Good Morning Security Gang!
Welcome back to another explosive Tuesday episode of the Cyber Hub podcast, broadcasting live from the bunker on July 1st, 2025! I'm your host and CISO James Azar, back with my signature double espresso served in a clear mug today so you can see the beauty of what an espresso looks like. I'm counting down the days to my absolute favorite day of the year - the Fourth of July - and I promise you Thursday's special Fourth of July cyber episode is going to be epic, absolutely epic!
Today I'm covering a massive DOJ operation that raided 29 North Korean laptop farms across 16 states, the Swiss government getting hacked through a supply chain attack, and Spanish authorities busting a $540 million cryptocurrency scam that defrauded over 5,000 victims. From fresh Iranian threats targeting critical infrastructure to critical vulnerabilities in industrial control systems, I'm delivering the essential threat intelligence you security professionals need to protect your organizations.
Featured Stories
DOJ Raids 29 North Korean Laptop Farms Across 16 States
The Department of Justice announced yesterday a coordinated action involving three indictments, one arrest, and the seizure of 29 financial accounts in shutting down 21 websites alongside massive laptop farm raids. FBI officials said the farms allowed an undisclosed number of North Koreans to illegally work at more than 100 U.S. companies by hosting work devices sent by legitimate companies who unwittingly hired North Koreans, allowing the employees to appear as if they were working from the U.S. Investigators have been working for years to stop this scheme, and it's something that's top of mind for a lot of practitioners for very good reasons.
The FBI conducted searches at eight locations back in October 2024 across three states, discovering more than 70 laptops and remote access devices. They followed up with more searches in June across 14 states, with FBI offices in Colorado, Missouri, and Texas involved in the scheme, seizing 137 laptops total. The North Koreans were helped by multiple people including those here in the United States, in China, the UAE, and Taiwan. In at least one case, an IT worker gained access to sensitive employer data and source code, including ITAR data, after being hired by a California-based defense contractor developing AI-powered equipment.
Some U.S. residents created front companies and fake websites to bolster North Korean IT workers' credentials while housing laptops for remote access. The Justice Department outlined one situation where workers used fake identities to get hired at an Atlanta-based blockchain research company before stealing around $740,000 worth of cryptocurrency.
China Exploits Open Source Chip Technology to Bypass Western Restrictions
Retired Admiral Mark Montgomery, a senior fellow at the Foundation for Defense of Democracy who led the Cyberspace Solarium Commission - an unbelievable patriot who's got his eyes on the prize - wrote an article yesterday about the threat of China and what Congress must do to close loopholes that allow China to take advantage of U.S. technologies. Beijing is planning to expand the use of open source chip technology like RISC-V to wean off its reliance on the West and spur development of advanced chips in China.
"All the noise happening with Israel-Iran and Russia-Ukraine - I'm not saying innocent people aren't dying or that war is okay, but all of those things are noise. What the Trump administration has to focus on is curtailing China and doing what Israel did to Iran, to China - not militarily, but espionage-wise." - James Azar on strategic priorities for U.S. cybersecurity policy
Chinese companies are using open source software derived in the West to design their own processors for AI, cloud computing, and even military applications without violating current U.S. export restrictions. Chinese tech giants like Alibaba, Tencent, and Huawei have invested heavily in research and development, looking to exploit this backdoor access to Western open source technology. Chinese government-backed initiatives are pouring billions into this effort, making it a national priority.
Montgomery says this shouldn't have been a surprise since experts have been warning for years, but Congress moves slow and China moves fast when it comes to this stuff. All the noise happening with Israel-Iran and Russia-Ukraine - I'm not saying innocent people aren't dying or that war is okay, but all of those things are noise. What the Trump administration has to focus on is curtailing China and doing what Israel did to Iran, to China - not militarily, but espionage-wise, the threat of going so deep into China to exploit and shake the foundation of the Communist Chinese Party.
Fresh Iranian Threats Target U.S. Critical Infrastructure
Several U.S. government agencies on Monday issued fresh warnings over Iranian threat actors targeting critical infrastructure, as researchers cautioned that many of the Iranian attackers' preferred targets remain exposed to the internet. This comes on the heels of the bombing of nuclear facilities by our brave U.S. military forces and those B-2 bombers - what a marvel of engineering.
The Iranians, obviously being taken down to the mat by Israel and the U.S. at this point, still have the keyboard while on the mat to continue attacking resources within the U.S. I don't see them doing major disruption - a lot of the stuff we talked about early on was defacing like "we won" - you won what? You won nothing. If survival is winning, then I pity your culture, but that's not the rich Persian culture I know that made Iran a great nation before this Islamic revolution.
