Podcasts
CyberWire Daily
Ep 2334
The CyberWire Daily Podcast 6.23.25
Ep 2334 | 6.23.25

Iran’s digital retaliation looms.

Show Notes
Transcript

US warns of heightened risk of Iranian cyberattacks. Cyber warfare has become central to Israel and Iran’s strategies. Oxford City Council discloses data breach. Europe aiming for digital sovereignty. Michigan hospital network says data belonging to 740,000 was stolen by ransomware gang. RapperBot pivoting to attack DVRs. A picture worth a thousand wallets. New Zealand’s public sector bolsters cyber defenses. On our Industry Voices segment today, we are joined by Imran Umar, Zero Trust Lead at Booz Allen Hamilton, discussing Zero Trust and Thunderdome. And a cyberattack spoils Russia’s dairy flow.

Today is Monday, June 23rd, 2025. I’m Maria Varmazis, host of T-Minus Space Daily podcast, in for Dave Bittner. And this is your CyberWire Intel Briefing.

US warns of heightened risk of Iranian cyberattacks.

The US Department of Homeland Security has warned of a heightened risk of Iranian cyberattacks following American military strikes against Iran's nuclear facilities. DHS said in a National Terrorism Advisory System Bulletin issued yesterday, "Low-level cyber-attacks against US networks by pro-Iranian hacktivists are likely, and cyber actors affiliated with the Iranian government may conduct attacks against US networks." The advisory added, "Both hacktivists and Iranian government-affiliated actors routinely target poorly secured US networks and Internet-connected devices for disruptive cyber attacks."

John Hultquist, Chief Analyst at Google Threat Intelligence Group, noted, "Iran has had mixed results with disruptive cyber-attacks and they frequently fabricate and exaggerate their effects in an effort to boost their psychological impact. We should be careful not to overestimate these incidents and inadvertently assist the actors. The impacts may still be very serious for individual enterprises, which can prepare by taking many of the same steps they would to prevent ransomware."

Cyber warfare has become central to Israel and Iran’s strategies.

In the wake of escalating tensions between Israel and Iran, cyberspace has emerged as a critical battleground. Israel-linked hackers have reportedly exfiltrated over $90 million from Iran’s Bank Sepah and Nobitex exchange, highlighting vulnerabilities in financial systems during conflict. Iran has retaliated by imposing nationwide internet blackouts, severely disrupting civilian access and communications. Cyberattacks from Iranian actors—both state-linked and hacktivist—are targeting critical infrastructure across Israel and potentially the U.S., with water systems and industrial control environments particularly at risk. Iran’s asymmetric cyber strategy leans on disinformation, psychological operations, and surveillance via compromised digital devices. Meanwhile, U.S. agencies like CISA are urging heightened cyber vigilance and resilience. This conflict underscores the growing use of cyber as both a standalone and complementary theater in modern warfare, where attacks on infrastructure, finance, and information can have real-world consequences far beyond the battlefield.

Oxford City Council discloses data breach.

The Oxford City Council, the local government authority for the English city of Oxford, has disclosed a data breach affecting personal information across the past two decades. The Council stated, "We have now identified that people who worked on Oxford City Council-administered elections between 2001 and 2022, including poll station workers and ballot counters, may have had some personal details accessed. The majority of these people will be current or former Council officers."

The Council detected an "unauthorised presence" within its network over the weekend of June 7th. The statement adds, "Investigations continue to identify as precisely as we can what was accessed and what, if anything, might have been taken out of our systems. There is no evidence of a mass download or extraction of data."

Europe aiming for digital sovereignty. 

Europe is accelerating efforts to achieve digital sovereignty amid growing unease over U.S. tech giants' alignment with the Trump administration. EU leaders are pushing for stronger data localization, stricter regulations on cloud services, and enhanced protections for European digital infrastructure. The concern is that American platforms may prioritize U.S. political interests, potentially compromising European data autonomy and cybersecurity. This shift comes as U.S. firms ramp up lobbying and infrastructure investment in Europe, even as the transatlantic regulatory divide deepens. Cybersecurity experts see this as a critical juncture for Europe’s long-term control over its digital landscape and threat resilience. 

Michigan hospital network says data belonging to 740,000 was stolen by ransomware gang.

