The backup plan needs a backup plan.

CISA pushes critical infrastructure to prepare for offline operations during cyberattacks. Questions grow over a shared U.S.-China AI threat. A Russian university is accused of feeding talent into GRU cyber units. Researchers warn poisoned data could quietly corrupt enterprise AI. LinkedIn faces a GDPR fight over monetizing user data. Millions downloaded fake Android call-history apps before Google pulled them. Dragos reports AI-assisted targeting of OT systems. A California man is sentenced in a $250 million crypto theft ring. Our guest is Asdrúbal Pichardo, CEO of Squalify, who wonders if banks are ready for worst-case cyber disruptions. A bandwidth bandit brakes bullet trains.

Today is Thursday May 7th 2026.  I’m Dave Bittner. And this is your CyberWire Intel Briefing.

CISA's new initiative looks to help critical infrastructure withstand cyberattacks while operating offline. 

CISA this week launched CI Fortify, a new initiative designed to help critical infrastructure organizations continue operating during major cyberattacks or telecommunications outages. The guidance urges operators to prepare for scenarios where internet access, third-party services, or communications systems become unavailable.

The initiative emphasizes network segmentation, operational isolation, and rapid system recovery. CISA officials said organizations should be able to disconnect from external dependencies while maintaining essential services and restoring compromised systems in isolation. The effort comes amid ongoing concern over nation-state campaigns like China-linked Volt Typhoon, which U.S. officials say targeted critical infrastructure to enable potential disruptive attacks during future conflicts.

CISA is shifting toward a “assume compromise” model for operational technology defense. Security experts say deeply embedded adversaries may not be fully removable in the near term, making resilience and containment increasingly important, especially as artificial intelligence accelerates cyber operations.

Do China and the U.S. share a common AI threat? 

In a New York Times opinion column, Thomas Friedman argues that next week’s Trump-Xi summit could rival the historic Nixon-Mao meeting of 1972, but with a different shared threat. Friedman says the United States and China now face a common danger from advanced artificial intelligence, particularly agentic AI systems capable of enabling large-scale cyberattacks by small groups or individuals.

Friedman contends that globalization and technological interdependence have “fused” nations together, making issues like cyber threats, pandemics, climate change, and supply chain disruptions impossible for any one country to manage alone. He warns that increasingly powerful AI models from companies such as OpenAI, Anthropic, Google, Alibaba, and DeepSeek could dramatically lower the barrier for destructive cyber operations.

Friedman argues both governments and major AI firms must establish safeguards before these tools become uncontrollable. He frames AI-driven cyber risk as a modern equivalent to Cold War-era mutually assured destruction.

A top Russian university allegedly funnels elite students into GRU cyber units. 

A cache of more than 2,000 leaked documents reviewed by several European news outlets alleges that Bauman Moscow State Technical University operates a covert training pipeline for Russia’s military intelligence agency, the GRU. The reporting describes a secretive “Department 4” where select students receive instruction in cyber operations, surveillance, disinformation, and intelligence tradecraft before assignments to GRU-linked units, including the hacking groups Fancy Bear and Sandworm.

The documents reportedly show GRU officers overseeing recruitment, exams, and graduate placements. Coursework allegedly includes penetration testing, malware development, psychological influence operations, and reconnaissance techniques. Western officials have long accused Russian state-linked groups of conducting cyberattacks, sabotage, and election interference across Europe and the United States.

The report highlights concerns that Russia continues investing heavily in hybrid warfare capabilities despite years of sanctions, indictments, and public exposure of its cyber programs. According to reporting from The Guardian, the training pipeline remains active through at least 2027.

Enterprise AI systems are vulnerable to poisoned data. 

As enterprises rapidly deploy large language models, AI copilots, and autonomous agents, security researchers are warning about a less visible threat: corrupted data shaping how AI systems interpret reality. Experts say AI poisoning can occur through malicious tampering, compromised retrieval systems, or simple data hygiene failures inside organizations.

Researchers and security leaders told CSO that many companies are already “polluting” their own AI environments by feeding models inconsistent, outdated, or conflicting internal information from disconnected systems. Others warn attackers may only need a small amount of manipulated data to influence AI behavior, particularly in retrieval-augmented generation, or RAG, environments.

The concern grows as AI systems move beyond answering questions and begin making operational decisions involving procurement, finance, customer support, and security workflows. Experts say the challenge increasingly resembles a supply chain and governance problem, where organizations must understand what data their AI trusts and who controls it.

A GDPR dispute over LinkedIn profile viewer data could test limits on monetizing user information in the EU. 

A privacy complaint against LinkedIn could establish an important European legal precedent over whether companies can charge users to access data already collected about them. The case centers on LinkedIn’s “profile viewers” feature, where premium subscribers receive detailed records of who viewed their profiles, while free users see only limited information.

