[00:00] Aaron Cole: The line between digital intrusion and physical destruction just got a lot thinner.
[00:05] Aaron Cole: This is Prime Cyber Insights.
[00:08] Lauren Mitchell: And welcome to the show.
[00:09] Lauren Mitchell: Today, we're dissecting a high-stakes attribution from the team at Dragos regarding the December 2025 attacks on Poland's power grid,
[00:18] Lauren Mitchell: along with new breaches hitting the consumer sector.
[00:21] Aaron Cole: Lauren, the news out of Poland is a wake-up call.
[00:25] Aaron Cole: The group Electrum, which shares a lot of DNA with the notorious sandworm, didn't just
[00:30] Aaron Cole: snoop around.
[00:31] Aaron Cole: They targeted 30 distributed energy sites and actually bricked the physical equipment.
[00:38] Lauren Mitchell: It's the first major strike we've documented on distributed energy resources, or DERs,
[00:44] Lauren Mitchell: Aaron.
[00:44] Lauren Mitchell: We're talking wind and solar generation sites.
[00:46] Lauren Mitchell: The attackers used a tag team approach, with Camasite handling the initial phishing and access,
[00:53] Lauren Mitchell: while Electrum moved in to wipe Windows devices and reset configurations permanently.
[00:58] Aaron Cole: Exactly.
[00:59] Aaron Cole: They aren't just looking for a seat at the table anymore.
[01:02] Aaron Cole: They're trying to break the table.
[01:05] Aaron Cole: But the grid isn't the only thing under fire.
[01:07] Aaron Cole: Match Group is reeling from a breach that's exposed data across Tinder, Hinge, and OKCupid.
[01:13] Lauren Mitchell: Mm-hmm.
[01:13] Lauren Mitchell: Mm-hmm. The privacy implications there are massive, Aaron.
[01:18] Lauren Mitchell: When you combine state-sponsored grid attacks with deep personal data harvesting from dating apps,
[01:25] Lauren Mitchell: the profile of a target becomes incredibly granular and dangerous.
[01:30] Aaron Cole: And it's all happening while we're still failing at the security basics.
[01:35] Aaron Cole: A new report shows nearly 800,000 telnet servers are still exposed to the public internet.
[01:41] Aaron Cole: In 2026, Lauren, that is essentially like leaving your front door wide open.
[01:47] Lauren Mitchell: It's a legacy protocol nightmare, honestly.
[01:50] Lauren Mitchell: Whether it's an old RTU on a power grid or a misconfigured office server,
[01:55] Lauren Mitchell: these exposed telnet instances are the low-hanging fruit that groups like Camasite thrive on for initial entry.
[02:02] Aaron Cole: The message is clear.
[02:04] Aaron Cole: The threat actors are coordinating their roles, and we need to coordinate our defense.
[02:11] Aaron Cole: Thanks for joining us.
[02:12] Lauren Mitchell: Stay resilient and stay secure.
[02:15] Lauren Mitchell: For more on these stories, visit pci.neuralnewscast.com.
[02:20] Lauren Mitchell: We'll see you next time on Prime Cyber Insights.
[02:23] Lauren Mitchell: Neural Newscast is AI-assisted, human-reviewed.
[02:27] Lauren Mitchell: View our AI transparency policy at neuralnewscast.com.