CyberWire Daily - When hackers become the hunted.
Episode Date: July 17, 2025Pro-Russian Hackers, scam lords, and ransomware gangs face global justice. Louis Vuitton ties customer data breaches to a single cyber incident. The White House is developing a “Zero Trust 2.0” cy...bersecurity strategy. OVERSTEP malware targets outdated SonicWall Secure Mobile Access (SMA) devices. An Australian political party suffers a massive ransomware breach. Our guest Jacob Oakley speaks with T-Minus Space Daily host Maria Varmazis. Jacob is Technical Director at SIXGEN and Space Lead for the DEFCON Aerospace Village. An Italian YouTuber faces a retro reckoning. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest Jacob Oakley joins us from today’s episode of T-Minus Space Daily host Maria Varmazis. Jacob is Technical Director at SIXGEN and Space Lead for the DEFCON Aerospace Village. He and Maria discuss space cybersecurity. Selected Reading Global operation targets NoName057(16) pro-Russian cybercrime network - The offenders targeted Ukraine and supporting countries, including many EU Member States (Europol) Cambodia makes 1,000 arrests in latest crackdown on cybercrime (NBC News) Armenian National Extradited to the United States Faces Federal Charges for Ransomware Extortion Conspiracy (US Department of Justice) Italian police dismantle Romanian ransomware gang targeting nonprofits, film companies (The Record) Louis Vuitton says regional data breaches tied to same cyberattack (Bleeping Computer) Trump admin focuses on ‘zero trust 2.0,’ cybersecurity efficiencies (Federal News Network) SonicWall SMA devices hacked with OVERSTEP rootkit tied to ransomware (Bleeping Computer) Clive Palmer's political parties suffer data breach affecting 'all emails ... documents and records' (Crikey) YouTuber faces jail time for showing off Android-based gaming handhelds (Ars Technica) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the CyberWire Network, powered by N2K.
We've all been there.
You realize your business needs to hire someone yesterday.
How can you find amazing candidates fast?
Well, it's easy.
Just use indeed.
When it comes to hiring, Indeed is all you need.
Stop struggling to get your job post noticed.
Indeed's Sponsored Jobs helps you stand out and hire fast.
Your post jumps to the top of search results, so the right candidates see it first.
And it works.
Sponsored jobs on Indeed get 45% more applications than non-sponsored ones.
One of the things I love about Indeed is how fast it makes hiring.
And yes, we do actually use Indeed for hiring here at N2K Cyberwire.
Many of my colleagues here came to us through Indeed.
Plus, with sponsored jobs there are no subscriptions, no long-term contracts.
You only pay for results.
How fast is Indeed?
Oh, in the minute or so that I've been talking to you, 23 hires were made on Indeed, according
to Indeed data worldwide.
There's no need to wait any longer.
Speed up your hiring right now with Indeed.
And listeners to this show will get a $75 sponsored job credit to get
your jobs more visibility at indeed.com slash cyber wire. Just go to indeed.com slash cyber
wire right now and support our show by saying you heard about indeed on this podcast. Indeed.com
slash cyber wire. Terms and conditions apply. Hiring, indeed, is all you need.
Pro-Russian hackers, scam lords and ransomware gangs face global justice.
Louis Vuitton ties customer data breaches to a single cyber incident.
The White House is developing a Zero Trust 2.0 cybersecurity strategy.
Overstep malware targets outdated SonicWall secure mobile access devices.
An Australian political party suffers a massive ransomware breach. Our guest, Jacob
Oakley, speaks with T-Minus Space Daily host Maria Bermazes. Jacob is technical director
at SixGen and space lead for the DEFCON Aerospace Village. And an Italian YouTuber faces a retro
reckoning. It's Thursday, July 17, 2025. I'm Dave Bittner and this is your CyberWire Intel Briefing.
Thanks for joining us here today.
We start with a global roundup of law enforcement activities. First, between July 14th and 17th, an international operation named Eastwood,
coordinated by Europol and Eurajust, targeted the pro-Russian cybercrime group No Name 05716.