According to privacy advocacy group Noyb, one LinkedIn user filed a GDPR Article 15 request seeking a copy of all personal data processed by the platform, including profile viewer information. LinkedIn reportedly denied the request, arguing disclosure could affect the rights of others. Noyb disputes that reasoning, noting LinkedIn already provides the same information to paying subscribers.

The case could clarify whether companies may restrict access to user-related data behind subscription paywalls, even when European privacy law grants individuals broad rights to obtain processed personal information.

Fraudulent Android apps posing as call-history tools were downloaded more than seven million times before removal from Google Play. 

ESET researchers uncovered a large-scale Android scam campaign they call “CallPhantom,” involving 28 fraudulent apps that falsely claimed to provide call logs, SMS records, and WhatsApp history for any phone number. According to ESET, the apps collectively reached more than 7.3 million downloads before Google removed them from the Play Store.

The apps primarily targeted users in India and the Asia-Pacific region. Researchers found the supposed call histories were entirely fabricated using hardcoded names, phone numbers, and timestamps. Victims were prompted to pay subscription fees or submit payment details to unlock fake results.

Some apps reportedly bypassed Google Play’s official billing system by routing users to third-party payment platforms or direct card-entry forms, making refunds more difficult. Researchers also observed deceptive tactics designed to pressure users into subscribing.

Researchers warn of AI attacks on OT systems. 

Dragos and Gambit Security say an unknown threat actor used commercial AI models from Anthropic and OpenAI during a large-scale intrusion campaign targeting Mexican government organizations, including a municipal water utility in Monterrey. Investigators found the attacker used Claude and GPT models to automate reconnaissance, malware development, lateral movement, and data analysis across compromised IT environments.

According to Dragos, the AI-assisted operation escalated into an attempt to identify and access operational technology, or OT, systems connected to the utility’s industrial network. Researchers say Claude independently recognized a SCADA and industrial gateway platform as a high-value target and attempted password-spraying attacks against the interface, though investigators found no evidence the OT environment was breached.

Dragos emphasized the attack did not involve novel OT-specific capabilities. Instead, the AI tools accelerated known offensive techniques and reduced the expertise required to identify industrial infrastructure from inside enterprise networks.

Elsewhere, Poland’s Internal Security Agency, or ABW, says hackers breached water treatment facilities in five towns during 2025, in some cases gaining access to industrial control systems capable of disrupting water supplies. The agency warned attackers could alter device settings, creating direct operational risks.

While the report did not formally attribute the incidents, ABW said hostile cyber activity tied to Russian intelligence services has intensified sharply since 2024. Polish media previously linked several water facility intrusions to a pro-Russian hacktivist group.

The report also described broader Russian-linked sabotage, espionage, and cyber campaigns targeting Polish infrastructure, transportation, and government systems amid Poland’s support for Ukraine.

California man sentenced for role in violent cryptocurrency theft ring tied to more than $250 million in stolen assets. 

A 20-year-old California man was sentenced to more than six years in prison for his role in a cryptocurrency theft operation that combined online fraud with physical home invasions. Prosecutors said Marlon Ferro targeted victims believed to hold large amounts of cryptocurrency, stealing hardware wallets when social engineering attacks failed.

According to court documents, Ferro carried out burglaries in Texas and New Mexico and helped launder stolen cryptocurrency through exchanges and fraudulent payment accounts. Authorities said the broader criminal ring stole more than 4,100 Bitcoin and used the proceeds to fund luxury lifestyles, private jets, and high-end real estate rentals.

 

A bandwidth bandit brakes bullet trains. 

A 23-year-old university student in Taiwan is accused of bringing part of the country’s high-speed rail network to an abrupt halt with a software-defined radio, a handful of handheld transmitters, and apparently far too much free time. Authorities say the student transmitted a high-priority emergency signal into the railway’s TETRA communications system on April 5, triggering automatic braking procedures that stopped four trains for nearly an hour.

Investigators allege the student decoded rail communications parameters using inexpensive SDR equipment purchased online, then programmed radios to impersonate legitimate railway devices. Reports suggest the same system parameters had remained unchanged for 19 years, a detail now attracting pointed criticism from lawmakers and security observers alike.

Police traced the activity through network logs and CCTV footage, eventually seizing radios, SDR equipment, and a laptop from the suspect’s residence. His attorney reportedly claimed the transmission was accidental. Authorities appear skeptical.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry.  Learn how at n2k.com.

 

N2K’s lead producer is Liz Stokes. We’re mixed by  Tré Hester, with original music by and sound design Elliott Peltzman. Our contributing host is Maria Varmazis. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher. And I’m Dave Bittner. Thanks for listening.