Podcasts
CyberWire Daily
Ep 2369
The CyberWire Daily Podcast 8.12.25
Ep 2369 | 8.12.25

Kimsuky gets kim-sunk.

Show Notes
Transcript

Hackers leak backend data from the North Korean state-sponsored hacking group Kimsuky. A ransomware attack on a Dutch clinical diagnostics lab exposes medical data of nearly half a million women. One of the world’s largest staffing firms suffers a data breach. Saint Paul, Minnesota, confirms the Interlock ransomware gang was behind a July cyberattack. Researchers jailbreak ChatGPT-5. A cyber incident takes the Pennsylvania Attorney General’s Office entirely offline. A new report quantifies global financial exposure from Operational Technology (OT) cyber incidents. Finnish prosecutors charge a Russian captain for allegedly damaging five critical subsea cables in the Baltic Sea. On our Industry Voices segment, we are joined by Sean Deuby, Semperis’ Principal Technologist, with insights on the global state of ransomware. Hackers take smart buses for a virtual joyride.

Today is Tuesday August 12th 2025. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

Hackers leak backend data from North Korean state-sponsored hacking group Kimsuky. 

Two hackers, “Saber” and “cyb0rg,” leaked 8.9 GB of backend data from North Korean state-sponsored hacking group Kimsuky, citing ethical objections to the group’s “financial greed.” The leak, shared via Distributed Denial of Secrets, exposes Kimsuky’s infrastructure, phishing tools, malware source code, and operational logs. It includes phishing kits targeting South Korean government sites, Cobalt Strike loaders, reverse shells, SSH logs, private certificates, and links to GitHub accounts and VPN purchases. Kimsuky, known for espionage against South Korea and global entities, now faces potential disruption as parts of its infrastructure are compromised. While the exposure may hinder ongoing operations, experts note long-term impact is uncertain. The breach offers valuable intelligence for cybersecurity analysts to strengthen defenses and develop targeted countermeasures.

A ransomware attack on a Dutch clinical diagnostics lab exposes medical data of about 485,000 women. 

A ransomware attack on Dutch lab Clinical Diagnostics NMDL exposed personal and medical data of about 485,000 women in the national cervical cancer screening program. Stolen data includes names, addresses, BSNs, medical test results, and historical records, some of which are already for sale on the dark web. The lab waited nearly five weeks to report the breach, far exceeding the EU’s 72-hour rule. The delay prompted Population Screening Netherlands to cut ties and move testing to other labs to maintain program operations.

One of the world’s largest staffing firms suffers a data breach. 

Manpower, one of the world’s largest staffing firms, is notifying 144,189 people of a data breach that occurred between December 29, 2024, and January 12, 2025. The breach was discovered during an IT outage investigation in Lansing, Michigan, and attackers reportedly stole 500GB of data. The RansomHub ransomware group claimed responsibility, alleging theft of sensitive personal, corporate, and financial records, including passport scans, SSNs, contracts, and HR data. Some data has since been removed from RansomHub’s leak site, suggesting a ransom payment. Manpower has strengthened IT security, is working with the FBI, and is offering free credit monitoring through Equifax. RansomHub, a rebranded ransomware-as-a-service operation, has targeted numerous high-profile victims and breached over 200 U.S. critical infrastructure entities in recent years.

Saint Paul, Minnesota, confirms the Interlock ransomware gang was behind a July cyberattack. 

Saint Paul, Minnesota, confirmed the Interlock ransomware gang was behind a July cyberattack that disrupted city systems, prompting the governor to deploy the National Guard’s cyber unit. While emergency services were unaffected, online payments and some services remain delayed. The city refused to pay ransom, but Interlock claims to have stolen 66,000 files (43 GB) and has leaked some online. Active since 2024, Interlock targets global organizations, especially healthcare, and was recently linked to major breaches at DaVita and Kettering Health.

Researchers jailbreak ChatGPT-5. 