Authorities from 13 core countries, including the US, Germany, and France, worked together
to dismantle the group's infrastructure, disrupting over 100 servers and taking major
parts offline.
Seven arrest warrants were issued, mainly for Russian nationals, and two individuals
were detained.
More than 1,000 supporters were warned of legal consequences.
The group, which ran ideologically driven DDoS attacks, especially against Ukraine supporters
and NATO members, used gamified tactics and crypto payments to recruit largely Russian-speaking
sympathizers.
Europol provided intelligence, coordination, and technical support, while Eurojust facilitated
judicial cooperation.
The operation also exposed a decentralized network that relied on automated tools, informal
recruiting, and propaganda to sustain cyber attacks.
Elsewhere, Cambodia has arrested over 1,000 suspects this week in a national crackdown
on cybercrime following an order by Prime Minister Hun Manet.
The move targets foreign-led online scam operations that, according to global estimates, generate
billions annually.
Raids took place across at least five provinces, netting hundreds of suspects from Vietnam,
China, Taiwan, Indonesia, and other countries.
Authorities seized computers and phones used in scams.
Amnesty International recently accused the Cambodian government of complicity in human
trafficking and forced labor within scam compounds, citing serious abuses.
Many workers are lured under false promises and then held captive.
The crackdown also unfolds amid rising tensions with Thailand over border disputes
and cybercrime hubs, where Thailand has taken unilateral actions,
including border closures and power cuts.
In other cyber enforcement news, Karen Sorobovich Vardanyan, a 33-year-old Armenian national,
has been extradited from Ukraine to the U.S. to face federal charges related to Ryuk ransomware
attacks.
Along with three other co-conspirators, Vardanyan allegedly deployed
ransomware from 2019 to 2020, extorting over $15 million in bitcoin from US companies,
including one in Oregon. Victims included schools, hospitals, and local governments.
Vardanyan pleaded not guilty and remains in custody pending trial.
The FBI is investigating the case with international support from Ukraine and France.
Italian police have dismantled a Romanian ransomware group known as Disk Station, which
targeted civil rights groups, film companies, and non-profits in northern Italy.
The gang encrypted victim systems and demanded cryptocurrency ransoms.
The investigation, launched after attacks in Lombardy, was coordinated with French and
Romanian authorities.
Raids in Bucharest led to multiple arrests and digital evidence seizures.
A Milan judge ordered the detention of the suspected ringleader. Disc
station has exploited vulnerabilities in Synology NAS devices since at least 2021.
Moving on, Louis Vuitton has confirmed that recent customer data breaches in the UK, South
Korea and Turkey are part of a single cyber incident believed to involve the
Shiny Hunters extortion group.
The breach, discovered on July 2, resulted in the unauthorized access and
exfiltration of personal client data.
Payment information was not affected.
The company has notified regulators and is working with cybersecurity experts to investigate, Shiny Hunters is suspected
to have accessed data via a compromised third-party vendor, the same vector used in breaches at
Dior, Tiffany, and Adidas.
Shiny Hunters has previously been linked to high-profile cyberattacks, including the
snowflake breach affecting major brands.
Although French authorities recently arrested several breach forum members,
some shiny hunters operators remain active, raising concerns about future incidents.
The White House is developing a Zero Trust 2.0 cybersecurity strategy,
aiming for more targeted and efficient cyber investments across federal
agencies.
Nick Polk from the Office of Management and Budget said the focus will shift from broad
mandates to specific high-impact initiatives.
The Biden-era Zero Trust Plan, released in 2022, required agencies to adopt layered defenses,
but the new approach emphasizes results and investment efficiency.
Additionally, the Trump administration's latest cybersecurity executive order
scraps a vendor artifact requirement but keeps secure software attestations.
The Defense Department is piloting new methods,
like continuous monitoring and software builds of materials, while civilian
agencies will tailor security based on risk.
Upcoming OMB guidance will also address drone security and begin transitioning agencies
to post-quantum cryptography standards set by NIST.
