CyberWire Daily - Prince of fraud loses crown.
Episode Date: October 15, 2025A record-breaking Bitcoin seizure. Patch Tuesday notes. Capita fined for unlawful access to personal data. Unity site skimmed by malicious script. Vietnam Airlines breached potentially exposing 20 mil...lion passengers. An automotive giant experiences a third-party breach. Tim Starks from CyberScoop is discussing how Sen. Peters tries another approach to extend expired cyber threat information-sharing. In our latest Threat Vector, David Moulton sits down with Harish Singh about hybrid work. And inside North Korea's blueprints for deception. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Tim Starks from CyberScoop is discussing how Sen. Peters tries another approach to extend expired cyber threat information-sharing law. Threat Vector Hybrid work has changed the game, but has your security kept up? In this segment of Threat Vector, David Moulton sits down with Harish Singh, Vice President and Global Head of Infrastructure and Application Management at Wipro, to unpack the evolving cybersecurity landscape at the intersection of digital transformation, SaaS expansion, and AI-powered operations. You can listen to their full discussion here, and catch new episodes every Thursday on your favorite podcast app. Selected Reading Feds Seize Record-Breaking $15 Billion in Bitcoin From Alleged Scam Empire (WIRED) Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 172 flaws (Bleeping Computer) Patch Tuesday, October 2025 ‘End of 10’ Edition (Krebs on Security) Capita Fined £14m After 2023 Breach that Hit 6.6 Million People (Infosecurity Magazine) Malicious Code on Unity Website Skims Information From Hundreds of Customers (SecurityWeek) Airline with over 20 million passengers a year involved in customer data breach (Daily Mail) Information Regarding Customer Data Breach (Vietnam Airlines) Auto giant Stellantis discloses data breach affecting North American customers (Top Class Actions) North Korean Scammers Are Doing Architectural Design Now (WIRED) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
We've all been there.
You realize your business needs to hire someone yesterday.
How can you find amazing candidates fast?
Well, it's easy.
Just use Indeed.
When it comes to hiring, Indeed is all you need.
Stop struggling to get your job post.
noticed. Indeed's sponsored jobs helps you stand out and hire fast. Your post jumps to the top
of search results, so the right candidates see it first. And it works. Sponsored jobs on Indeed
get 45% more applications than non-sponsored ones. One of the things I love about Indeed is how
fast it makes hiring. And yes, we do actually use Indeed for hiring here at N2K Cyberwire. Many
of my colleagues here came to us through Indeed.
Plus, with sponsored jobs, there are no subscriptions, no long-term contracts.
You only pay for results.
How fast is Indeed?
Oh, in the minute or so that I've been talking to you, 23 hires were made on Indeed,
according to Indeed data worldwide.
There's no need to wait any longer.
Speed up your hiring right now with Indeed.
And listeners to this show will get a $75-sponsored job credit to get your job.
more visibility at indeed.com slash cyberwire.
Just go to indeed.com slash cyberwire right now
and support our show by saying you heard about Indeed on this podcast.
Indeed.com slash cyberwire.
Terms and conditions apply.
Hiring?
Indeed is all you need.
A record-breaking Bitcoin seizure.
Patch Tuesday notes.
Capita fined for unlawful access to personal data.
Unity site skimmed by malicious script.
Vietnam Airlines breached potentially exposing 20 million passengers.
An automotive giant experiences a third-party breach.
Tim Starks from CyberSoup is discussing how Senator Peters
tries another approach to extend expired cyber threat information
sharing. In our latest threat vector, David Moulton sits down with Harish Singh about hybrid work
and inside North Korea's blueprints for deception.
Today is October 15, 2025. I'm Maria Vermazas, host of N2K's T-minus Space Daily, taking the
mic for Dave Vittner.
and this is your Cyberwire Intel Briefing.
Thank you for joining me on this Wednesday. Let's dive in.
U.S. and UK law enforcement have seized approximately 127,271 Bitcoins, valued at around
$15 billion U.S. dollars linked to the so-called Prince Group scam empire.
This marks the largest cryptocurrency seizure in U.S. history.
Authorities alleged at the group run by Cambodian-based operator Chenji operated large-scale pig-butchering scams,
also known as romance or investment frauds, enforced labor camps across Southeast Asia.
The crackdown also includes sanctions on 146 entities tied to the criminal network
and the freezing of luxury properties in London.
While Chenji remains at large, officials say that the move targets,
financial backbone, sustaining one of the most expansive cyber fraud operations ever identified.
