Daily Cyber Briefing
The Daily Cyber Briefing delivers concise, no-fluff updates on the latest cybersecurity threats, breaches, and regulatory changes. Each episode equips listeners with actionable insights to stay ahead of emerging risks in today’s fast-moving digital landscape.
Daily Cyber Briefing
MS Teams Hack, MFA Hijacking, $2B Crypto Heist, Apple Siri Probe & More
Today we dive into the staggering 2 billion cryptocurrency heist linked to North Korea and explore how sophisticated threat groups are abusing trusted corporate platforms like Microsoft Teams for financial extortion. We also look at the massive pushback against the E.U.'s controversial "Chat Control" proposal and unveil a new, almost unbelievable attack that turns your standard optical mouse into a covert listening device.
Podcast Transcript: Cyber Scoops & Digital Shenanigans
Welcome back to Cyber Scoops & Digital Shenanigans, the podcast dedicated to tracking the chaos in our connected world. I’m your host, Mike Housch, and today we are unpacking a bulletin full of converging risks, from nation-state cryptocurrency theft to shocking new ways attackers are turning our convenience into their advantage.
The cybersecurity landscape is changing faster than ever, folks. Attackers are now blending social engineering, AI-driven manipulation, and complex cloud exploitation to break into targets once deemed secure. Every system we use for convenience—whether it’s a communication platform or a connected device—is expanding the attack surface. This episode explores some of the most pressing threats defining the current intelligent threat landscape.
Let's start with a platform almost all of us rely on daily: Microsoft Teams. Microsoft has detailed how threat actors are actively abusing its chat software at various stages of the attack chain. This isn’t just low-level phishing; they are using Teams to support financial theft through extortion, social engineering, and technical means.
One specific group, known as Octo Tempest, has been singled out for utilizing communication apps, including Teams, to send taunting and threatening messages to organizations, incident responders, and defenders. This is part of their pressure tactics for ransomware payments and extortion efforts. How do they get in? They often gain control of multi-factor authentication, or MFA, after performing social engineering password resets. Once they sign in to Teams, they begin identifying sensitive information that supports their financially motivated operations.
If your organization uses Teams, the advice is clear: you need to strengthen identity protection, harden endpoint security, and secure both the Teams clients and the associated apps. This highlights a crucial theme: as attackers evolve, so must our security approach.
Speaking of massive financial motivation, let’s pivot to a major nation-state threat, the hackers linked to North Korea.
This is a staggering number: North Korean hackers are responsible for stealing an estimated $2 billion worth of cryptocurrency assets in 2025, which marks the largest annual total on record. A huge portion of this came from just one incident—the Bybit hack in February—where threat actors stole approximately $1.46 billion. While other thefts attributed to North Korea this year include those suffered by LND.fi, WOO X, and Seedify, experts suspect the actual figure may be even higher.
This 2025 total almost triples last year's tally, powerfully underscoring North Korea’s growing dependence on cyber-enabled theft to fund its regime.
A notable shift observed is the increasing targeting of high-net-worth individuals. As crypto prices rise, these individuals become more attractive targets, often because they lack the sophisticated security measures businesses employ. They might also be targeted due to their association with businesses holding large amounts of cryptoassets that the hackers are trying to steal.
But the financial threat doesn't stop with direct crypto theft. We are also seeing the fraudulent IT worker scheme continue. North Korean actors, well-versed in IT, have been observed stealing identities and falsifying their résumés to deceive their way into highly paid remote tech jobs across the U.S., Europe, Australia, and Saudi Arabia. They are even using artificial intelligence to fabricate work and disguise their faces and identities during the hiring process.
One in two targets were not tech firms, and one in four were not U.S.-based companies, indicating that any company recruiting remote talent could be at risk. Identity services providers have tracked over 130 identities linked to these schemes, connected to over 6,500 initial job interviews across more than 5,000 distinct companies up until mid-2025. Once hired, these workers request payment in stablecoins, often because of their consistent value and popularity with OTC traders who facilitate the transition from cryptocurrency back into fiat currency. Those funds are then funneled through complex money laundering techniques—chain-hopping, token swapping, and consolidation addresses—to complicate tracing. This entire revenue stream has funneled up to $1 billion into the regime's nuclear program in the past five years.
Next, let's talk about policy and privacy, specifically the growing opposition to the E.U.'s proposed Chat Control regulation.
This proposal, first introduced in 2022, would require service providers, including end-to-end encrypted platforms like Signal, to scan all platform communications and files to screen for "abusive material" before a message is sent. The president of the Signal Foundation, Meredith Whittaker, stated that the app would actually leave the European Union market rather than comply with this potential new regulation.
Whittaker argues that the latest Chat Control proposals, while masked as protecting children, would mandate the mass scanning of every message, photo, and video on a person’s device. This content would then be assessed via a government-mandated AI model or database to determine if it’s "permissible". She called it, quote, "a mass surveillance free-for-all," opening up the intimate and confidential communications of everyone, including investigative journalists, activists, military personnel, and government officials.
Signal is not alone. Over 40 E.U. tech companies, including CryptPad, Element, and Tuta, have signed an open letter against the proposal. And there is good news: German officials have signaled they will vote against the measure, suggesting the bloc will not have the votes necessary to move forward with the highly controversial proposal.
Before we wrap up, let's look at a couple of fascinating digital shenanigans making waves in the research community.
First, we have a truly bizarre form of data exfiltration developed by academics at UC Irvine, dubbed the Mic-E-Mouse attack. This technique involves turning a standard optical mouse into a microphone. It’s designed to secretly record and exfiltrate data from air-gapped networks.
The attack exploits the high-performance optical sensors found in gaming mice. These sensors are precise enough to detect tiny vibrations caused by nearby sound. They record the sound patterns as mouse movements. This movement data is then collected and exfiltrated, and with the help of a transformer-based neural network, the conversations can be recovered. Researchers achieved 61% accuracy in capturing speech, depending on the voice frequency, using a common $35 mouse. Of course, a bad actor still needs to compromise the computer through other means first. Researchers note that creative software, video games, and other low-latency software are ideal targets for injecting this exploit.
Then, for the auto enthusiasts and tech pioneers, we have news regarding Tesla’s Telematics Control Unit, or TCU. Cybersecurity researchers from NCC Group detailed a bypass of the Android debug bridge (ADB) lockdown logic within the Tesla TCU. This flaw, rated 8.6 in severity, is an arbitrary file write that could potentially allow an attacker to obtain code execution in the context of root on the TCU. Because the device’s USB port is externally exposed and the ADB daemon runs as root, an attacker with physical access could write an arbitrary file to a writable location. They could then overwrite kernel entries via ADB, causing a script to be executed with root privileges.
And quickly, on the topic of investigations: France has opened a probe into Apple over its collection of Siri voice recordings following a whistleblower complaint. The whistleblower claimed that Siri conversations contained intimate moments or sensitive data that could easily deanonymize users. Apple has previously stated it does not use Siri data for marketing or advertising, nor does it sell the data.
That brings us to the end of this week's bulletin. Defending against these modern threats requires more than just tools—it demands awareness, adaptability, and shared responsibility. The path forward relies on continuous learning, stronger collaboration, and smarter use of technology to keep trust intact in our connected world.
We’ll be back next time with more Cyber Scoops & Digital Shenanigans. Until then, stay safe out there.