CyberWire Daily - The end of a cybercrime empire.
Episode Date: January 31, 2025Authorities dismantle a Pakistan-based cybercrime network. Lawmakers question the feasibility of establishing a U.S. Cyber Force as a standalone military branch. The DOJ sues to block HPE’s acquisit...ion of Juniper Networks. Tangerine Turkey deploys cryptomining malware. Major healthcare providers send breach notifications. Norwegian police seize a Russian-crewed ship suspected of damaging a communications cable. Researchers discover critical vulnerabilities in GitHub Copilot. D-Link patches a critical router vulnerability. CISA and the FDA have warned U.S. healthcare organizations of severe security vulnerabilities in Chinese-made patient monitors. Pauses in funding create confusion for federal cybersecurity vendors. We bid a fond farewell to a pair of N2K colleagues. The case of the disappearing government data. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today’s guest segment is bittersweet as we offer our thanks and see you laters to two of our beloved colleagues N2K President Simone Petrella, who’s taking her leadership role to our advisory board, and Executive Editor Brandon Karpf, who will be taking up the mantle of protecting our national security starting his own company, Hedy Cyber. Join us in celebrating their incredible journeys, contributions to our successes, and letting them both know just how deeply they will be missed by all of us here at N2K. Selected Reading US, Dutch Authorities Disrupt Pakistani Hacking Shop Network (SecurityWeek) Lawmakers push for guardrails, deadline on cyber military study (The Record) US Sues to Stop HPE $14 Billion Deal to Buy Juniper Networks (Bloomberg) Tangerine Turkey mines cryptocurrency in global campaign (Red Canary) US healthcare provider data breach impacts 1 million patients (Bleeping Computer) NorthBay Health Data Breach Impacts 569,000 Individuals (SecurityWeek) Norway seizes ship suspected of sabotage, says crew are Russian nationals (The Record) GitHub Copilot Jailbreak Vulnerability Let Attackers Train Malicious Models (Cyber Security News) D-Link Routers Vulnerability Let Attackers Gain Full Router Control Remotely (Cyber Security News) CISA, FDA Warn of Dangerous Backdoor in Contec Patient Monitors (SecurityWeek) Federal Cybersecurity Contractors Whiplashed By Uncertainty (GovInfo Security) Archivists Work to Identify and Save the Thousands of Datasets Disappearing From Data.gov (404 Media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the CyberWire Network powered by N2K.
Hey everybody, Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try
DeleteMe. I have to say, DeleteMe is a game changer. Within days of signing up, they started
removing my personal information from hundreds of data brokers. I finally have peace of mind,
knowing my data privacy is protected. DeleteMe's team does all the work for you, with detailed
reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for DeleteMe.
Now at a special discount for our listeners, today get 20% off your DeleteMe plan when you go to JoinDeleteMe.com delete me dot com slash n2k and use promo code n2k at checkout.
The only way to get 20 percent off is to go to join delete me dot com slash n2k and enter
code n2k at checkout.
That's join delete me dot com slash n2k code n2k. Authorities dismantle a Pakistan-based cybercrime network.
Lawmakers question the feasibility of establishing a U.S. cyber force as a standalone military
branch.
The DOJ sues to block HPE's acquisition of Juniper networks.
Tangerine Turkey deploys crypto mining malware. Major healthcare providers send breach notifications.
Norwegian police seize a Russian crewed ship suspected of damaging a communications cable.
Researchers discover critical vulnerabilities in GitHub Copilot. D-Link patches a critical
router vulnerability.
CISA and the FDA have warned US health care organizations of severe security
vulnerabilities in Chinese-made patient monitors. Causes and funding create
confusion for federal cybersecurity vendors. We bid a fond farewell to a pair
of N2K colleagues and the case of the disappearing government data.
It's Friday, January 31, 2025.
