize private companies
remain stalled, some argue U.S. deterrence requires more direct action. Experts cautioned that
any shift must ensure measurable impact while avoiding uncontrolled escalation. The maritime industry,
which underpins 80% of global trade
is modernizing with automation,
remote monitoring, and advanced energy systems,
but those innovations are opening new cyber risks.
A new report from HelpNet Security says
ships and ports now face threats
ranging from ransomware to espionage
with vulnerabilities in operational technology,
navigation systems, and software supply chains.
Incidents such as the 2017 NotPetia attack on Marist,
which shut down 76 terminals, and recent ransomware hits on ports in Europe highlight the stakes.
State actors from Russia, Iran, and China are also accused of targeting maritime infrastructure,
while interference with satellite navigation and AI-powered cyberattacks present growing dangers.
With only 17% of shipyards reporting in-house cybersecurity expertise,
expert stress, workforce training, continuous risk assessments,
and stronger industry collaboration to build resilience across the global maritime sector.
Healthcare Services Group, a Pennsylvania-based health care support services provider,
has disclosed a data breach affecting over 624,000 individuals nationwide.
Attackers gained unauthorized access between September 27th and October 7th of 2024,
stealing sensitive data, including names, social security numbers, driver's licenses, state IDs, financial details, and account credentials.
HSGI reported the breach to the SEC in October of 24, later confirming stolen data in June of this year.
Notifications began August 25th, with victims offered 12 to 24 months of credit monitoring and identity theft protection.
A Citrix vulnerability is being actively exploited, leaving more than 28,000 net-scaler ADC and gateway instances exposed worldwide, according to CISA and Citrix.
The flaw, patched yesterday, allows remote code execution and was abused as a zero-day.
Most vulnerable systems are in the U.S., Germany, and the U.K., Citrix urges immediate upgrades as no mitigations exist.
Two other high-severity flaws were also disclosed.
Sisa has added the vulnerability to its known exploited vulnerabilities' catalog, requiring
federal patching by August 28th.
The U.S. Treasury has sanctioned a North Korean-linked fraud network that placed hackers in U.S. companies
by posing as job seekers.
Once hired, the operatives stole data, extorted employers, and funneled wages to Pyongyang,
generating at least $1 million for the regime.
The Treasury says North Korea launderes stolen funds
often via cryptocurrency to support its nuclear program.
Companies are now legally barred from engaging with the sanctioned parties.
New research shows ransomware is rapidly evolving with generative AI,
lowering barriers for cybercriminals and making attacks more effective.
Anthropic reports that hackers are using its AI models,
including Claude and Claude Code to write malware, craft extortion notes, and run ransomware
as-a-service schemes. One group, GTG-504, used Claude to develop ransomware sold for between
$400 and $1,200, despite lacking technical expertise. Separately, ESET identified PromptLock,
the first proof-of-concept AI-powered ransomware. While not yet deployed, it demonstrates how attack
can exploit AI to automate intrusions.
Experts warn that AI-assisted ransomware is still emerging,
but the trend points to faster, more sophisticated attacks with global implications.
Coming up after the break, Brandon Karp speaks with T-minus host Maria Vermazas,
about three seemingly disparate stories,
and who needs a tutor when you've got route access?
Stay with us.
Compliance regulations, third-party risks,
and customer security demands are all growing and changing facts.
Is your manual GRC program actually slowing you down?
If you're thinking there has to be something more efficient than spreadsheets, screenshots, and all those manual processes, you're right.
GRC can be so much easier.
And it can strengthen your security posture while actually driving revenue for your business.
You know, one of the things I really like about Vanta is how it takes the heavy lifting out of your GRC program.
Their trust management platform automates those key areas, compliance, internal and third-party risk, and even customer trust, so you're not buried under spreadsheets and endless manual tasks.
Vanta really streamlines the way you gather and manage information across your entire business.
And this isn't just theoretical.
A recent IDC analysis found that compliance teams using Vanta are 129% more productive.
It's a pretty impressive number.
So what does it mean for you?
It means you get back more time and energy to focus on what actually matters,
like strengthening your security posture and scaling your business.
Vanta, GRC, just imagine how much easier trust can be.