A new malware called Overstep is targeting outdated SonicWall secure mobile access devices,
allowing hackers to maintain persistent hidden access and steal credentials.
Google's threat intelligence group links the attacks to UNC 6148, an actor active since
late 2023.
The rootkit modifies the boot process and uses anti-forensic tools to hide its tracks.
Attackers may have started through a known vulnerability that provided admin credentials.
UNC 6148 has used stolen data in extortion attempts and may deploy abyss ransomware.
Researchers suspect Overstep was installed via a reverse shell, though how this access
was achieved remains unclear.
The malware allows remote access, password theft, and log manipulation.
Security experts urge organizations using SMA devices to create disk images for forensic
analysis as standard inspection may miss the
stealthy malware.
Clive Parker's United Australia Party and Trumpets of Patriots suffered a ransomware
attack in June, potentially exposing all their emails, documents, and sensitive data.
The breach, confirmed in a public notice, may include personal details such as email
addresses, phone numbers, banking records and confidential documents.
The parties admit they don't fully know what data was accessed and say notifying all affected
individuals is impractical.
They reported the incident to the Office of the Information Commissioner
and Australian Signals Directorate. A party spokesperson claimed no contact with the attackers
so far. Legal experts note that while political parties are largely exempt under Australia's
Privacy Act, recent legal changes may open the door to lawsuits. The breach is seen as a possible landmark case in data accountability for political
groups.
Coming up after the break, Jacob Oakley speaks with T-minus space daily host Maria Vermazes, Jacob is the space lead for the Defcon
aerospace village, and an Italian YouTuber faces a retro reckoning. Stay with us.
Hey everybody, Dave here. I've talked about DeleteMe before, and I'm still using it because it still works.
It's been a few months now and I'm just as impressed today as I was when I signed
up.
DeleteMe keeps finding and removing my personal information from data broker sites, and they
keep me updated with detailed reports
so I know exactly what's been taken down.
I'm genuinely relieved knowing my privacy isn't something I have to worry about every
day.
The DeleteMe team handles everything.
It's the set it and forget it piece of mind.
And it's not just for individuals.
DeleteMe also offers solutions for businesses,
helping companies protect their employees' personal information
and reduce exposure to social engineering and phishing threats.
And right now, our listeners get a special deal,
20% off your DeleteMe plan.
Just go to joindeleteeme.com slash n2k
and use promo code n2K at checkout. That's joindeleteme.com slash N2K, code N2K.
Did you know Active Directory is targeted in 9 out of 10 cyber attacks?
Once attackers get in, they can take control of your entire network.
That's why Sempris created PurpleKnight, the free security assessment tool that scans your Active Directory for hundreds of vulnerabilities and shows you how to fix them.
Join thousands of IT pros using PurpleKnight to stay ahead of threats. Download it now at sempris.com slash purple-knight.
That's sempris.com slash purple-knight.
Music
Music
Music Jacob Oakley is
technical director at 6Gen and space lead for the DEFCON Aerospace Village.
He recently spoke with our T-minus Space Daily host Maria Vermazes.
Here's their conversation.
I'm a company called 6Gen where I'm the technical director for the company and help
our strategic initiatives at the kind of intersection of space and cyber. I've been doing largely offensive security for about 20 years now.
I started out in Marine Corps signals intelligence and then transitioned into the commercial rule
where I was doing red TV, pen testing, that sort of thing. Most recently for the past five or six
years supporting the aerospace community and their partners. I am an adjunct faculty at
Emory Riddle University where I write and teach
space cyber courses for their master's programs. I'm a steering committee member of the IEEE space
systems, our standard working group, and I serve as the space lead for the aerospace village.
Awesome. Jacob, you are the guy I've been wanting to talk to you for a long time about the intersection
of space and cyber.
Having come from the cyber world and now moving into the space world, I've seen sort of a
weird resistance to cybersecurity.
And just the question that comes up to me is why?
It's so important.
So what's the deal?
Walk me through this.
Yeah, I think there's a couple of things.
I guess we'll start with maybe the most important one first.
