In the Monday, February 24, 2025, edition of the CyberHub Podcast, the host delivers a sweeping overview of pressing cybersecurity developments. From a staggering multi-billion-dollar cryptocurrency theft to Apple’s controversial compromise with UK regulators, and from sophisticated Chinese cyber-espionage to the temporary disappearance of a notorious ransomware group, the show highlights how rapidly evolving digital threats impact organizations and individuals worldwide.
The host also briefly touches on a personal note about a deeply tragic event involving the Bibas family, underscoring how real-world crises can momentarily eclipse cyber news. Below is a detailed rundown of each major story covered.
Bybit’s $1.5 Billion Crypto Heist
A major highlight of the episode is the massive cyberattack on cryptocurrency exchange Bybit, resulting in the theft of approximately $1.5 billion in digital assets. Attackers allegedly exploited a sophisticated flaw in the smart contract interface, enabling them to gain control over Bybit’s Ethereum cold wallet and transfer roughly 400,000 ETH to an unidentified address.
Despite a spike in withdrawal requests, Bybit’s CEO, Ben Zhao, reassured customers that the platform maintains one-to-one backing of user assets and remains solvent, even if the stolen funds are never recovered. Bybit has over 60 million users and claims more than $36 billion in daily trading volume. This incident reinforces the lingering concern over crypto exchanges that lack robust, dedicated security teams.
Apple “Bends the Knee” to UK Demands
Apple’s decision to comply with a secret UK government order drew the host’s criticism in this segment. The UK demanded that Apple create a backdoor providing government access to globally encrypted user data. Rather than withdrawing from the UK market or legally challenging the demand, Apple chose to disable certain advanced data protection features in the UK.
Privacy advocates argue that this sets a troubling precedent, sparking debate over whether governments should have unfettered access to personal devices. The host expresses disappointment in Apple for not mounting a public legal battle, citing concerns that it compromises user privacy worldwide.
Salt Typhoon’s Exploit of Outdated Cisco Vulnerabilities
Cisco’s Threat Intelligence unit revealed new details on Salt Typhoon, a threat actor linked to China, which targeted U.S. telecom companies using living-off-the-land techniques and old, unpatched vulnerabilities. In at least one breach, attackers leveraged the remote code execution flaw CVE-2018-0171 in Cisco’s Smart Install feature—patched back in 2018 but still exploitable on legacy systems.
Once inside, Salt Typhoon stole login credentials, pivoted laterally between compromised systems, and exfiltrated sensitive data. Researchers note that this attacker is proficient in repurposing valid credentials and leveraging trust relationships between telecom networks, demonstrating the importance of regular patching and credential hygiene.
China Attributes University Cyberattack to the NSA
Breaking its usual silence, the Chinese government is publicly blaming the U.S. National Security Agency (NSA) for an attack on the Northwestern Polytechnical University. According to official Chinese sources, the NSA used at least 41 malware strains to infiltrate university systems for intelligence-gathering purposes, allegedly on aerospace and defense research.
Researchers found evidence that the tools and tactics align with Equation Group, historically linked to the NSA. Clues included attacks not occurring on U.S. national holidays and the use of American English keyboard settings. While such accusations are not unusual, public attribution by China signals a growing readiness to push back against alleged U.S. cyber-espionage.
Black Basta Ransomware Group Goes Dark
The Russian-speaking Black Basta ransomware operation, which surged in the aftermath of the Conti group’s breakup in 2022, appears to have ceased activity. Cyber-intelligence firm Prodaft reports that Black Basta’s last recorded operation dates to December 2024.
Leaked chats suggest internal disputes and possibly friction with the group’s CACBOT affiliate. Some members objected to attacks on Russian institutions, leading to division within the ranks. While the group’s disappearance may be temporary, security experts caution that ransomware affiliates often reemerge under new names, employing the same tactics, techniques, and procedures.
North Korean Malware Targeting Freelance Developers
Over the past year, North Korean threat actors have systematically targeted freelancers and software developers by posing as legitimate recruiters. Under this guise, they persuade victims to download poisoned project files containing spyware and backdoors.