Visit Vanta.com slash cyber to sign up today for a free demo.
That's V-A-N-T-A-com slash cyber.
With Amex Platinum, access to exclusive Amex pre-sale tickets can score you a spot trackside.
So being a fan for life turns into the trip of a lifetime.
That's the powerful backing of Amex.
Pre-sale tickets for future events subject to availability and varied by race.
Turns and conditions apply.
Learn more at Amex.ca.
slash YMex.
Brandon Karp is friend of the show, founder of the T-minus Space Daily podcast,
and a cybersecurity expert.
He recently sat down with T-minus host Maria Vermazas
to connect the dots and stump the host
for this month's space and cybersecurity segment.
I'm going to try to convince you and all of your listeners
that these three seemingly unrelated articles
having to do with the space industry from the last 10 days
will represent a massive shift of wealth from Singapore to Greenland
in the next 10 years.
Okay.
Listeners, I just want you to know.
That is also all I know.
I've known nothing behind the scenes here.
So what articles are we talking about?
Let's start there.
All right, cool.
So I'll start with the headlines from these articles.
Voyager Technologies makes investment into AI software company, latent AI.
KSAT, which is Kongsburg Satellite Services, plans to take its ground network to space with hyper satellites in Leo.
Illyria reports milestones with tight beam laser communications.
Okay, so Voyager tech investment in latent AI,
KSAT plans, ground network with hyper satellites in Leo,
and Illyria's milestones with tight beam laser comms.
Okay, I'm stumped.
Aside from these are all headlines,
I know that we have covered on T-Minded Space Daily.
I have absolutely no idea what else would be the common thread here.
So regale me, Brandon, because I'm very...
So what is the common thread between these three things?
things, which are seemingly unrelated, and all from the last 10 days.
Yes.
And my argument is that these developments, which are really just representative of a number
of developments over the last few years, represents meaningful steps towards moving core
internet backbone traffic from terrestrial fiber lines to space-based architectures.
Introduced me to where and how Singapore and Greenland come into play here on that thesis.
We'll get there. Let's start with the technology developments themselves.
In my mind, right, this idea of shifting core internet backbone traffic from terrestrial fiber lines to space-based architectures really requires developments in three core technology areas.
The first being orbital data centers, right, data centers in space, being able to process data in situ in low Earth orbit.
Second is actually moving meaningful software technologies,
and that's going to come with investments in edge AI,
because edge AI is really just driving increased compute power.
With that increased compute power investment,
which we're trying to send to low Earth orbit,
which we've seen with this Voyager technologies investment,
is going to have to come developments in mostly like heat transfer technologies
and power generation technologies,
because both those systems, the GPUs,
CPUs generate tremendous amounts of heat and require tremendous amounts of power.
And so Voyager's investments in these types of companies, and there's a number of others
as well, will drive rapid changes and investment in creation of heat transfer technologies
and power generation technologies in space.
Now, the third area that is required to move meaningful amounts of internet traffic from
terrestrial systems to space systems is high-speed optical laser communications.
That is the most critical enabling technology.
Oh, okay.
I'm starting to see this thread up here.
And I'm just thinking, okay, I can think of recent missions for a lot of these.
Like, there's a mission going to ISS just recently about orbital data centers, which I was really amped about.
And I'm glad you brought up the ISS test bed as well because that's a partnership between Axiom Space and Red Hat.
Red Hat being the massive Linux Foundation organization.
And I didn't choose that one because that was originally announced a few months ago.
and I wanted to pick things
that were just announced
in the last 10 days.
But you're right,
that is going up like this week
or something like that.
Yeah, as is the time of this recording.
And that test case is orbital data centers
being tested.
It's a partnership between Axiom and Red Hat
and being tested on the ISS.
And so that's already going to introduce
new power generation systems,
heat transfer systems, et cetera,
for processing data in situ in space.
All right.
So we're talking about the...
We have in place in movement,
the required technologies for the core internet backbone traffic to go from terrestrial to space-based.
I'm working backwards.
Obviously, that will represent a whole bunch of interesting cybersecurity challenges, I would imagine, but I'm sure you'll get to that at some point.
Most definitely.
