Cyber Security Headlines President's cyber bill, Iranian APT resurfaces, Kimwold DDoS attack
7 snips
Dec 22, 2025 The podcast dives into the recent defense bill that strengthens Cyber Command and mandates secure phones for DOD leaders. Attention turns to the resurgence of the Iranian APT Infy, showcasing its new malware techniques. Additionally, the KimWolf DDoS attack is dissected, revealing a massive Android botnet with 1.8 million infections and innovative evasion strategies. Other topics include guilty pleas from incident responders involved in extortion and significant indictments related to ATM jackpotting schemes.
AI Snips
Chapters
Transcript
Episode notes
Defense Bill Strengthens Cyber Posture
- The 2026 National Defense Authorization Act preserves the dual-hat leadership of US Cyber Command and the NSA while authorizing large spending.
- It also mandates enhanced, encrypted mobile phones for senior DOD leaders to improve phone security.
Infy APT Resurfaces With New Tools
- Safe Breach warns that Iranian APT 'Infy' re-emerged with a downloader Foudre and data extractor Tonair targeting high-value machines.
- The actor uses phishing with poisoned Excel files and remains considered "still active, relevant and dangerous."
KimWolf Leverages Stealthy Techniques
- The KimWolf Android botnet infected over 1.8 million devices and pushed 1.7 billion DDoS commands while targeting TV boxes.
- It hides C2 via DNS over TLS and uses elliptic curve signatures to authenticate servers and evade detection.