Yesterday, Microsoft issued patches for 172 vulnerabilities, including six zero-day flaws,
according to a report from bleeping computer. Three of the zero-days are actively being
exploited, while the others were publicly disclosed before a patch was available.
Krebson security notes that this is the last month that Windows 10 will receive security
patches unless customers enroll in the extended security updates program.
The operating system has officially reached end-of-life, and the Register reports that Adobe
has fixed 36 vulnerabilities in its products, including several critical remote code
execution flaws.
SAP has issued 13 new security notes and updated four previous security notes.
Three of the flaws are deemed critical.
Security Week notes that Fortinette and Yvante have also fixed high-severity flaws.
Capita, which is a major UK outsourcing and IT services firm, has been fined 14 million pounds
by the UK Information Commissioner's Office for a 2023 data breach affecting over 6.6 million
individuals. The breach involved on lawful access to personal data, including names, addresses,
phone numbers, and sensitive identifiers, all stemming from inadequate security measures
at a third-party provider. The Information Commissioner's Office, or ICO, ruled that Capita
fail to take appropriate technical and organizational measures to protect the data, particularly
during transfers to and from its subcontracted systems. The penalty reflects both the scale of harm
and the company's level of responsibility as data processor and controller. Capita has committed
to improving its security posture and embedding stricter oversight over subcontractors.
A malicious script was discovered on Unity's website that skimmed sensitive information from
hundreds of users during checkout for asset packages. The information included names,
email addresses, phone numbers, and credit card details. Security Week reports that the injection
persisted for at least five days in August, and the script targeted Unity Store and Asset Store
services. Unity confirmed the incident and stated that it had removed the code and launched an
investigation, though it did not publicly disclose the full extent of the data exposure. The company
advised defected customers to monitor financial accounts and consider changing their credentials.
The personal data of potentially 20 million Vietnam Airlines passengers were exposed due to a security
breach. The threat actor may have accessed certain customer data, but the airline says the breach did
not affect payment information, passwords, travel itineries, Lotus Mile balances, or passport
details. The airline attributed the exposure to unauthorized access within third-party systems
that interface with its operations.
While the company insists that it is investigating,
it has not fully disclosed the breach's scope
or whether those affected have been notified.
The incident reportedly involves the airline's Salesforce instance
and the Scattered Lapsis Hunter's group
has claimed responsibility for the attack.
Stalantis, which is the automotive giant behind brands
like Jeep and Chrysler,
confirmed a data breach via a third-party service provider
supporting its North American customer service operations.
The exposed data was limited to basic contact details like names, email addresses, and phone numbers,
and did not include financial or deeply sensitive personal information.
That said, while the company has initiated its incident response, notified, affected
customers, and engaged authorities, it did not specify how many individuals were impacted.
The breach arises amid a broader uptick in cyber attacks that are targeting automakers and their
third-party connectors.
Coming up after the break, Dave Bittner is joined by CyberScoops, Tim Starks,
to unpack Senator Peter's latest push to revive a key cyber threat information-sharing
law.
Then, in our CyberVector segment, Y-Pro's Harish Singh joins David Moulton to explore
how hybrid work, FAS, and AI, are reshaping the cybersecurity game.
And North Korea's blueprints for deception.
Stick around.
What's your 2 a.m. security worry?
Is it, do I have the right controls in place?
Maybe are my vendors secure?
Or the one that really keeps you up at night?
How do I get out from under?
these old tools and manual processes.
That's where Vanta comes in.
Vanta automates the manual work,
so you can stop sweating over spreadsheets,
chasing audit evidence,
and filling out endless questionnaires.
Their trust management platform
continuously monitors your systems,
centralizes your data,
and simplifies your security at scale.
And it fits right into your workflows,
using AI to streamline evidence collection,
flag risks, and keep your program audit ready.
all the time.
With Vanta, you get everything you need to move faster, scale confidently, and finally, get back to sleep.
Get started at Vanta.com slash cyber.
That's V-A-N-T-A-com slash cyber.
And now a word from our sponsor, Threat Locker, the powerful zero-trust enterprise solution that stops
ransomware in its tracks. Allow listing is a deny-by-default software that makes application
control simple and fast. Ring fencing is an application containment strategy, ensuring apps can
only access the files, registry keys, network resources, and other applications they truly
need to function. Shut out cybercriminals with world-class endpoint protection from threat locker.