I'm Dave Bittner and this is your CyberWire Intel Briefing. U.S. and Dutch authorities have dismantled a Pakistan-based cybercrime network that sold
hacking and fraud tools online. Dubbed Operation Heart Blocker, the crackdown led to the seizure of 39 domains operated
by Sim Rajah, also known as Heart Sender, who had been selling phishing toolkits, scam
pages and email extractors since 2020.
His tools, marketed as undetectable by Security Solutions, were widely used in
business email compromise scams, leading to over $3 million in losses. Thousands of cyber
criminals purchased these tools to steal credentials and conduct fraud. Authorities also uncovered
millions of stolen data records, prompting Dutch police to launch a website where users
can check if
their credentials were compromised. Those affected are urged to change their passwords
and stay vigilant against phishing attempts.
A bipartisan group of lawmakers is urging the National Academy of Sciences, Engineering,
and Medicine to fully evaluate the feasibility of establishing a U.S. cyber
force as a stand-alone military branch.
In a January 29th letter, Representatives Morgan Luttrell, Republican from Texas, Pat
Fallon, Republican from Texas, and Senator Kirsten Gillibrand, Democrat from New York,
stressed that while the defense policy bill altered the study's focus to broader cyber The debate continues over whether U.S. Cyber Command should remain under its current structure,
akin to Special Operations Command, or if it is still in the process of being able to
use the new cyber-mode.
The debate continues over whether U.S. Cyber Command should remain under its current structure,
akin to Special Operations Command, or if it is still in the process of being able to discussions. The debate continues over whether US Cyber Command should remain
under its current structure, akin to Special Operations Command, or if an
independent cyber force is necessary to address ongoing readiness challenges. The
letter signals Congress's commitment to reassessing military cyber capabilities.
The US Department of Justice has sued to block Hewlett-Packard Enterprises' $14 billion
acquisition of Juniper Networks, arguing it would stifle competition by leaving only HPE
and Cisco controlling over 70 percent of the U.S. networking market.
The companies dispute the claim, saying the deal would enhance competition.
The lawsuit marks the first antitrust case
under President Trump's new term. Despite approvals from the UK and EU, HPE and Juniper
face an eight-month legal battle before the October deadline.
Tangerine Turkey is a VBS worm that spreads via USB drives to deploy crypto mining malware. First
observed by Red Canary in November of last year, it ranked number eight in
their January 2025 threat report. The malware hijacks printui.dll to
execute mining software and has been linked to a global cryptojacking
campaign. Azerbaijan's cert found strong overlaps between Tanjoreen, Turkey and a massive crypto mining
operation called Universal Mining, which had infected over 270,000 computers in 135 countries.
Virus total samples indicated sometimes drops XM rig, though configuration files are often
pulled from remote servers
and GitHub repositories.
Several related GitHub profiles and domains used for configuration were taken down.
Reports from Quick Heal and Azerbaijan Cert suggest tangerine turkey is part of a larger
evolving crypto mining campaign, possibly with new variants beyond VBS, including BAT,
PowerShell, and EXE-based execution methods.
Community Health Center, a major Connecticut health care provider, is notifying over one
million patients of a data breach exposing their personal and health information.
Attackers accessed CHC's network in October 2024, but the breach was only discovered
in January of this year. The stolen data includes names, Social Security numbers, medical diagnoses,
and insurance details, but CHC states that no systems were encrypted and operations remain
unaffected. Investigators found that a skilled criminal hacker
was behind the attack, but was stopped within hours.
Meanwhile, North Bay Health is notifying 569,000 individuals
of a separate data breach in early 2024,
which may have involved ransomware.
Although North Bay says there's no evidence
of identity theft, it is offering free identity protection.
The attack disrupted hospital operations for weeks.
These incidents highlight the growing trend of cybercriminals targeting health care providers
for data theft and extortion.
Norwegian police have seized the Silver Danja, a Norwegian-registered Russian crewed ship
suspected of damaging a communications
cable between Sweden and Latvia.
This marks the third vessel detained in recent weeks amid rising concerns over subsea infrastructure
sabotage in the Baltic Sea.
