Good morning, security gang,

Happy Monday and welcome to June! James Azar opens the week reflecting on the dramatic drone strikes Ukraine launched deep into Russian territory—taking out nearly a third of Russia’s long-range bomber fleet.

This decisive move was likely preceded by covert cyber operations that enabled the success of these drone deliveries, aligning cyber warfare as the silent first strike before kinetic attacks. James underscores that this isn't just a military story—it’s cybersecurity at its highest level.

CyberHub Podcast Summary – Monday, June 2, 2025

Let’s jump into today’s packed episode covering state-sponsored breaches, phishing campaigns, insider threats, and critical regulatory developments across the globe.

🇷🇺 Ukraine's Cyber-Enabled Drone Strike Shakes Russia

Ukraine executed drone strikes over 2,700 miles into Russia, crippling a third of its long-range bombers. These attacks weren't just military feats—they were made possible through complex cyber espionage that allowed Ukraine to place and launch drones undetected. Drawing parallels to past Mossad operations, James explains that strategic cyber ops can set the stage for decisive physical strikes in modern warfare.

🔐 ConnectWise Breach: Cloud-Based ScreenConnect Under Fire

ConnectWise confirmed a suspected nation-state attack on its ScreenConnect platform, affecting cloud-hosted environments. A Reddit post and BleepingComputer reports tied the breach to CVE-2025-39035—an ASP.NET view state vulnerability patched in April. The exploit allowed remote code execution through stolen machine keys. ConnectWise hasn’t shared much detail, prompting criticism about transparency and preparedness for a tool widely used in MSP and IT management.

🇦🇺 Australia’s New Ransomware Reporting Law

Australia now requires ransomware victims to report payments within 72 hours to the Australian Signals Directorate. Originally applicable to entities earning over AU$3M (~US$1.9M), the updated law will include more organizations. Failure to report could result in 60 penalty units. With only 1 in 5 ransomware incidents previously reported, this move seeks to improve threat visibility—though its efficacy and burden on business remain debated.

🚫 AVcheck Takedown Strikes Blow to Malware Developers

Dutch authorities, with global support, dismantled AVcheck, one of the largest counter-antivirus platforms used by criminals to test and refine malware before real-world deployment. Operation Endgame seized servers and databases, identifying email addresses linked to known ransomware gangs. Though the tool will likely be replaced, this takedown is a rare victory in halting malware before it launches.

🏥 Cyberattack Hits Catholic Hospitals in Maine and New Hampshire

Covenant Health confirmed a cyberattack disrupted data access at three hospitals, including St. Joseph and St. Mary’s. While IT systems remain offline, clinical care continues. James likens this to OT networks in energy—where operations can persist despite data loss, though outcomes may be hindered by lack of historical information. Surgeries and emergency treatments remain functional, while electives are delayed.

🎯 Sophisticated Phishing Targets CFOs with Legitimate Tools

A new spear phishing campaign impersonates Rothschild recruiters to target CFOs using NetBird, a legit remote access tool. Victims receive phishing emails that redirect to Firebase-hosted pages using encrypted captchas, ultimately delivering remote access payloads. Attackers bypass defenses by leveraging legitimate RMM platforms like ConnectWise, LogMeIn, and SplashTop—showing how threat actors are evolving well beyond basic email lures.

🕵️ Suzy Wiles Impersonation Attack Raises Alarm

A wave of texts and calls to high-level U.S. officials and executives, allegedly impersonating Trump’s Chief of Staff Suzy Wiles, has triggered investigations by the FBI and Secret Service. The impersonator used contacts from Wiles’ phone and possibly an AI voice clone. This follows telecom attacks on the Trump campaign and raises concerns about deepfake impersonation and unauthorized access to elite communication circles.

🧑‍💻 Insider Threat: DIA Employee Arrested for Espionage

Nathan Viles Latch, a civilian IT specialist in the Defense Intelligence Agency’s Insider Threat Division, was arrested for trying to sell classified info to a foreign power. Disagreeing with the Trump administration, he offered documents and intelligence products, exfiltrated data using a thumb drive, and requested foreign citizenship. The case highlights growing internal threats even within elite intelligence circles.