According to ESET, the campaign—dubbed “Deceptive Development”—employs “Beaver Trail” malware variants to exfiltrate sensitive information such as stored credentials from Google Chrome and Microsoft Edge. These tactics highlight the challenge of safeguarding individuals who are susceptible to job-related social engineering attempts.
Palo Alto PAN-OS Vulnerabilities Exploited in the Wild
Palo Alto Networks has confirmed a second exploited vulnerability in its PAN-OS firewall software. While multiple patches were issued on February 12, one of them—CVE-2024-90474—has already been leveraged by attackers for remote code execution.
Organizations that rely on Palo Alto firewalls must apply these patches immediately to mitigate the risks of unauthorized intrusion or advanced persistent threats leveraging this vulnerability.
“Data Embassies” for National Resilience
Smaller nations—like Estonia and Monaco—are establishing data embassies in partner countries, storing critical national data in extraterritorial facilities. The aim is to protect sovereign records from natural disasters, cyberattacks, or geopolitical threats.
Estonia’s notable partnership with Luxembourg allows it to maintain digital continuity, while Monaco has taken similar steps. Other governments, such as India, have initiated negotiations with countries like Singapore and the UAE to host “data embassies.” This is an emerging strategic approach to ensuring data sovereignty and security for vulnerable nations.
CrowdStrike’s CSO Shawn Henry Retires
Long-serving CrowdStrike executive and Chief Security Officer (CSO) Shawn Henry will retire from his current role at the end of next month. Henry was instrumental in developing CrowdStrike’s incident response and professional services practice. He will transition to an Executive Advisor position to the CEO, focusing on cybersecurity advocacy and resilience. His departure marks the end of a significant chapter for CrowdStrike, where Henry’s extensive experience spanned four decades in security.
Bullet Point Action List
Review and Harden Crypto Security Measures: Whether developing smart contracts or managing digital wallets, implement strict code audits and 24/7 monitoring.
Stay Current on Legislative Changes: Apple’s concession in the UK underscores the importance of following privacy regulations and government demands that may compromise encryption.
Prioritize Patch Management: The Salt Typhoon campaign highlights how unpatched, older vulnerabilities remain prime targets for sophisticated attackers.
Validate Credentials and Trust Relationships: Threat actors often leapfrog between networks or organizations using valid but stolen credentials—limit trust relationships.
Train Individuals on Social Engineering: North Korea’s job-offer ploys illustrate the need for enhanced awareness, especially among freelancers.
Back Up and Encrypt Critical Data: With ransomware groups rebranding or returning unexpectedly, strong backup and encryption strategies remain essential.
Monitor Vendor and Security Advisories: Keep abreast of major vendor patches, such as Palo Alto’s PAN-OS fixes, to rapidly address emerging exploits.
✅ Story Links:
https://www.securityweek.com/bybit-hack-drains-1-5-billion-from-cryptocurrency-exchange/
https://www.securityweek.com/cisco-details-salt-typhoon-network-hopping-credential-theft-tactics/
https://www.securityweek.com/how-china-pinned-university-cyberattacks-on-nsa-hackers/
https://www.darkreading.com/threat-intelligence/black-basta-goes-dark-infighting-chat-leaks
https://www.securityweek.com/freelance-software-developers-in-north-korean-malware-crosshairs/
https://www.securityweek.com/second-recently-patched-flaw-exploited-to-hack-palo-alto-firewalls/
https://www.darkreading.com/cyber-risk/nations-data-embassies-protect-critical-info
https://www.cybersecuritydive.com/news/crowdstrike-cso-shawn-henry-retire/740703/
🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1
🚨 Important Links to Follow:
👉Website:
👉Listen here: https://linktr.ee/cyberhubpodcast
✅ Stay Connected With Us.
👉Facebook: https://www.facebook.com/CyberHubpodcast/
👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/
👉Twitter (X): https://twitter.com/cyberhubpodcast
👉Instagram: https://www.instagram.com/cyberhubpodcast
🤝 For Business Inquiries: info@cyberhubpodcast.com
=============================
🚀 About The CyberHub Podcast.
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.
Share this post