The ship was detained at Norway's request after sailing from St. Petersburg to Murmansk.
Latvian authorities are investigating
three ships over the cable cut, with Sweden having already detained a ship.
Meanwhile, Finland has seized the Eagle S, suspected of intentionally dragging its anchor
for 60 miles, severing multiple cables.
With heightened NATO concerns, Baltic Century, a new military initiative, has been launched
to protect critical infrastructure.
NATO allies have warned of potential actions against Russian vessels if subsea threats
persist.
Researchers have discovered two critical vulnerabilities in GitHub copilot, Microsoft's AI-powered
coding assistant, exposing major security flaws in
enterprise AI tools.
The affirmation jailbreak trick allows users to bypass copilot's ethical safeguards by
simply adding affirmations like Sure to prompts, enabling it to generate malicious code such
as SQL injection scripts or de-authentication attacks.
The proxy hijack exploit is even more secure, allowing attackers to reroute copilot's API
traffic, capture authentication tokens, and gain unrestricted access to OpenAI's models.
This could lead to enterprise-wide financial risks by generating high-cost AI queries or
leaking sensitive proprietary code.
With 83% of Fortune 500 companies using Copilot, the risks are widespread.
Researchers urge better AI security controls, including adversarial training,
certificate pinning, and stricter API token policies.
As AI coding tools advance,
security frameworks like NIST's AI risk management
are needed to prevent exploitation.
A critical unauthenticated remote execution vulnerability
in D-Link DSL3788 routers
allows attackers to gain full control remotely.
The flaw was discovered by Max Belia of Secure Network BVTech.
Potential risks include complete router takeover,
network compromise, and malware deployment.
D-Link has released a patched firmware version
and urges users to update immediately to protect against exploitation.
CISA and the FDA have warned U.S. healthcare organizations to remove Contec CMS-8000 patient
monitors due to severe security vulnerabilities that risk remote code execution and patient
data leaks.
The Chinese-made device, used in the U.S. and EU, contains a firmware backdoor that allows attackers to overwrite files,
execute arbitrary code, and exfiltrate patient data.
One of the flaws enables unauthorized remote control.
A second exposes patient data
by transmitting unencrypted information
to a hard-coded IP address.
A third flaw allows out-of-bounds writes
leading to remote code execution.
These issues affect multiple firmware versions, including rebranded models like the Epsomed MN120.
No patches exist, and CISA advises immediate removal from networks. Past vulnerabilities in
the same device have also exposed serious security risks, but no known attacks have been reported yet.
The General Services Administration has paused new federal contract awards,
creating confusion among vendors and raising concerns about broader impacts.
The January 24th memo cites the need for new leadership to review acquisition strategies,
but allows exceptions for emergency obligations and IT spending.
The pause follows President Trump's freeze on federal funds,
though some restrictions were lifted
after state Medicaid websites went down.
Despite concerns in the cybersecurity sector,
experts believe the GSA pause won't cause long-term harm.
However, uncertainty about cybersecurity funding,
especially given the administration's stance on agencies like CISA,
could deter small vendors.
Industry groups, including the Professional Services Council,
have called for clearer guidance on contract spending.
Meanwhile, the Department of Defense clarified that its contracts remain unaffected, ensuring
that critical national security missions continue.
Benders are seeking clarity to avoid disruption in cybersecurity and other federal services. Coming up after the break, a fond farewell to a pair of N2K colleagues and the case of
the disappearing government data.
Stay with us. Cyber threats are evolving every second and staying ahead is more than just a challenge,
it's a necessity.
That's why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted
by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data, and ensuring your organization
runs smoothly and securely. Visit ThreatLocker.com today to see how a default deny approach can keep your company safe and compliant.
Do you know the status of your compliance controls right now?
Like right now?
We know that real-time visibility is critical for security, but when it comes to our GRC
programs, we rely on point-in-time checks.
