Risky Business Podcast
August 27, 2025
Risky Business #804 -- Phrack's DPRK hacker is probably a Chinese APT guy
Presented by
Technology Editor
CEO and Publisher
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:
- Australia expels Iranian ambassador
- Hackers sabotage Iranian shipping satcoms
- APT hacker got doxxed in Phrack. Kind of. They’re probably Chinese, not DPRK?
- Trail of Bits uses image-downscaling to sneak prompts into Google Gemini
- The Com’s King Bob gets ten years in the slammer
- It’s a day that ends in -y, so of course there’s a new Citrix Netscaler RCE being used in the wild.
This week’s episode is brought to you by Corelight. Chief Strategy Officer Greg Bell talks through how they’ve been implementing AI for sifting through your network data. A model-context-protocol server that can rummage in all those packet logs for you while you keep investigating? Yes please.
This episode is also available on Youtube.
Brought to you by Corelight
Corelight: Evidence-Based NDR and Threat Hunting Platform
Show notes
Swedish security service says Iran uses criminal networks in Sweden | Reuters
Risky Bulletin: Hackers sabotage Iranian ships at sea, again - Risky Business Media
Microsoft scales back Chinese access to cyber early warning system | Reuters
Uncovering the Chinese Proxy Service Used in APT Campaigns
Weaponizing image scaling against production AI systems -The Trail of Bits Blog
CrowdStrike warns of uptick in Silk Typhoon attacks this summer | CyberScoop
Kevin Beaumont: "There’s a bunch of new Netscal…" - Cyberplace
US charges Oregon man in vast botnet-for-hire operation | Cybersecurity Dive
SIM-Swapper, Scattered Spider Hacker Gets 10 Years – Krebs on Security
Nevada state offices close after wide-ranging 'network security incident' | Reuters
DSLRoot, Proxies, and the Threat of ‘Legal Botnets’ – Krebs on Security
Kremlin-Mandated Messaging App Max Is Designed To Spy On Users