Today, Dave Bittner is joined by CyberScoops Tim Starks to unpack Senator Peter's later's push to revive a key cyber threat information sharing law, and here is their conversation.
And it's always my pleasure to welcome back to the show, Tim Starks. He is a senior reporter at CyberScoop.
Tim, welcome back.
Hi, Dave.
So as you and I are recording this, we are still in the midst of a government shutdown, and that has led to the
cybersecurity and information sharing act of 2015 expiring.
There's been a senator who's trying to address that issue, and you've reported on it.
What's the latest, Tim?
Yeah, the latest is that Senator Gary Peters, who's the top Democrat on the Homeland Security
and Governmental Affairs Committee, has introduced a new bill to try and plug this gap.
He did two very important things with it that were simply beyond just trying to extend.
extend it for 10 years, which is the base bill that he introduced at an earlier point this year,
one of the first initiatives to try to actually address this expiring law. First, it makes its provisions
retroactive to October 1st, which is when the law expired. And maybe the most important part for me,
just as a reporter, renaming the thing. Let's dig into that because it sounds silly, but it is
actually important. Yeah, I'm obviously being a little comedic about it, but this is actually
something that might be affecting things. So the Cyber Security Information Sharing Act
shares an acronym with the Cybersecurity and Infrastructure Security Agency. And this has been
causing confusion for anybody who talks about either of these things. But according to Senator Peters,
who talked with some reporters about this, it's actually probably complicating
the chances of it passing, that there's been some confusion, he said, with some Republicans
who have animosity with Sissa the agency, not the law, over their belief, much denied by
people who worked at Sisa at the time, that they were engaging in anything like social media
censorship.
So because there's been some confusion, and there have been times where I've been hearing
when I've heard Senator Rand Paul talk about this, and he's, of course, a very important person,
he is the chairman of the Homeland Security and Government Affairs Committee, who has been
causing some some hiccups on getting this going um he has talked about sissa like he's talking
about cissa 2015 and vice versa he's talked about cissa like he's talking about cissa yes when he's
actually talking about cissa yes you could see you could see how complicated this gets right the
right to talk about for anybody um you know he uh he clearly has some problems with cissa the agency
he has not said hardly anything about what he thinks about cissa the law outside of his original
objections to it in 2015. He doesn't seem to any longer have major issues with it,
although he is, you know, we can get into some of the details of this. He has proposed his own
version of this that leaves out some of the protections that the law provided. Nonetheless,
I have spoken to him directly and asked him, when you talk about reauthorizing SISA,
are you talking about Sisa 2015 or the agency Sisa? And he said directly Sisa 2015.
So maybe Senator Peters misunderstands. Maybe Senator Paul has understood it sometimes and not other times,
but the naming is important so the new name would be the protecting america from cyber threats act
a pact act there's a house bill i forget what the name what the acronym uh stands for but it would
be the winwig act act is a little catchier yeah um winwick doesn't seem to have any
significance in terms of its meaning pact seems pretty obvious right we're talking about an agreement
so that's that is what this bill does can we touch on the the free speech element of this because
there's talk that any version that's going to pass may have to include this or at least
acknowledge it yeah it's you know senator paul um is has always been he talks on he talks a great
deal about free speech is one of his you know big big issues he he's a libertarian who his
his politics can get a little murky at times but but what it seems like he's saying at least for
this bill is that he wants he wants a sure
that SISA will not, SISA the agency, will not conduct any censorship as a condition
for passing a SISA 2015 reauthorization. So he put forward a bill at the end of September
that would basically do that, combine those two things. It got a little, it ran into some
difficulties because the provisions on free speech weren't that popular with everyone. Not that
anybody was saying, we don't like free speech, but they were thinking this was sort of an unnecessary
very unrelated. Some people don't even think, you know, especially on the Democrat side,
that it even was a problem for assist of the agency. But also the industry groups and
cyber pros who took a look at it, said, actually, this might actually lead to less sharing
because there were fewer legal protections. So it kind of, it basically, what my understanding
from my reporting extensively was that the industry groups and Republicans were going to make it
difficult for Senator Paul to pass his version of the bill, so they pulled the markup.
Senator Paul's office says that's not the case. They say Democrats wanted to delay.
I asked Senator Peters about this just a couple days ago. Did you guys ask for delay?
He said, absolutely not. We're the ones who want to get this going.