💔 Romance Scams Powered by Chinese-Run Philippine Firm

The U.S. Treasury sanctioned Funnel Technology, a Philippine firm led by Chinese national Leo Lizzie, for enabling hundreds of romance scam websites. Victims were lured into fake investments by trafficked workers using AI-generated domain names and spoofed platforms. Funnel’s removal from the global banking system disrupts a major pipeline of scam infrastructure.

🧠 TrickBot’s Founder Exposed: Vitaliy Kovalev Named as Leader

German authorities identified Vitaliy Kovalev, a Russian national, as the founder and leader of the TrickBot gang. TrickBot was central to global ransomware campaigns and worked alongside Conti, BazarLoader, and other malware families. Kovalev operated under aliases “Stern” and “Ben” and led a group exceeding 100 members, responsible for malware infections and data theft worldwide.

✅ Action List for Cybersecurity Leaders

• 🔒 Review your RMM and RDP tools for unpatched vulnerabilities (e.g., ScreenConnect CVE-2025-39035).

• 📝 Build internal response policies that comply with evolving ransomware disclosure laws (Australia’s model may expand globally).

• 🛑 Educate executives and admins to detect phishing using CAPTCHAs and familiar brands.

• 🧰 Limit third-party remote tool usage and monitor legitimate tool behavior in your environment.

• 🌐 Audit vendor and cloud platform access, particularly for healthcare, finance, and critical infrastructure.

• 🧠 Train for insider threat detection, even within secure divisions—monitor for data exfiltration or intent to leak.

• 👥 Prepare for impersonation and AI voice threat scenarios—especially in high-profile environments.

• 📜 Use AVcheck takedown momentum to advocate for early-stage malware testing detection policies.

• 🌍 Stay informed on geopolitically driven espionage (Ukraine/Russia, China/Philippines, Iran/US) and its implications for cyber defense planning.

As cyber warfare increasingly intersects with kinetic attacks, phishing evolves with AI, and insider threats breach even elite agencies, the stakes in cybersecurity have never been higher.

Catch James tomorrow at 9 a.m. Eastern for another episode, followed by a special 11 a.m. interview with cybersecurity legend Roger Grimes on how to “Fix the Internet.” Don’t miss it.

Until then, stay alert, stay engaged, and most importantly—stay cyber safe.

✅ Story Links:

https://www.bleepingcomputer.com/news/security/connectwise-breached-in-cyberattack-linked-to-nation-state-hackers/

https://therecord.media/australia-ransomware-victims-must-report-payments

https://www.securityweek.com/authorities-take-down-counter-antivirus-service-avcheck/

https://therecord.media/maine-new-hampshire-cyberattacks-hospital

https://thehackernews.com/2025/06/fake-recruiter-emails-target-cfos-using.html

https://www.securityweek.com/us-government-is-investigating-messages-impersonating-trumps-chief-of-staff-susie-wiles/

https://therecord.media/defense-intelligence-agency-it-specialist-suspected-leak-foreign-government

https://www.bankinfosecurity.com/us-sanctions-romance-bait-scam-digital-infrastructure-host-a-28563

https://www.securityweek.com/alleged-conti-trickbot-gang-leader-unmasked/

🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1

🚨 Important Links to Follow:

👉Website:

CISO Talk by James Azar

The latest news and topics from a cybersecurity practitioners discussing Cybersecurity, Privacy, Technology & Geo-Politics. I am a two times Founder and Chief Information Security Officer. All opinions are my own

👉Listen here: https://linktr.ee/cyberhubpodcast

✅ Stay Connected With Us.

👉Facebook: https://www.facebook.com/CyberHubpodcast/

👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/

👉Twitter (X): https://twitter.com/cyberhubpodcast

👉Instagram: https://www.instagram.com/cyberhubpodcast

🤝 For Business Inquiries: info@cyberhubpodcast.com

=============================

🚀 About The CyberHub Podcast.

The Hub of the Infosec Community.

Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.

Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.