But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility
into their controls with Vanta.
Here's the gist, Vanta brings automation to evidence collection across 30 frameworks
like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
a new way to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
We've got some very special heartfelt see you later's
We've got some very special heartfelt see you laters in today's guest slot. We're going to miss N2K president Simone Petrella and executive editor Brandon Karp
as they move on to new challenges.
Join us in wishing them well. FUN FACT FRIGHT DAY
Welcome to Fun Fact Friday, your one stop shop for the quirkiest of bits of wisdom.
I'm your host Liz Stokes here at N2K Aciboire.
Today's fun fact is a little different.
It's all about saying goodbye to one of our own.
Our amazing colleague Brandon is heading off to a new adventure.
Fun fact about Brandon, he's been the go-to person for solving problems, sharing laughs
and keeping things running smoothly.
He's truly been a team player and a fantastic colleague.
Brandon, thank you for sharing your vision with us.
Thank you for always being the voice of expertise and leadership, the T-minus wonk.
And thank you for believing in me.
Please don't be a stranger, Brandon.
I am seriously going to miss you.
Brandon, I was really sad to hear you're leaving us, but I'm so happy for you at the same time.
I'm excited for the new work you'll be contributing to the world with your company, and I can't
wait to see all that you'll do next.
I personally appreciated all your encouragement and support of my ideas here at NTK,
and CertBite would have not launched
had it not been for your support.
So thank you for everything.
We will miss you.
Keep in touch.
Brandon, good luck on all your future endeavors.
It was a joy to have you here at the company.
Best wishes to you, and please keep in contact.
Good luck, man. Brandon, you
definitely left your mark on the company in the time that you were here, but
remember that goodbyes are not forever. They're just a pause in our shared
journey. Brandon, I will always remember that you set up your own recording booth
in your own home so that you can have better audio quality
on our shows. And if that isn't the way to an audio engineer's heart, then, I don't
know, try lunch or something. Really going to miss you, ma'am.
Brandon, I have never worked with somebody who made me want to do so much more than I've
ever wanted to do in such a short period of time.
I appreciate all of your insight, your book recommendations and support from the last
couple of months. I truly would not be where I am today without it. Thank you.
Hey Brandon, it has been such a great experience working with you and learning from you these
past few years. Thank you so much for your encouragement and mentorship.
It really won't be the same without you.
But I am so excited for you as you start your company.
Please keep us all posted on your success.
I can't begin to thank you for all the guidance
and support you've given me.
It's truly been an honor working for you.
And while I give you grief about it, I'm genuinely thrilled for your next venture.
I know you'll conquer this role just like you always do. Best of luck, Katherine.
Hey, Brandon, working with you over the past couple years has just been such an incredible,
amazing experience. And I'm so excited to see all the things you go on to accomplish and achieve
over the next several years. I'll be rooting for you the entire time.
Brandon, working with you for a year was not nearly enough time, but since beggars
can't be choosers, take what I got. Thank you so much for everything. I hope you
have a great one. Bye.
Brandon, it has been an absolute pleasure to work with you.
I wish you nothing but the best going forward in your new venture and hope that it is every
bit the success that I know that you can make it.
Take care.
Hey, Brandon.
Thank you so much for everything you've done for our team.
You're such a great leader.
We really appreciate it.
I promise I won't break anything.
And go Navy.
Hey Brandon, it's Peter.
I always knew the day would come when you take that big leap and start a new venture.
I have no doubt it'll be a huge success.
I'm so excited for you.
Of course, I'm truly grateful for all the ways you've impacted our company and every
single member of the team.
You're part of our DNA now.
That means you'll always be a part of this team.
Best of luck to you.
Well Brandon, what can I say?
It's been an epic adventure.
Thank you for picking me up at Spacecom in 2022 and making me part of the T-miners space
team.
I will forever be grateful for our time that we've worked together.
Brandon, your dedication and energy have made a lasting impact.
And we're so grateful for everything you've done.