Have you heard any indications that the expiration of SISA 20205 has led to folks dialing back
their information sharing? Yeah, so I've talked to a few people. You know, the
people who I've talked to, it's either not on their radar. I'm talking about cybersecurity
companies that you would think it would be on their radar. So that would be one hint that it's
actually not that big a deal. Politico had a story where they talked to some cybersecurity companies,
most of whom kind of duck the question. I talked to Michael Daniel, who's the head of the
Cybersecurity Threat Alliance, and that organization is a little different because they say,
if you're going to be a member and the members are cybersecurity companies, you need to commit to
sharing cyber threat data. So they have contractual implications. But, you know, despite Michael
Dingham having warned to me and in other venues that he's concerned that CESA 2015 expiring
would lead to some potentially very devastating consequences, he did talk about them in a more
of a theoretical standpoint. And what he's saying now is we're only kind of in the first few hours
of this really in the lifespan of a 10-year law that it has gone away. We're probably not going to
see major changes in people's behavior until people start to get worried that this is not going
to be saying this is basically not going to be revived in any way to perform we'll see um you know
senator peter said that he's talking to people who are really nervous about it but that's a that's a
big kind of a far cry from from nervous to actually stopping sharing um so right now the evidence
of stopping sharing isn't there it doesn't mean it's not happening it's just as of this time it
doesn't we don't have evidence that people have stopped sharing so when
the government eventually opens up again. Where does something like this sit on the timeline of
priorities of all the things that need to happen when the government opens up again?
Yeah, I think it kind of depends, honestly, on the degree to which any deal for reopening the
government includes any kind of short-term reauthorization. You know, as a long-time follower of
Congress, they are a little bit like me in college. We're waiting until the very last minute to write
the term paper.
So what might happen is, you know, the continuing resolution that had gone through the
House, that didn't make it through the Senate.
But that had had some provisions to extend SISA for a couple months, SISA 2015 for a couple
months.
And if that had been the case, I think we would have seen lawmakers really put their nose
to the grindstone and try to get something before that expiration because appropriators don't
tend to want to keep extending things for people over and over again for months.
for a few months at a time, they kind of are like, we'll give you a little help,
but we don't want to keep doing this for forever. You need to go fix this.
So I think there will be some urgency if there is a deadline given in any kind of short-term
reauthorization, assuming we get one, which I do at this point, assume we'll get one.
You can never predict Congress, but that's my assumption.
If the CR is long ways away, or if the CR doesn't include this authorization,
throw all those predictions at the window.
You know, it gets difficult for anything standalone to make it through the Senate
unless it's constituents are yelling and screaming.
Everybody's on a five alarm fire because any one person can stop it.
And that's what's been happening.
So since 2015, you know, there been attempts on the floor to make it so that, you know,
hey, let's pass this by voice vote.
Well, Senator Paul has been objecting.
So it gets difficult unless you can hit a ride on something unless you get everybody on board.
So that's where things get a little complicated.
I wouldn't be surprised if we see a short-term authorization at some point.
But when we get a long-term authorization, that's a little more difficult to anticipate.
All right.
Well, as we love to say, time will tell.
You love it.
You love getting that thing.
Tim Starks is senior reporter at CyberScoop.
We will have a link to his coverage in our show notes.
Tim, thanks so much for taking the time for us.
Thank you, Dave.
That was Dave Bittner, joined by CyberScoops, Tim Starks,
to unpack Senator Peter's latest push to revive a key.
cyber threat information sharing law.
On our threat vector segment now,
WIPOs, Harish Singh, joins David Moulton to explore how hybrid work,
SaaS and AI are reshaping the cybersecurity game.
Hi, I'm David Moulton, host of the Threat Vector podcast.
where we break down cybersecurity threats, resilience, and the industry trends that matter the most.
What you're about to hear is a snapshot of my conversation with Spencer Thielman,
principal product manager of Palo Alto Networks where he leads AI runtime security.
Spencer's team tracks AI applications across the enterprise landscape.
What his team discovered reveals the scope of this challenge.
Last December, they cataloged 800 AI applications.
By May, that number hit 2,800.
That's 250% growth in just five months.
Meanwhile, over half of enterprise employees now use generative AI apps daily
and up to 30% of what they send contains sensitive data.
If you're still thinking AI security is a future problem, you're already behind.
Spencer, welcome to ThreatVector.
I've been excited to have you here.
I've been dying to have this conversation with you for weeks.
So happy to be here, looking forward to it.
How should enterprises think about their AI security strategy?
And maybe what are the most impactful mental models that you use?
Certainly.
So before we get into this, I think it's always important to start with why we do what we do.