The aerospace community is largely made up of engineers,
all different kinds of engineers,
our engineers, electric engineers,
aerospace engineers, so on and so forth.
But the thing about engineers is,
even if it's different disciplines,
I still have a really good idea of
that person's technical capabilities,
what kind of education they went through,
and their ability to apply their craft in terms
of mathematics and engineering pedigree.
Cyber, that's not so much the case.
Cyber has been this term that has been used to
whitewash much of what we used to maybe consider
the IT industry and the security industry and some other things.
I think you could really look at the forming of
Cybercom being to blame for that.
If you look back in Google search history of how popular a term is,
cyber and cybersecurity didn't really become a search term until about 2010,
which is when all of that happened.
But so you have the government allocating a ton of funds to
cyber initiatives because we've realized this is a problem and you have
a bunch of government organizations who haven't been able to get funding for
things like IT infrastructure or help desk support
compliance, right? And so they go, oh if I just change this to a cyber analyst
instead of a compliance analyst, suddenly I can access this funding, right? And so
you have the customer base does that and then you have the vendor based respond
with, oh I'll gladly sell you some buckets of cyber or let me slap a cyber
sticker on the site and sell it to you, right?
And so what that leads to is engineer to engineer,
but for different disciplines, they kind of
have an understanding of what that person is
and what their experience is.
But if you introduce yourself as, hey,
I'm a cyber security professional,
well, they have no idea what they are.
Are you a red teamer?
Are you a help desk person?
Do you do routing infrastructure?
Do you do cloud stuff, right?
And so there's kind of an inherent mistrust there.
The engineers kind of look at it like,
well, I don't even know what your minimum standard
or low bar is to become a cybersecurity professional.
So I'm going to be resistant
to the things you're gonna tell me.
And I think you add that to the fact that
I've kind of noticed two things
as I've worked with aerospace.
Usually as a hacker, I'm the most risk averse person in the conversation. If I'm talking with a CEO, I'm trying to tell them to worry more about the problems they have and that they need to fix
them. Well, tell an aerospace person they need to worry more about their system getting hacked.
They're like, hey, buddy, I just hope this thing wakes up in space. Right? Like I'm worried about it getting hacked might be the 30th most scary thing on my
list.
And then the other is that usually as a hacker, right, as a red teamer,
contest or something like that, like I'm usually the most technical person in the
conversation.
If I'm talking to a CISO or a CEO, right?
Like I'm giving technical facts about my profession to convince them to make some
change.
When you run into, you know, an electrical engineer, for instance, right, they're going
to go, hey man, I know how the computer actually works.
So if you're going to give me advice on how to make this thing more secure, I'm going
to ask you seven times if you're sure and make you prove it to me.
Also because of that other thing we talked about.
There's also within the space cyber world, there's maybe not a well understood sort of
common ground of key events that have happened
or even sort of a common knowledge set that everyone who is in the space cyber world should
have to speak maybe the same language or at least understand key events.
What do you think about that idea?
I think we could answer that two different ways, right?
The common ground aspect suffers from some of the stuff
we've already discussed, right?
Maybe exacerbated by the fact that like engineering
is sort of like a finite game.
There's rules and there's a timeline
and I know who the other people are playing are.
Like, yeah, engineers handed a task like,
hey, go build this engine that can go this fast
with this much fuel and X, Y, Z and solve for that.
And you've done a successful job in engineering.
Cyber security is more like an infinite game.
You're just trying to keep playing.
You want to keep your organization running despite
the cyber threats you face,
the adversaries can come and go,
they don't have any rules, there's no timelines.
The cybersecurity professional has to approach
their problems that way and
the engineering side of the house
approaches their problem with a very finite mindset.
What you have a lot in organizations is,
well, I've got an electrical engineer who knows how to program,
so I'm just going to have that person do my cyber stuff.
Well, they're going to approach the cyber problem with a finite mindset.
You do that when you try to apply finite solutions to an infinite
problem you have like what happens to the US and Vietnam and Afghanistan right
the adversary is just trying to keep playing and eventually we give up trying
to win and we leave right so but from a commonality of like what is like the
technical position we should share together to approach these problems I
think that gets really conflated because of how,
like the aerospace industry is really, really good
at dealing with risk, right?