So can I ask about the Singapore Greenland thing yet, or are we still not there yet?
We're still not there yet.
We're going to get there.
You know, oftentimes when folks talk about moving Internet core.
backbone internet traffic from terrestrial fiber lines to space, people bring up the issue of
throughput, right? We just can't push enough data to make it worthwhile to shift transmissions
from the core undersea fiber lines, and that's massive, massive undersea fiber lines. We're
talking about terabits per second, terabits and terabits per second over those massive fiber lines
to a space-based architecture. However, developments in processing in space, as well as laser
communications, which Illyria is investing in, is getting us actually quite close to terabit
per second transmissions. And just this year, a group out of China successfully demonstrated 400
gigabits per second. And Illyria has plans and designs of getting up to one terabyte of data
per second across a single optical link. And so Illyria's recent milestones just from the other week
demonstrated that they're making meaningful steps. And just in the last six, seven years,
we've had a thousand X increase
in the amount of data
we can push over optical links.
That type of acceleration
is going to get us to
meaningful terabits per second
across optical links
within the next few years.
That is going to represent
enough throughput
to start shifting internet traffic
from terrestrial fiber cables
to space-based architectures.
And then also edge AI
coming into play here,
especially for space-based applications,
where you don't have to necessarily use all that throughput
because a lot of the processing is done on edge,
that's not going to necessarily be relevant for all applications, certainly.
But when we're talking about things that are requiring tons and tons of compute,
if you can do it in space instead of being like shipping the data back and forth over and over,
that's a big efficiency, right?
Exactly.
Big efficiencies gained more flexibility, right?
You're no longer requiring to send data through these terrestrial systems.
You're no longer worried about the fiber lines getting done.
cut by anchor chains of illicit fishing vessels. It's also more flexible in terms of
failover and shifting aggregate capacity onto different lengths. And more importantly, on top of all
of that, when you think about these constellations of thousands of satellites, you'll have
access to more than one optical link. You could have access to numerous terabit optical lengths
at a single time if you have ready access
to a meaningful ground station
for that type of communication.
Okay.
You know a question I want to ask now?
Yes.
Okay.
I think we're close enough.
I think we're there.
Singapore is just an illustrative example
of areas of centralized communications around the world.
There are many of these.
Djibouti is one of them.
Egypt is another.
The U.S. West Coast.
Even Brazil has some centralized areas
where it was convenient to drive all of the fiber lines
to one centralized processing region.
These actually typically mirrored traditional maritime shipping lanes.
Basically, what is the fastest way
to get from point A to point B across the ocean?
Well, that's where we also ended up laying fiber lines.
We don't need those maritime shipping lanes anymore
for space-based architectures.
And so where can you get the most efficient communications
from space to ground?
where is the least amount of interference,
where is the least expensive real estate
for ground stations for these optical links
in these proliferated low-earth satellite architectures,
more polar regions, not the equatorial regions.
And so I think that what we're going to see,
as these technologies develop,
and as you see Kongsberg investing in these optical ground stations
and actually deploying ground station-type services in space as well,
is an increase in investment in physical real estate in the polar region.
So anyone with Arctic or Antarctic access, so that could be Chile, that could be Norway.
I used Greenland because I thought it was funny to compare Greenland to Singapore.
But as investment shifts, you're going to see more and more technology companies, communications companies, etc.,
starting to invest in those regions as they can start getting core internet access through polar-based ground stations.
Hmm. So fascinating geopolitical implications of this, certainly, that I know we've been seeing in the news in the last year.
Most certainly. And a lot of folks, maybe we're laughing at the Trump administration for their potentially interest in taking over Greenland.
But there actually might be some strategic reasons for Western nations to build closer relationships with those regions of the world.
Yeah, that kind of is starting to make a little sense now.
We've barely touched on the cybersecurity implications of all this,
which I'm sure could take another hour if we wanted to get into it.
If you can do it in like three minutes, if that's even possible,
what are we looking at for maybe a thesis on what this could mean for cybersecurity implications?
Yeah, there are a few.
And first, I'll just talk about infrastructure, right?
When you have a ground station, you don't want to transmit data over a long distance.