The new fact sheet from CISA, FBI, NSA, and the Department of Defense Cyber Crime Center warns of attacks targeting U.S. networks and entities, particularly those with relationships to Israeli research and defense firms. The document reminds organizations of threats posed by attackers to ICS and OT systems, with groups posing as hacktivists calling themselves Cyber Avengers known to target Unitronics Vision PLCs at water facilities. Do not give them an easy win - harden your environment. If you're in the water system and don't have resources, CISA and FBI have resources for you.
Johnson Controls Breach Notifications Begin Rolling Out
Johnson Controls is starting to notify individuals whose data was stolen in the September data breach they experienced. Johnson Controls, a multinational conglomerate developing and manufacturing ICS systems, security equipment, HVAC systems, and fire safety equipment for buildings, employs over 100,000 people in over 150 countries with annual revenue around $27.4 billion.
The company was hit by a ransomware attack in September 2023 following a breach of Asian offices in February 2023 and subsequent lateral movement through their network. I talked about this extensively on the show back in 2023. Dark Angels, the ransomware operation behind the breach, surfaced in May 2022 when it began targeting organizations in double extortion attacks. We don't know the full extent yet of how many people were compromised, but once we get that information, I'll share it with all y'all.
Swiss Government Hacked Through Supply Chain Attack
The government in Switzerland is reporting that sensitive information from various federal offices has been impacted by a ransomware attack at third-party organization Radix. The attackers stole data from Radix Systems and later leaked it on the dark web, according to the Swiss government. The exposed data is being analyzed with help from the country's National Cyber Security Center to determine which government agencies are impacted and to what effect.
The Qakbot ransomware attack targeted Radix, a Zurich-based non-profit dedicated to health promotion that operates eight competency centers carrying out projects and services commissioned by the Swiss federal government. Supply chain remains our weak, weak underbelly, and more information will become available as the analysis continues.
International Criminal Court Hit by Sophisticated Attack
The International Criminal Court has been targeted by a new sophisticated attack - maybe one that'll straighten out its conscience a little bit. The ICC on Monday announced it detected a sophisticated and targeted cybersecurity incident that it spotted last week. It credited its alert and response mechanisms for swiftly discovering, confirming, and containing the attack. They didn't comment on motives or whether any information from prosecutions had been compromised.
The court headquartered in The Hague is currently carrying out an impact analysis and taking steps to mitigate effects, though these potential effects weren't described. The ICC was created in 2002 through an international treaty, and the court is worthless. Once we have more on the attack, I'll share it, other than the court is absolutely worthless, which it is.
Spanish Authorities Bust $540M Cryptocurrency Scam
Spanish authorities arrested five individuals in Madrid and the Canary Islands suspected of laundering nearly $540 million from illegal cryptocurrency investment schemes and defrauding more than 5,000 victims. The law enforcement operation was supported by Europol with investigators from Estonia, France, and U.S. Homeland Security Investigations. The investigation into the fraud ring started in 2023, and on the day of arrest, a cryptocurrency expert was deployed in Spain to ensure stolen amounts could be retrieved and traced.
Police believe they understand how the syndicate's modus operandi works, involving routing money through obfuscated channels in Asia. Investigators suspect the criminal organizations set up a corporate and banking network based in Hong Kong, allegedly using payment gateways and user accounts in different people's names across different exchanges to receive, store, and transfer criminal funds. Europol made special mention of AI and the proliferation of investment scams becoming way more sophisticated.
The FTC recently reported that Americans lost $12.5 billion to online fraud in 2024 - a record figure and unsustainable.
Critical Vulnerabilities in German ICS Company Microsens
Critical vulnerabilities are affecting products made by Germany-based Microsens that can be exploited by attackers to conduct remote attacks against organizations. Microsens provides a wide range of connectivity and automation solutions for ICS organizations and enterprises, including switches, converters, building controls, and transceivers. The company's NMP Web Plus product enables users to control, monitor, and configure industrial switches and other network equipment.
The advisory published by CISA last week informed organizations the product is affected by two critical vulnerabilities. One can be exploited by an unauthenticated attacker to generate a forged JSON web token and bypass authentication (CVE-2025-49151), and another allows overwriting files and executing arbitrary code (CVE-2025-49153). Both are related and chained together, they make for a really, really bad day. You want to make sure you get that addressed immediately.
Chrome Patches Zero-Day Exploit in the Wild
Chrome announced a new update solving a zero-day vulnerability (CVE-2025-65465) which is a type confusion issue in the open source V8 JavaScript and WebAssembly engine. While a strain of memory safety bugs, type confusion issues can be exploited to trigger unexpected software behavior. Google is aware that exploits exist in the wild for this vulnerability, so immediate patching is critical for all Chrome deployments.
