CISO Talk by James Azar
CyberHub Podcast
FBI Deletes Chinese Malware from US Devices, Microsoft Patch Tuesday, Fortinet Zeroday, North Korean Crypto Heists
0:00
Current time: 0:00 / Total time: -21:53
-21:53

FBI Deletes Chinese Malware from US Devices, Microsoft Patch Tuesday, Fortinet Zeroday, North Korean Crypto Heists

FBI Takes Down Chinese Malware, Microsoft Patches 159 Flaws, and North Korean Hackers Steal $660M: Today’s Top Cybersecurity News

Happy Wednesday and good morning, everyone! Welcome to another episode of the CyberHub Podcast. I’m coming to you from beautiful Miami, Florida, where the January weather is just perfect.

Today’s packed episode dives deep into critical cybersecurity stories, from the FBI's recent crackdown on Chinese malware to fresh Patch Tuesday updates and escalating tensions between countries like Russia, China, and Poland. Let's grab our coffee and dive in.

The FBI Deletes Chinese PlugX Malware from Over 4,200 Computers

The U.S. Department of Justice has announced a major cybersecurity operation. The FBI has successfully deleted PlugX malware, controlled by the Chinese state-sponsored group Mustang Panda (or Twill Typhoon), from over 4,200 computers across the U.S.

The PlugX malware is a highly persistent threat with wormable components, allowing it to spread through USB flash drives. According to court documents, Mustang Panda targeted various organizations, including European shipping companies, several European governments, and Chinese dissident groups in the Indo-Pacific region. The malware remained hidden in infected machines, making it difficult for victims to detect.

The FBI obtained a court warrant to delete the malware remotely. By January 3rd, the FBI had executed a command to remove PlugX files and associated registry keys from infected systems. This operation highlights the ongoing threat of Chinese cyber operations and their targeting of geopolitical rivals.

Key Takeaway: Cybersecurity practitioners must assess whether their organizations could be targeted by state-sponsored actors and adjust their security strategies accordingly.

Patch Tuesday: Microsoft Patches 159 Flaws, Including 8 Zero-Days

Microsoft's January Patch Tuesday update addressed 159 vulnerabilities, including eight critical zero-day flaws. Here’s a quick breakdown:

  • Three Actively Exploited Zero-Days:

    • CVE-2025-21333

    • CVE-2025-21334

    • CVE-2025-21335

These zero-days affect Windows Hyper-V NT Kernel integration and privilege elevation vulnerabilities. Information on how these flaws are being exploited remains scarce, but they were anonymously disclosed. Microsoft also patched other publicly disclosed vulnerabilities, including:

  • Windows App Package Installer Elevation of Privilege (CVE-2025-21275)

  • Windows Theme Spoofing Vulnerability (CVE-2025-21308)

Other companies such as Adobe, Fortinet, NVIDIA, Zoom, and Zyxel also released critical patches addressing multiple vulnerabilities in their products. Fortinet confirmed a zero-day vulnerability in its FortiProxy and FortiOS systems.

Key Action: Ensure your systems are updated with the latest patches to mitigate the risk of exploitation.

Fortinet Zero-Day Vulnerability Warning

Fortinet has released a security advisory about a zero-day vulnerability affecting FortiGate firewalls. The vulnerability, which impacts the management interface exposed on the internet, was highlighted by Arctic Wolf. The advisory includes patch instructions for FortiOS and FortiProxy systems.

Key Action: Organizations using Fortinet products must patch immediately to prevent exploitation.

Other Patch Updates: NVIDIA, Zoom, Zyxel, and Ivanti

  • NVIDIA: Addressed high-severity vulnerabilities in its Container Toolkit and GPU operator for Linux.

  • Zoom: Patched a high-severity type confusion issue in its Workplace App for Linux.

  • Zyxel: Fixed privilege management flaws in 23 access points and router models.

  • Ivanti: Released critical updates for its Avalanche application and Endpoint Manager. The company’s poor security record has drawn significant criticism from the cybersecurity community.

Key Action: Ensure patches from these vendors are applied promptly.

North Korean Hackers Steal Over $660 Million in Cryptocurrency

North Korean state-sponsored hackers have allegedly stolen over $660 million in cryptocurrency during 2024. The U.S., Japan, and South Korea issued warnings to the blockchain industry about North Korea's cyber operations, particularly from groups like the Lazarus Group.

These groups have targeted several cryptocurrency platforms:

  • DMM: $308 million stolen

  • Upbit: $50 million stolen

  • Rain Management: $16 million stolen

  • WazirX: $235 million stolen

  • Radiant Capital: $50 million stolen

North Korea uses these stolen funds to finance its regime. The crypto industry remains a prime target due to its relatively lax security controls and the ease of laundering funds through China and Russia.