And redundancies and those are things they've dealt with
for a very long time.
And they try to sort of fit the cyber, you know,
square peg in that round hole.
So what's the path forward?
I just wonder how, this is quite a bridge to gap,
or gap to bridge rather. How do we get how do we go?
I think you can look at it in two ways. What are the solutions we provide to help solve that problem?
And the other is like, how do we start addressing the cultural issue?
I think the cultural issue really has to come first because you have to get people to listen or you'll allow them to implement cybersecurity somewhere. The best path forward there honestly is you have to treat
cybersecurity as one of
the engineering disciplines required in making a spacecraft.
So when a program stands up to begin
design and then development of a space system,
oftentimes the end is when they do a cyber compliance check,
where they do a third party assessment,
and they look at your good or your not.
But really, there's weekly meetings
when you're building a space program,
if not more often, where you have
the RF engineer and the mechanical engineer,
and aerospace engineer, they're all present,
and they're all discussing at what state
the space vehicle is in its design or development,
and what's changed and how that's
going to affect everybody else.
Having cybersecurity representation in those meetings
allows for cyber requirements to be just like
thermal requirements of the space vehicle
and it'll get developed along the way accordingly.
Because like what usually happens is,
you know, two years into this thing,
they've already ordered their software to find radios.
And then the cyber person's like,
hey, those use a OS that's vulnerable.
And they're like, well, it takes me 12 months
to reorder that part and we'll miss our launch window.
So we're just going to put it up there.
If you get the cyber person there when you were making the decisions about the software
to find radios, well, they could ask you, what are you looking at and go look at the
operating systems that come with them and then you kind of head that off.
I'm much really on in the design and development process.
So culturally, I think it's really getting the aerospace community to appreciate cybersecurity as just one of the other engineering things that
now has to go into building and operating spacecraft.
From the solutions perspective,
it's also an uphill battle because there's
a huge obsession with flight heritage.
You have a radio that's 10 times faster, better,
cheaper, and they'd gladly pay
a 100 times the price for something that's already times faster, better, cheaper, and they'd gladly pay 100 times the price for something
that's already flown before. And so when you think about what that means for the vendor base,
it's like, well, are vendors going to go out on a limb and space rate their cybersecurity solution,
hoping somebody's going to buy it, right? I think that might have to get flipped on its head a little
bit where the aerospace community reaches out a little bit
to the cyber side and says,
how do we prove out some of this stuff
so it can be more widely accepted?
I can't help but wonder about specialized knowledge
and the broad swath of cybersecurity professionals
that we have out there.
I would imagine working with space systems
is a very specialized skillset
that how does
one even acquire that knowledge?
Especially if you're already maybe starting out in your career and you go, I want to work
in space.
What do we point people to?
It's tough.
The investment and skill set is going to be higher for space and you have a much smaller
subset of customers to go sell that service to, right?
So the value proposition of getting the cybersecurity side
to invest in developing those skills is really not going to be there.
Find me the cyber person that doesn't like Star Wars or
Star Trek or something else, right?
So there's, there's, there's interest there, right?
Yeah, yeah.
There's people that want to do this.
I think it's very difficult.
The other question I get asked is,
what would you rather take?
Would you rather take like an electrical engineer
who's worked on aerospace programs
and teach him how to be a hacker or teach a hacker, right?
And it's, well, if you're forcing me to have that function,
I'm gonna take the aerospace person
because that's the harder skills to go get, right?
If you have a person from the aerospace community
who's an engineer, but who's willing
to think outside the box and with that internet mindset and is curious like a hacker, that's
probably, not that anyone would be more qualified than the other, but that's going to take less
of an investment to turn them into a space cyber professional than the converse.
That's Jacob Oakley from 6Gen speaking with our T-minus Space Daily
host Maria Vermazes. Be sure to check out the T-minus Space Daily podcast
wherever you get your favorite podcasts.