So those regions will probably also see an increase investment in data centers
and terrestrial systems like that.
in internet service providers and telecom providers being in those regions as that architecture
continues to grow. That'll, of course, shift investment out of the traditional regions of centralization
for those things such as Singapore. That'll create some economic stress, of course, not necessarily
directly related to cybersecurity. However, it is relevant. What I will say, though, is that the use
of optical transmissions introduces a number of great security features. It is a tight meme type of
communication. So it is much more difficult to snoop and spoof a laser-based communication. So in terms
of the transport architecture itself, there's more security just by the nature of using an
optical link. Optical links can process faster, so more heavy forms of encryption and
cryptography can be used. So that could increase the security posture as well. There's also ways
of multiplexing signals across an optical link
that could make your signal much more difficult
to detect and intercept as well.
However, I would also say, though,
some of these regions that we're talking about,
the Norway's of the world, the Greenlands of the world, etc.,
are going to need, if my thesis comes to pass
in the next 10 years,
are going to need more investment in security
of their digital ecosystem.
You don't typically hear about those nations
when it comes to cybersecurity,
when it comes to having folks on the ground and security services and security forces in those
regions actually defending that infrastructure, that critical infrastructure.
And so it would be great to see those nations ahead of time starting to work with the U.S.,
with the U.K., etc., on critical infrastructure protection and how we can secure the physical
assets for the digital ecosystem.
Oh, so blue teamers, there's a bunch of job openings coming in some countries that you may not have
expected in the future. So I really enjoyed this version of Stump the host. You took me on a journey
and I appreciate that very much. Honestly, it's a really fascinating idea. I think you are on
to something legitimately. So thanks for this really great idea. I appreciate it. Yeah. It was
absolutely my pleasure, Maria. That was Brandon Karp speaking with T-minus host Maria Vermazes.
Be sure to check out the T-minus Space Daily wherever you get your favorite podcasts.
You hear from us here at the CyberWire Daily every single day.
Now we'd love to hear from you.
Your voice can help shape the future of N2K networks.
Tell us what matters most to you by completing our annual audience survey.
Your insights help us grow to better meet your needs.
There's a link to the survey in our show notes.
We're collecting your comments through August.
31st. Thanks.
Summer's here, and you can now get almost
anything you need for your sunny days delivered
with Uber Eats. What do we mean by almost?
Well, you can't get a well-groom lawn delivered,
but you can get a chicken parmesan delivered.
A cabana? That's a no. But a banana?
That's a yes. A nice tan.
Sorry, nope. But a box fan? Happily, yes.
A day of sunshine? No. A box of fine wines?
Yes. Uber Eats can definitely get you that.
Get almost, almost anything delivered
with Uber Eats. Order now.
and select markets. Product availability may vary by Regency app for details.
Bankmore oncores when you switch to a Scotia Bank banking package.
Learn more at scotiabank.com slash banking packages. Conditions apply.
Scotia Bank. You're richer than you think.
And finally, Spanish police say they've nabed a 21-year-old Civil University
student, who allegedly decided the best way to boost his grades wasn't through studying,
but through hacking the region's education system. Investigators claim he broke into the school
system's platform, quietly upgrading his own marks, and in a rare act of academic generosity,
adjusting classmates' scores too. Authorities say he also breached the email accounts of at least
13 professors across six universities, including those preparing next year's entrance exams.
His career as an unofficial registrar unraveled when staff noticed irregularities.
Police seized computer gear and a notebook detailing his handiwork.
The student now faces charges of computer intrusion, identity theft, and document forgery.
His exams, however, remain permanently failed.
And that's the Cyberwire.
For links to all of today's stories, check out our daily briefing at this Cyberwire.com.
We'd love to hear from you.
We're conducting our annual survey to learn more about our listeners.
We're collecting your insights through the end of August,
so there's only a few more days left to fill out the survey.
Please take a moment and do so.
There's a link in the show notes.
N2K's senior producer is Alice Carruth.
Our Cyberwire producer is Liz Stokes.
We're mixed by Trey Hester with original music by Elliot Peltzman.
Our executive producer is Jennifer Ivan.
Peter Kilpe is our publisher, and I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow.
Thank you.
I don't know.