Michigan hospital network McLaren Health Care says information belonging to more than 740,000 people was stolen during a ransomware attack last August, the Record reports. The affected data included names, Social Security numbers, driver’s license numbers, medical data, and health insurance information. McLaren operates thirteen hospitals and various medical services across Michigan, and the attack disrupted services at the time.

The INC ransomware gang is believed to be responsible for the attack.

RapperBot pivoting to attack DVRs.

RapperBot, a Mirai-based botnet known for targeting IoT devices, has pivoted toward attacking Digital Video Recorders (DVRs) using command injection exploits. The campaign exploits known vulnerabilities in DVR firmware, enabling attackers to execute remote commands and co-opt devices into a growing botnet. This shift marks an evolution in RapperBot’s capabilities, signaling an expanded focus on industrial and surveillance hardware often left unpatched. Researchers report sustained scanning activity and brute-force attacks targeting specific DVR brands. The botnet’s modular structure and adaptability make it a persistent threat, especially to organizations with unsecured or outdated embedded devices on their networks.

A picture worth a thousand wallets.

A critical vulnerability was discovered in CoinMarketCap’s Doodle image upload feature that could have allowed attackers to execute arbitrary JavaScript in users’ browsers—an example of a stored cross-site scripting (XSS) flaw. Security researchers found that malicious payloads embedded in SVG images could bypass existing sanitization filters. If exploited, attackers could hijack sessions, steal credentials, or redirect users to phishing sites. CoinMarketCap has since patched the vulnerability, but the incident highlights ongoing risks in user-generated content features and the importance of rigorous input validation. It also underscores the security challenges facing crypto-related platforms with large, highly targeted user bases.

New Zealand’s public sector bolsters cyber defenses.

New Zealand’s National Cyber Security Centre (NCSC) has mandated a Minimum Cyber Security Standard (MCSS) for all public sector agencies, with an implementation deadline set for October 2025. The MCSS includes 19 baseline controls, covering areas like asset management, secure configuration, access controls, and incident response. It aims to establish a consistent cybersecurity posture across government entities, emphasizing risk-informed practices and resilience. Agencies must report compliance progress and demonstrate measurable security outcomes. The move follows increasing concerns about advanced persistent threats targeting public infrastructure, reinforcing the government's commitment to baseline hardening and coordinated defense in an evolving threat landscape.

Coming up on our Industry Voices segment, Dave Bittner sits down with Booz Allen Hamilton’s Zero Trust Lead, Imran Umar, to talk about Zero Trust and Thunderdome. Plus, a cyberattack brings Russia’s dairy supply to a standstill. Stick around.

On our Industry Voices segment, Dave Bittner recently spoke with Booz Allen Hamilton’s Zero Trust Lead Imran Umar about Zero Trust and Thunderdome. Here’s their conversation.

That was Dave Bittner speaking with Booz Allen Hamilton’s Zero Trust Lead Imran Umar about Zero Trust and Thunderdome. 

Cyberattack spoils Russia’s dairy flow.

A cyberattack has thrown Russia’s dairy industry into disarray after hackers brought down Mercury—the country’s electronic veterinary certification system. It’s the third strike on the platform this year, but easily the worst so far. With the system offline, producers scrambled to issue paper-based certificates, only to find that many retailers, including big names like Miratorg and Yandex Lavka, wouldn’t accept them. That’s because under Russian law, businesses can’t legally handle animal products like milk, eggs, or meat without digital documentation. The result? A supply chain snarl, empty shelves, and plenty of confusion. The dairy association Soyuzmoloko says unclear instructions from regulators aren’t helping. Meanwhile, restoration work is underway, but with no timeline for full recovery and no culprit identified, the moo-vement of milk remains on pause—for now.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.

We'd love to hear from you. We're conducting our annual audience survey to learn more about our listeners. We're collecting your insights until August 31, 2025. There's a link in the show notes.

 

N2K’s senior producer is Alice Carruth. Our CyberWire producer is Liz Stokes. We’re mixed by Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.

CyberWire Daily
Podcast Info
HOST(S):
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Monday-Friday
Creator: CyberWire, Inc.
ADVERTISEMENT
Sponsored by Booz Allen Hamilton
Sponsored by Booz Allen Hamilton

Zero Trust expert Imran Umar explores the challenges, opportunities, and key breakthroughs of implementing zero trust strategies across federal sectors. Learn more.