Welcome to your daily cybersecurity podcast.

We open this edition with a case combining cybercrime and intelligence activities in Eastern Europe. In Georgia, the former head of counterintelligence has been arrested as part of an investigation into large-scale scam centers. Authorities suspect he facilitated or protected structured fraud operations targeting international victims, once again highlighting the convergence of organized crime, corruption, and cyber fraud.

We then analyze a phishing campaign targeting cryptocurrency users through fake emails impersonating Grubhub. The messages promise a tenfold return on cryptocurrency sent by victims. Funds are immediately redirected to attacker-controlled wallets with no possibility of recovery, illustrating a classic yet still highly effective use of social engineering applied to digital assets.

Finally, we examine an operation attributed to Evasive Panda, a China-linked threat actor, which conducted espionage activities using a hijacked DNS infrastructure. The attackers leveraged advanced DNS resolution and traffic redirection techniques to deliver stealthy malicious payloads while bypassing multiple network detection mechanisms. This campaign highlights the continued evolution of APT tradecraft in state-sponsored cyber espionage.

Sources

• Arrest in Georgia – scam centers:https://therecord.media/republic-of-georgia-former-spy-chief-arrested-scam-centers
• Crypto phishing campaign – fake Grubhub emails:https://www.bleepingcomputer.com/news/security/fake-grubhub-emails-promise-tenfold-return-on-sent-cryptocurrency/
• Evasive Panda APT – malicious DNS infrastructure:https://thehackernews.com/2025/12/china-linked-evasive-panda-ran-dns.html

Don’t think, patch!

Your feedback is welcome.
Email: radiocsirt@gmail.com
Website: https://www.radiocsirt.com
Weekly Newsletter: https://radiocsirtenglishedition.substack.com/