Cloudflare Reverses AI Crawling Policy
Cloudflare has reversed its block on AI crawling from optional to default, allowing finer-grain crawling but only with agreement from all parties concerned. Cloudflare is now introducing an option for their customers to accept or reject website scraping by AI vendors. That's a good win for all of us there, as you can limit how these LLMs scrape your site, which is really, really important for protecting intellectual property and controlling data usage.
James Azar's CISO Take
My analysis today focused heavily on what I see as the most critical strategic threat facing the United States - China's systematic exploitation of our own open source technologies to build military and AI capabilities that threaten our national security. Admiral Montgomery's piece really hit home for me because it illustrates perfectly how China moves fast while Congress moves slow. The North Korean laptop farm raids show another dimension of this threat - how adversaries are literally embedding themselves inside our companies, stealing our intellectual property, and funding their weapons programs with our own money. When I see an Atlanta blockchain company losing $740,000 in cryptocurrency to North Korean workers they unknowingly hired, or a defense contractor giving ITAR-controlled data access to North Korean operatives, it shows how the human element remains our weakest link. This is exactly why I emphasize training HR and qualifying the people we hire - it's so critical, so critical.
What really frustrates me is how we're getting distracted by regional conflicts when the existential threat is China's systematic undermining of our technological superiority. Yes, Iranian threats targeting our water systems and critical infrastructure matter, and we need to harden those environments - if you're in water systems and need resources, reach out to CISA or contact me directly on LinkedIn. But the real fight is against China's patient, methodical approach to stealing our innovations and using them against us. The supply chain attacks like we saw with the Swiss government through Radix show how vulnerable we remain to these sophisticated operations. Meanwhile, we're seeing record-breaking fraud schemes like the $540 million crypto scam that hit over 5,000 victims, showing how AI is making these attacks more sophisticated and harder to detect. The critical vulnerabilities in industrial control systems from companies like Microsens remind me that while we focus on these strategic threats, we can't ignore the immediate operational security challenges that could give adversaries easy wins against our critical infrastructure.
Action Items for Security Teams
Chrome zero-day patching: Immediately deploy Chrome updates to address CVE-2025-65465 - active exploitation confirmed
North Korean IT worker screening: Review all contractor and employee verification processes, particularly for remote workers
Microsens ICS patching: Address CVE-2025-49151 and CVE-2025-49153 in all NMP Web Plus deployments immediately
Iranian threat monitoring: Implement enhanced monitoring for Unitronics Vision PLCs and water system infrastructure
Supply chain risk assessment: Evaluate all third-party vendors for potential compromise vectors like the Swiss Radix incident
Cryptocurrency fraud awareness: Brief finance teams on AI-powered investment scam techniques and red flags
HR security training: Update human resources teams on social engineering tactics used by nation-state actors
Open source technology audit: Review all open source components for potential Chinese exploitation vectors
Critical infrastructure hardening: Ensure ICS/OT systems are properly segmented and monitored for Iranian Cyber Avengers TTPs
Identity verification enhancement: Implement stronger identity verification processes for all remote workers and contractors
Johnson Controls breach monitoring: Check for data exposure if your organization uses Johnson Controls products or services
Cloudflare AI crawling settings: Review and configure AI crawling preferences based on organizational data protection requirements
Emergency contact establishment: Establish direct contacts with local CISA representatives for critical infrastructure incidents
Cryptocurrency security controls: Implement enhanced controls around cryptocurrency transactions and blockchain-based systems
✅ Story Links:
https://therecord.media/doj-raids-laptop-farms-crackdown
https://www.fdd.org/analysis/2025/06/30/an-urgent-call-to-close-the-loopholes-on-chips-and-china/
https://therecord.media/international-criminal-court-cyberattack-2025
https://www.securityweek.com/cloudflare-puts-a-default-block-on-ai-web-scraping/
https://www.securityweek.com/critical-microsens-product-flaws-allow-hackers-to-go-from-zero-to-hero/
https://www.securityweek.com/chrome-138-update-patches-zero-day-vulnerability/
🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1
🚨 Important Links to Follow:
👉Website:
👉Listen here: https://linktr.ee/cyberhubpodcast
✅ Stay Connected With Us.
👉Facebook: https://www.facebook.com/CyberHubpodcast/
👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/
👉Twitter (X): https://twitter.com/cyberhubpodcast
👉Instagram: https://www.instagram.com/cyberhubpodcast
🤝 For Business Inquiries: info@cyberhubpodcast.com
=============================
🚀 About The CyberHub Podcast.
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.
Share this post