And in the context of AI, like our why, is that we believe that the benefits of AI are profound, but so are the risks.
And we therefore have a kind of like moral obligation to help our customers.
Capture the power of AI, but do so safely and securely, right?
So that's where we're always coming from when we have these kind of conversations.
And the way that we think about this is that you can break enterprise AI security down into basically two pillars.
The first is I need to think about how to secure my employee use of generative AI SaaS apps like chat, GPT,
perplexity, and grammarly.
That's the first part.
And the second piece is, how do I go about securing the AI apps, models, and agents that I'm running in my own cloud environment?
That could be AWS, Google Cloud, Azure, on-prem, or some.
other variation of those. So those are the two things that matter. What are my employees doing?
How can I control that and have deep visibility into it? The other piece is, how do I secure the
AI apps models and agents that I run in my own cloud environment? That's how we kind of split up
the problem, so to speak. All right, let's shift gears a little bit and talk about holistic
AI security. How do you break down the pillars of AI security? I know we've got model scanning,
AI, red-teaming, posture management,
LLM security, agent security.
Am I missing another big area that we should talk about today?
So we break AI security down into five pillars.
And again, I want to re-center this to the mental model
that's guiding the whole conversation.
Whenever we speak about securing AI,
it's about thinking about how employees are using generative AI SaaS apps.
We just covered that in last 10 minutes or so.
And then the second piece is,
how do I go about securing the AI apps,
the models, and the agents that I'm running,
in my own environment or that I've built, right?
And for that second problem, to secure like enterprise AI, apps, models, and agents,
we've constructed kind of five pillars that define this.
The first is model scanning.
So I want to scan my model files to make sure that my models don't do things like contain
malware or are vulnerable to do serialization attacks.
And I want to do it as part of my ops process so that bad models don't ever even end up in production.
We scan them before they go to prod.
That's the first piece.
And the second part is looking at AI apps, models, and agents at the posture level.
Great example of this with agents is like looking at their permissions.
Are they excessive?
If yes, let's scope those down.
That's the second piece.
The third part is red teaming.
Here we want to attack AI apps, models, and agents to see which threats go through and which don't,
which then informs the runtime security part of AI security.
So once you've made sure that the model file is free of threats,
that it's secure at the posture level.
You've re-teamed it to understand which threats go through.
Then it's time to secure, like, let's say, that AI app at runtime.
By looking at inputs and outputs to it, prompts and model responses, for example,
and checking for threats like, prompt injections, sensitive data, malicious URLs, and the like.
And then the final piece of all of this is AI agent security,
which kind of spans across the preceding four columns,
but agent security is primarily broken down into runtime, security, and posture.
Sure. And a great way to think about agent security is that it's kind of a superset of large language model security.
Every threat that applies to large language models applies to agents, but because of what agents are, and we can talk about that, there's kind of a broader threat surface here.
Well, let's just hop right into it. When you're talking about an AI agent, how do you define that? What are the bounds? What's not an agent maybe?
Certainly. So last year was all about chat bots, right? And if you think about what is a chatbot, it's an inherently passive interface.
right? I ask a question, the chatbot runs inference, something comes back to me. And then the interaction is over until I ask another question. But agents differ in the way that they take action on behalf of users and organizations. A good working definition for an agent is that it's an application that's autonomous, has the ability to reason, and to take action in pursuit of a goal. I'll give you an example for my personal life to maybe make this a little bit more real. So a few weeks ago, I went to Las Vegas.
to see one of my favorite bands at the sphere, dead in company. And as an experiment, I had a chatbot
determined the entire trip, where I stayed, which restaurants I saw, et cetera, because I wanted to
experience the city that I'd been to many times, kind of through a new lens. So the chatbot told me
what to do, where to stay, where to go. But I couldn't book any of that. I then had to spend
about an hour on Expedia, Uber, open table, et cetera, to kind of construct that trip from beginning
to end. An agent could do that for me. I could tell my agent, hey, here's my budget.
Here's what I like.
Here's what I don't like.
Go construct this for me.
And the agent would interact with APIs, again, for Expedio, Uber, OpenTable, et cetera,
to just kind of put that together for me.
And it's that autonomy that make agents profoundly powerful.
I work with some enterprise customers, for example, that kind of leapfrog chatbots.
Chappots weren't really interesting to them, but agents are because of the productivity
and efficiency gains that they can leverage.
Because now you have, again, almost like a synthetic virtual employee that's interacting on your behalf.