You hear from us here at the Cyberwire Daily every single day. Now we'd love to hear from you.
Your voice can help shape the future of N2K networks.
Tell us what matters most to you by completing our annual audience survey.
Your insights help us grow to better meet your needs.
There's a link to the survey in our show notes.
We're collecting your comments through August 31st.
Thanks.
We've all been there.
You realize your business needs to hire someone yesterday.
How can you find amazing candidates fast?
Well, it's easy. Just use Indeed. When it comes to hiring,
Indeed is all you need. Stop struggling to get your job post noticed.
Indeed's Sponsored Jobs helps you stand out and hire fast.
Your post jumps to the top of search results so the right candidates
see it first. And it works. Sponsored jobs on Indeed get 45% more applications than non-sponsored ones.
One of the things I love about Indeed is how fast it makes hiring.
And yes, we do actually use Indeed for hiring here at N2K Cyberwire.
Many of my colleagues here came to us through Indeed.
Plus, with sponsored jobs, there are no subscriptions, no long-term contracts.
You only pay for results.
How fast is Indeed?
Oh, in the minute or so that I've been talking to you,
23 hires were made on Indeed, according
to Indeed data worldwide.
There's no need to wait any longer.
Speed up your hiring right now with Indeed.
And listeners to this show will get a $75 sponsored job credit
to get your jobs more visibility at indeed.com slash cyberwire.
Just go to indeed.com slash cyberwire right now
and support our show by saying you heard about Indeed on this podcast.
Indeed.com slash cyberwire.
Terms and conditions apply. H apply hiring indeed is all you need.
Krogel is AI built for the enterprise sock fully private schema free and capable of running in
sensitive air gapped environments,
Krogel autonomously investigates thousands of alerts weekly,
correlating insights across your tools without data leaving your perimeter.
Designed for high availability across geographies,
it delivers context-aware, auditable decisions aligned to your workflows.
Krogel empowers analysts to act faster and focus on critical threats, replacing repetitive triage with intelligent automation to
help your sock operate at scale with precision and control. Learn more at
Krogl.com. That's C-R-O-G-L dot com.
And finally, Italy is known for fine wine, ancient ruins, and as YouTuber OnceWereNerd just discovered, some of the strictest copyright enforcement this side of the Alps.
The retro gaming enthusiast who reviews Android-based handheld consoles loaded with old-school games
recently had his collection of nostalgia confiscated by the Guardia di Finanza, Italy's economic
and copyright watchdog.
The agents showed up with a search warrant in April, seizing over 30 consoles and requesting
emails with device makers.
While emulation itself is legal, many of these consoles come preloaded with pirated game
ROMs, something Italian authorities aren't about to overlook.
The creator could face charges under Article 171 of Italy's copyright law, which carries
up to three years in prison.
Italy does not mess around.
From forcing Google to block pirated soccer streams to now eyeing YouTubers, its message
is clear.
If you're profiting off copyrighted content, even indirectly, you'd better save your progress.
And that's the CyberWire.
For links to all of today's stories, check out our daily briefing
at the cyberwire.com. We'd love to hear from you. We're conducting our annual audience
survey to learn more about our listeners. We're collecting your insights through the
end of this summer. There's a link in the show notes. Please do check it out.
N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes.
We're mixed by Trey Hester with original music by Elliot Peltzman.
Our executive producer is Jennifer Iben.
Peter Kilpey is our publisher.
And I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow. Hi, Kim Jones here.
On CISO Perspectives, we get candid with the thinkers, doers, and trailblazers shaping
cybersecurity leadership.
No scripts, no sales pitches.
Just real stories and hard-earned lessons from folks who've been there.
If you're looking to grow as a leader leader or just want to hear how others are navigating
this ever-evolving field, listen to CISO Perspectives. It's your seat at the table.
Buying more tools won't make you more secure.
Continually training your people will.
In this episode, Cloudrange co-founder and CEO Debbie Gordon shares how real-world simulations
are transforming readiness in 2025.
Because your last line of defense isn't software, it's your team.
Tune in now.
Your stack depends on it.