Key Takeaway: Blockchain platforms must enhance security measures to protect against these persistent threats.

Leave a comment

China’s Aggressive Cyber Operations Against Taiwan

Chinese cyberattacks on Taiwanese organizations have surged significantly in 2024. On average, Taiwan experiences more than 2.4 million attack attempts per day, double the figure from 2023.

Chinese hackers target government agencies, telecom firms, and transportation sectors using phishing emails and zero-day exploits. The goal is to destabilize Taiwan and gather sensitive information.

Key Takeaway: Chinese cyber operations are a critical threat to global stability, particularly in the areas of corporate and industrial espionage.

Russia Targets Poland Amid Escalating Tensions

With the Polish presidential election approaching, tensions between Russia and Poland are rising. Poland has a historical distrust of Russia, especially after decades of occupation during the Soviet era. Recent cyber espionage campaigns linked to Russia and Belarus have aimed to paralyze Polish infrastructure and sow discord among the population.

Polish security services have dismantled several Russian-linked cyber espionage groups. These groups aim to influence public opinion and destabilize the country’s political landscape.

Key Takeaway: Organizations operating in Poland must remain vigilant against cyber threats from Russia and its allies.

Ashford Settles SEC Charges Over Misleading Cyberattack Disclosures

Ashford has agreed to settle SEC charges for misleading disclosures about a cyberattack that affected 46,000 individuals in 2023. The company paid a fine of $115,000.

The SEC’s cyber disclosure rules require companies to report breaches within four days. However, the current reporting framework has drawn criticism for imposing significant burdens on companies during critical incident response periods.

Key Takeaway: Organizations must be prepared to meet regulatory requirements for breach disclosure.

ICS and SCADA Patch Tuesday Updates

Schneider Electric, Siemens, and Phoenix Contact released security advisories for their ICS and SCADA systems. These vulnerabilities typically require physical access to exploit, but they remain a concern for critical infrastructure operators.

Key Action: Critical infrastructure organizations must prioritize security updates and physical security controls to mitigate risks.

Action List for Cybersecurity Practitioners

  1. Patch Systems Immediately: Ensure all critical patches from Microsoft, Fortinet, NVIDIA, Zoom, and Zyxel are applied.

  2. Assess Vulnerability to State-Sponsored Threats: Evaluate your organization’s risk exposure to Chinese, Russian, and North Korean cyber operations.

  3. Secure Cryptocurrency Assets: Blockchain platforms must implement enhanced security measures to prevent theft.

  4. Monitor ICS and SCADA Systems: Ensure physical security controls are in place and apply relevant patches.

  5. Prepare for Regulatory Requirements: Review your incident response and breach disclosure procedures to comply with SEC rules.

Thanks for reading CISO Talk by James Azar! This post is public so feel free to share it.

Share

✅ Story Links:

https://www.bleepingcomputer.com/news/security/fbi-deletes-chinese-plugx-malware-from-thousands-of-us-computers/

https://www.bleepingcomputer.com/news/microsoft/microsoft-january-2025-patch-tuesday-fixes-8-zero-days-159-flaws/

https://www.securityweek.com/fortinet-confirms-new-zero-day-exploitation/

https://www.securityweek.com/nvidia-zoom-zyxel-patch-high-severity-vulnerabilities/

https://www.securityweek.com/ivanti-patches-critical-vulnerabilities-in-endpoint-manager-2/

https://www.securityweek.com/ics-patch-tuesday-security-advisories-published-by-schneider-siemens-phoenix-contact-cisa/

https://www.wsj.com/articles/asset-manager-ashford-settles-sec-allegations-it-failed-to-disclose-extent-of-hack-dafec329?mod=cybersecurity_news_article_pos1

https://www.securityweek.com/us-japan-south-korea-blame-north-korean-hackers-for-660m-crypto-heists/

https://www.darkreading.com/cyber-risk/as-tensions-with-china-mount-taiwan-sees-surge-in-cyberattacks

https://therecord.media/poland-uncovers-russia-linked-disinformation-campaign-presidential-election

🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1

🚨 Important Links to Follow:

👉Website:

👉Listen here: https://linktr.ee/cyberhubpodcast

Stay Connected With Us.

👉Facebook: https://www.facebook.com/CyberHubpodcast/

👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/

👉Twitter (X): https://twitter.com/cyberhubpodcast

👉Instagram: https://www.instagram.com/cyberhubpodcast

🤝 For Business Inquiries: info@cyberhubpodcast.com

=============================

🚀 About The CyberHub Podcast.

The Hub of the Infosec Community.

Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.

Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.

Discussion about this podcast