Just 24 hours after OpenAI launched GPT-5 on August 7, 2025, Tenable Research says it bypassed the model’s new “safe completions” safety system and obtained detailed instructions for making a Molotov cocktail. OpenAI had touted GPT-5 as its most advanced model yet, with expert-level skills, improved accuracy, and stronger safeguards against harmful use. Using a four-step “crescendo” approach, Tenable posed as a history student, gradually steering the model toward providing dangerous instructions. The incident raises concerns about GPT-5’s security, as other researchers have also reported jailbreaks and hallucinations. OpenAI says fixes are in progress, but Tenable warns that organizations may already be exposed to risks if employees use the model without safeguards.

A cyber incident takes the Pennsylvania Attorney General’s Office entirely offline. 

A cyber incident has taken the Pennsylvania Attorney General’s Office entirely offline, disabling its website, email, and phone systems. Attorney General Dave Sunday confirmed the outage, which is preventing citizens from submitting tips or accessing resources. Staff are continuing work and coordinating with supervisors to limit disruptions. The nature of the attack and any potential data exposure remain undisclosed. The office is working with law enforcement to investigate the incident and restore full system functionality.

A new report quantifies global financial exposure from Operational Technology (OT) cyber incidents. 

Dragos Inc., in collaboration with Marsh McLennan’s Cyber Risk Intelligence Center, has released the 2025 OT Security Financial Risk Report, the first large-scale analysis quantifying global financial exposure from Operational Technology (OT) cyber incidents. The report highlights that indirect losses—such as business interruption—can account for up to 70% of the total impact. In extreme but plausible “1‑in‑250‑year” scenarios, global OT cyber risk exposure could reach $329.5 billion, with $172.4 billion tied specifically to business interruptions. Drawing on over a decade of breach and insurance claim data, the study identifies the top three OT cybersecurity controls linked to the greatest risk reductions: incident response planning, defensible architecture, and ICS network visibility and monitoring. It offers executives and insurers a data-informed framework to prioritize risk mitigation and justify investment in OT security.  

Finnish prosecutors charge a Russian captain for allegedly damaging five critical subsea cables in the Baltic Sea. 

Finnish prosecutors have charged the captain and two senior officers of the Russia-linked tanker Eagle S with aggravated criminal mischief and interference with communications for allegedly damaging five critical subsea cables in the Baltic Sea. Authorities say the ship, part of Russia’s “shadow fleet,” dragged its anchor for 90 km, causing at least €60 million in repair costs and risking Finland’s energy and telecom infrastructure. The suspects deny the charges, citing jurisdiction issues. NATO has warned of increased sabotage threats in the Baltic region.

 

Hackers take smart buses for a virtual joyride. 

At DEF CON, researchers Chiao-Lin “Steven Meow” Yu and Kai-Ching “Keniver” Wang revealed that Taiwan’s “smart buses” are perhaps a bit too smart for their own good. The trouble began innocently enough—with free passenger Wi-Fi—only to discover the same router also controlled the buses’ driver-assistance and transport management systems. With no network segmentation and default passwords that might as well have been “password123,” the pair waltzed in digitally, uncovering command injections, MQTT backdoors, and zero encryption. From there, a hacker could track buses, spy via onboard cameras, falsify GPS data, or even flash “Out of Service” signs mid-route. Vendors, contacted politely, apparently preferred the “ignore and hope” patching strategy. The vulnerabilities, Yu noted, may not be confined to Taiwan—bad news for any “smart” bus with global ambitions.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry.  Learn how at n2k.com.

We'd love to hear from you. We're conducting our annual audience survey to learn more about our listeners. We're collecting your insights until August 31, 2025. There's a link in the show notes.

 

N2K’s senior producer is Alice Carruth. Our producer is Liz Stokes. We’re mixed by Elliott Peltzman and Tré Hester, with original music by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.

CyberWire Daily
Podcast Info
HOST(S):
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Monday-Friday
Creator: N2K Networks, Inc.