While we're sad to see you go, we're also excited for what's next for you.
From all of us here, thank you for being such a big part of our team.
We'll miss you.
But we know you'll be amazing in this next new chapter.
See you soon.
Welcome to Fun Fact Friday, one-stop shop for the quirkiest tidbits of wisdom.
I'm your host, Liz Stokes, here at N2K Subwire.
Today's fun fact is a big one, and it's all about celebrating Simone, our fearless leader, who's
moving up and starting a new, exciting chapter.
Fun fact about Simone, she's not just a leader, she's THE leader.
The one who inspires, motivates, and somehow makes even the toughest challenges seem doable.
Seriously, it's kind of like her superpower.
Simone, I've only worked with you for my two years here at N2K, but you've been a role
model to me in many ways.
You've not only been a guiding force for our company, but you've brilliantly carved a path
where women in the tech and cybersecurity fields can be seen, heard, and respected.
You're an inspiration to us all.
And although we'll miss you as part of our team, I'm so happy you'll still be part of our company
to help guide and advise us along our journey.
Thank you for all you have done and all you do.
Simone, it's been a pleasure.
Thank you for the knowledge and encouragement
that you've shared,
and I look forward to seeing what comes next.
Hey, this is Bridget.
I have had the pleasure of knowing Simone
since I started with CyberVista in 2018.
My favorite memory with her was in 2019 when we had a planking competition in the office
and Simone absolutely schooled everyone.
I just remember thinking, I hope one day that I can reach that level of badassery.
Simone, I know you will still be around as board member
and advisor, but I just want to say that I have been so lucky to have such a brilliant
leader to look up to. I want to be you when I grow up.
Thank you so much for your leadership, Simone. We will miss you very, very much. And I will
continue to admire your shoe collection from afar.
Hey, Simone, working with you over the past couple years has just been such an
incredible and amazing experience. And I'm so excited to see all the things you
don't want to accomplish and achieve over the next several years. I'll be
rooting for you the entire time.
Simone, if we were in the office, I would say what I'm going to miss most are seeing
all the fabulous shoes you wore every single day.
But since we're not, I'll say what really matters.
I'll just miss you.
Hope you have a great one.
Bye.
Simone, thank you for all your support and incredible contributions to me and the sales
team.
You'll definitely be missed,
but don't think you're off the hook
as we still need to play golf one day.
Best of luck to you, Catherine.
Simone, I wish you the best in your future endeavors.
And if you happen to eat anything,
please don't hesitate to reach out.
Hi, Simone.
It has been one of the privileges of my career
to have worked in the same space as you, let
alone alongside you.
Thank you for helping us become what we are today.
Good luck, Simone, in your future endeavors, and may your golf ball always find the fairway.
Simone, it's been wonderful getting to know you these last couple of years and getting
to work closely with you.
Thank you so much for inviting me to all of your interviews so that I could nitpick our
guests' audio and get everyone, including you, sounding as best as they could.
Thank you for your patience and very excited to see what you do next.
Also, very happy that you'll still be on our board.
Don't be a stranger.
Simone, I can't believe the ease with which
we began working together.
I love how you always cut immediately
to the most important thing.
And that's such an amazing and awesome quality
that I also aspire to.
I am gonna absolutely miss your presence at N2K.
Hey, Simone, it's Brie.
Wow, I can't believe it's been seven years.
Such a bittersweet moment.
What an adventure it has been.
I cannot thank you enough for all of your wisdom,
your insight, keeping all of us grounded,
and most certainly all of
the laughs.
I don't think we would have made it through without them.
All of this is going to certainly stick with me for years to come, and I'm so grateful.
This definitely isn't goodbye, and I will see you for lunch soon.
Hey, Simone.
Peter here.
I couldn't have asked for a better partner in building this business.
I've learned so much from you
and I'm so grateful for all the ways
you've made us a stronger company.
You'll always be part of the N2K family.
I'm excited for all the ways
we'll work together going forward.
