In today’s episode of the CyberHub Podcast, host James Azar delivers the latest cybersecurity headlines from around the world.

Broadcasting while on the road, James provides updates on a significant North Korean crypto heist, data breaches impacting global telecoms and IT providers, the ongoing crackdowns on cyber “sweatshops” in Southeast Asia, a dramatic rise in ransomware targeting the industrial sector, and new developments in U.S. Cyber Command.

With a nod to sponsor Nudge Security, the show rounds out with a dive into password spray attacks and how AI technology is both exploited and regulated in the cyber realm.

👀 SHOW Supporters:

Today's episode is supported by our friends at Nudge Security. All CyberHub Podcast community members can get a free 14-day trial of their solution for securing SaaS and genAI at https://www.nudgesecurity.com/cyberhub

North Korea Blamed for Historic ByBit Ethereum Heist
A record-breaking hack that stole USD 1.5 billion worth of Ethereum from the ByBit crypto exchange is now attributed to state-sponsored North Korean threat actors, specifically the infamous Lazarus Group. Investigation by multiple cybersecurity researchers, including Check Point and TRM Labs, strongly tied the stolen funds to North Korean wallets previously flagged for illegal activity.

Analysts concluded that malware, phishing, and supply chain exploits were used to gain access to the multisig wallets, leading to the largest crypto theft on record.

Orange Romania Breach by Hellcat Ransomware Group
French telecom giant Orange confirmed a security breach targeting its Romania division. An attacker dubbed “Ray,” affiliated with the Hellcat ransomware group, leaked sensitive data on a breach forum, including hundreds of thousands of email addresses, partial payment card details, and internal documentation such as invoices and contracts.

The stolen trove, around 6.5 GB of data, appears to stem from compromised credentials. Although only the Romanian branch was affected, the incident highlights the importance of multifactor authentication (MFA) and strict access controls across every regional entity.

Thailand Rescues Thousands From Cyber ‘Sweatshops’
In a continued effort to dismantle cyber fraud rings operating along the border of Thailand and Myanmar, Thai police announced plans to receive an initial group of nearly 7,000 people who were tricked or coerced into working in scam compounds. These modern-day slavery hubs are run by several Chinese gangs engaging in social engineering, fake gaming sites, and crypto scams.

Part of a larger operation known as Operation Storm Maker Steel, the rescue mission involves screening victims before repatriating them to their home countries. Though this wave of releases is a positive step, authorities estimate over 100,000 individuals remain trapped in these illegal enterprises across Southeast Asia.

Russia Issues Rare Advisory After Breach at Lanet
Russia’s National Coordination Center for Computer Incidences publicized a breach alert concerning Lanet, a major IT service and software provider. The breach, occurring on February 1, potentially exposed data at both LLC Lanet and LLC LanATM Service.

Notably, Lanet counts the Russian Ministry of Defense and other high-profile military-industrial clients among its customers. With the country’s cybersecurity agencies typically reserved about disclosing breaches, this more transparent advisory signals heightened concerns over domestic cyber resilience—particularly as various threat actors continue to target Russian organizations.

Oracle Agile PLM Software Flaw Added to CISA Catalog
CISA added a severe vulnerability (CVE-2024-20905) in Oracle Agile Product Lifecycle Management to its Known Exploited Vulnerabilities (KEV) catalog. This high-severity deserialization flaw, patched in January 2024, allows low-privileged attackers to execute arbitrary code.

Trend Micro’s Zero Day Initiative initially reported the issue, and active exploits underscore the urgent need for organizations to update their Oracle Agile PLM systems immediately.

Ransomware Surge in Manufacturing and Industrial Sectors
A new Dragos report reveals a staggering 87% surge in ransomware incidents targeting manufacturing, oil and gas, and other industrial verticals over the previous year. Nearly 1,700 successful ransomware breaches resulted in a quarter of impacted sites halting operations entirely, with 75% reporting operational disruptions.

Dragos CEO Robert Lee emphasized that these numbers are likely conservative, given underreporting and undisclosed incidents. Meanwhile, a second study from Claroty highlights that 40% of organizations have at least one OT asset directly exposed to the Internet, many with known exploitable vulnerabilities, further illustrating the urgent need for robust network segmentation and patch management.