That's a really big moment.
for the notion of work.
But it carries these risks, because in order to do what an agent does, it needs to be autonomous.
It needs to have memory, and it needs to interact with your tools.
All three of those carries some novel risks that we actually outlined in a paper called the OASP AI Agent Threat Report,
things like tool misuse, memory manipulation, and cascading hallucinations.
I'll give you just one example, right?
So let's say that one of your employees has gone and built an agent in Microsoft Copilot Studio.
And it's designed to kind of ingest leads and send them to Salesforce, right?
That's a pretty common workflow.
But what if its permissions are excessive?
What if it could delete records in Salesforce, right?
It probably shouldn't be able to do that.
An agent shouldn't be able to go drop tables in Salesforce, right?
Because the impact of that could be destructive.
What we need to do is look at here's all the things that an agent could do
and then restrict its freedoms down to just the things it needs to do to accomplish its goal.
Spencer calls this the biggest challenge in cybersecurity today.
When half your workforce is using tools that leak sensitive data by design,
the window for getting ahead of this threat is closing fast.
If this got your attention, don't wait.
Listen to the full episode now in your Threat Vector podcast feed.
It's called Inside AI Runtime Defense, and it's live now.
This one's a reality check you can't afford to miss.
That was David Moulton with Wipro's Harish Singh.
And if you enjoyed that conversation, be sure to check out more episodes of Threat Vector.
Available every Thursday, wherever you get your podcasts.
At TALIS, they know cybersecurity can be tough and you can't protect everything.
But with TALIS, you can secure what matters most.
With TALIS's industry-leading platforms, you can protect critical applications,
data and identities, anywhere and at scale with the highest ROI.
That's why the most trusted brands and largest banks, retailers, and healthcare companies in the world
rely on TALIS to protect what matters most.
Applications, data, and identity.
that's talus
t h a l-es
learn more at talus group
dot com slash cyber
at the nisson
at the nisson all in clear out
there's nothing more chill than financing an award-winning nissan
for just zero percent
enjoy the soothing relaxation of zero stress
zero worries zero indecision
hurry in because once they're gone
there will be zero left.
During the Nissan all-in clear-out,
get zero percent financing plus up to $500 bonus
on some of our best-selling models.
You have zero reasons to wait.
Conditions apply.
See your local Nissan dealer today.
And finally, in a surprising twist
to North Korea's cyber playbook,
researchers say that operatives from the DPRK
have taken up a new trade, architecture.
Yeah. Cybersecurity firm Kela uncovered evidence showing North Korean workers posing as U.S.-based architects and structural engineers using fake resumes, forged social security numbers, and even counterfeit professional seals to land freelance design jobs online.
Investigators found detailed floor plans, 3D renderings, and construction documents for projects ranging from decks and farmhouses to treehouses and swimming pools, all traced back to accounts linked to the regimes,
IT operations. It is the latest evolution in North Korea's digital money-making machine.
The United Nations estimates that thousands of DPRK tech workers generate up to $600 million a year
for the regime, often funneling their earnings back home to fund nuclear programs and evade
sanctions. Experts say that the scheme raises new concerns about safety, integrity, and just
how deeply these operators have blended into legitimate industries. So while North Korea's builders
might be branching out, it is a good reminder that not every blueprint has an honest foundation.
And that's the CyberWire Daily brought to you by N2K CyberWire. For links to all of today's
stories, check out our daily briefing at The ScyberWire.
We'd always love to know what you think of our podcast. Your feedback ensures we deliver the
insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like
our show, please share a rating and review on your podcast app. Please also fill out the survey in the
show notes or send an email to Cyberwire at N2K.com. N2K's senior producer is Alice Carruth. Our producer
is Liz Stokes. We are mixed by Elliot Peltzman and Trey Hester with original music by
Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpie is our publisher,
and I'm Maria Vermazas in this week for Dave Bittner. Thank you for listening. We'll see you
tomorrow.
Cyber Innovation Day is the premier event for cyber startups,
researchers and top VC firms building trust into tomorrow's digital world.
Kick off the day with unfiltered insights and panels on securing tomorrow's technology.
In the afternoon, the eighth annual Data Tribe Challenge,
take center stage as elite startups pitch for exposure, acceleration, and funding.
The Innovation Expo runs all day connecting founders, investors, and researchers around breakthroughs
in cybersecurity. It all happens November 4th in Washington, D.C. Discover the startups building
the future of cyber. Learn more at c.id.d. datatribe.com.
Thank you.