You're gonna do amazing things.
I can't wait to hear what's next for you.
Simone, your vision, dedication,
and ability to bring out the best in everyone
have made such a difference here.
From all of us, thank you for everything.
Congratulations on your new role, and you're absolutely going to crush it.
Here's to Simone, the fearless leader who's moving onward and upward.
See you soon. I want to personally thank Simone Petrella and Brandon Karp for their inspiration and
guidance in the time we've had working together.
I'm going to miss them both, but I have no doubt they'll be extraordinarily successful
in their coming endeavors.
Take care, friends.
And now a message from our sponsor Zscaler, the leader in cloud security. Enterprises
have spent billions of dollars on firewalls and VPNs, yet breaches continue
to rise by an 18% year-over-year increase in ransomware attacks and a $75 million record
payout in 2024.
These traditional security tools expand your attack surface with public-facing IPs that
are exploited by bad actors more easily than ever with AI tools.
It's time to rethink your security.
Zscaler Zero Trust plus AI stops attackers by hiding your attack surface, making apps
and IPs invisible, eliminating lateral movement, connecting users only to specific apps, not
the entire network, continuously verifying every request based
on identity and context. Simplifying security management with AI-powered automation. And
detecting threats using AI to analyze over 500 billion daily transactions. Hackers can't
attack what they can't see. Protect your organization with Zscaler Zero Trust and AI.
Learn more at zscaler.com slash security.
Hit pause on whatever you're listening to
and hit play on your next adventure.
Stay two nights and get a $50 Best Western gift card.
Life's the trip.
Make the most of it at Best Western.
Visit bestwestern.com for complete terms and conditions.
And finally, when Harvard archivist Jack Cushman logged on to data.gov the morning after Donald
Trump's inauguration, something felt off.
The numbers didn't quite add up.
The day before, the government's largest public data repository listed 307,854 datasets.
Now more than 2,000 were gone.
At first, he thought it might be a glitch, but as he dug deeper, snapshots from the Wayback
machine confirmed it.
Datasets were disappearing, many tied to climate research, environmental monitoring, and diversity
initiatives.
Cushman wasn't alone in his concern.
Archivists, researchers, and data hoarders across the internet scrambled to preserve
what they could, knowing all too well that government data is fragile in the digital
age.
Unlike the printed documents of the past, which found homes in libraries across the
country, today's data lives on centralized servers, vulnerable to quiet deletions.
Some missing datasets turned up on agency websites, others were truly gone.
The question remained, was this routine cleanup or a purge? No regulations
mandate digital data preservation, leaving crucial information at risk, while some datasets
remain accessible via agency websites or backups, determining the full impact will take time.
The quiet deletion of government data is more than an administrative decision, it's a threat to transparency, accountability, and historical record.
When critical data sets disappear, so does public access to scientific research, policy
history, and information that shapes our understanding of the world.
Without strong preservation policies, we risk losing more than just numbers on a website.
We risk erasing knowledge itself.
If we allow data to be quietly rewritten, reallocated, or erased without scrutiny, we
open the door to a future where truth itself becomes malleable, dictated not by facts,
but by those in power.
Safeguarding government records is not just about archiving, it's about defending the
integrity of information
in a democracy that depends on it.
["Cyberwire," theme music playing.] And that's the CyberWire.
We'd love to know what you think of this podcast.
Be sure to check out this weekend's Research Saturday and my conversation with JAGS from
Sentinel One.
We're discussing their work Operation Digital Eye.
Chinese APT compromises critical digital infrastructure via visual studio code tunnels.
That's Research Saturday. Check it out. This episode was produced by Liz Stokes.
Our mixer is Trey Hester with original music and sound design by Elliot Peltsman.
Our executive producer is Jennifer Iben. Our executive editor is Brandon Karp.
Simone Petrella is our president. Peter Kilpey is our publisher.
And I'm Dave Bittner. Thanks for listening. We'll see you back here next week. you