Massive Botnet Launches Password Spray Attacks on Microsoft 365
Security Scorecard warns of a botnet comprising over 130,000 compromised devices launching widespread password spraying against Microsoft 365 accounts. By targeting basic authentication mechanisms, attackers seek to circumvent MFA.

The botnet’s attack traffic originates from a global array of compromised hosts, spanning South America, Asia, and parts of the U.S. Security experts advise implementing strict password policies, continuous monitoring, and restricting IP access to mitigate these threats.

OpenAI Discloses Shutdown of Adversarial AI Abuse
OpenAI published a “Peer Review” report detailing actions taken to shut down misuse of ChatGPT by foreign adversaries. One such scheme involved Chinese operators using ChatGPT to edit and debug code for social media surveillance tools designed to monitor political discussions on platforms like Facebook, X, and Telegram.

Additionally, OpenAI shuttered accounts linked to Iranian hackers researching ICS attacks, as well as North Korean operators. The company stated these malicious projects were not fundamentally powered by its API but stressed the risk remains if generative AI tools are abused for coding and promotional propaganda.

U.S. Cyber Command 2.0 Timeline Accelerated
Secretary of Defense Pete Hexeth announced that plans to revamp U.S. Cyber Command—known as “Cyber Command 2.0”—must be finalized by March 22, effectively halving the original 180-day timeline. The new directive calls for a more assertive stance in cyberspace and underscores the administration’s intent to adapt quickly to emerging global threats.

Observers note this effort aligns with more confrontational U.S. cybersecurity policies aimed at countering state-sponsored attacks and large-scale cybercrime.

Bullet Point Action List

• Implement Rigorous MFA Everywhere: Limit exposure and credential compromises by securing all accounts, devices, and environments with robust authentication measures.

• Patch Critical Vulnerabilities Immediately: Prioritize Oracle Agile PLM systems and any known exploited vulnerabilities impacting your software stack.

• Segment OT from IT: Reduce operational disruption risk in critical infrastructure by isolating operational technology and applying strict network segmentation.

• Monitor for Password Spray Indicators: Stay vigilant for anomalous login attempts and geo-located traffic spikes, deploying IP-based blocking when necessary.

• Regularly Inventory SaaS Applications: Tools like Nudge Security help uncover shadow IT, ensuring you can manage identities and secure data.

• Stay Informed on Global Regulatory Shifts: Rapid policy changes, such as Cyber Command 2.0 in the U.S., can reshape defense strategies and collaboration efforts.

✅ Story Links:

https://www.securityweek.com/1-5-billion-bybit-heist-linked-to-north-korean-hackers/

https://www.bleepingcomputer.com/news/security/orange-group-confirms-breach-after-hacker-leaks-company-documents/

https://www.darkreading.com/cyber-risk/thailand-cyber-sweatshops-free-captives

https://www.bleepingcomputer.com/news/security/russia-warns-financial-sector-of-major-it-service-provider-hack/

https://www.securityweek.com/cisa-warns-of-attacks-exploiting-oracle-agile-plm-vulnerability/

https://www.darkreading.com/cyber-risk/industrial-system-cyberattacks-surge-ot-vulnerable

https://www.bleepingcomputer.com/news/security/botnet-targets-basic-auth-in-microsoft-365-password-spray-attacks/

https://www.securityweek.com/openai-bans-chatgpt-accounts-used-by-chinese-group-for-spy-tools/

https://therecord.media/hegseth-cyber-command-2-0-review-authorities-wish-list

🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1

🚨 Important Links to Follow:

👉Website:

CISO Talk by James Azar

The latest news and topics from a cybersecurity practitioners discussing Cybersecurity, Privacy, Technology & Geo-Politics. I am a two times Founder and Chief Information Security Officer. All opinions are my own

👉Listen here: https://linktr.ee/cyberhubpodcast

✅ Stay Connected With Us.

👉Facebook: https://www.facebook.com/CyberHubpodcast/

👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/

👉Twitter (X): https://twitter.com/cyberhubpodcast

👉Instagram: https://www.instagram.com/cyberhubpodcast

🤝 For Business Inquiries: info@cyberhubpodcast.com

=============================

🚀 About The CyberHub Podcast.

The Hub of the Infosec Community.

Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.

Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.