The Long Game and the Laptop Farm

In this episode of Dragon News Bytes, Will Baxter and Eli Woodward sit down in person to dissect the "long game" of modern cyber espionage. We dive into the Dell RecoverPoint zero-day exploited by China-linked actors and why some threat actors are now sitting silent in networks for over a year before acting.

We also go full circle on the DPRK laptop farm saga, discussing the sentencing of a Ukrainian national who facilitated North Korean IT workers infiltrating U.S. businesses. Finally, we cover Interpol’s Operation Red Card 2.0, a massive crackdown on West African scam networks, and why Nigeria’s demographic shift makes it a critical region for defenders to watch over the next decade.
‍

Topics & References:

Part 1: The One-Year Sleep – Dell Zero-Days & Grim Bolt

• Dell RecoverPoint Exploitation: Discussion on the recent zero-day (CVE-2025-6201) and its active abuse by China-linked actors.
• The Grim Bolt / Silk Taker Connection: Analyzing the infrastructure overlap between UN 6201 (Grim Bolt) and UN 5221 (Silk Taker/Brickstorm).
• Operational Patience: Why threat actors are waiting 12+ months for logs to "age out" before taking action on objectives.
• Hunter’s Field Note: Is one year of log retention enough? We discuss the shift toward 3-year "cold storage" for modern forensics.

‍

Part 2: The Infrastructure of Deception – DPRK & Laptop Farms

• The Sentencing of Alexander Didenko: The "back half" of the Christina Chapman case, involving a million-dollar scheme to host North Korean remote workers.
• Webcam Forensics: How a security team used "Impossible Travel" alerts to activate a webcam and catch a laptop farm manager in the act.
• Identity Theft at Scale: How thousands of fake accounts were created using stolen U.S. identities to bypass employment verification.

‍

Part 3: Operation Red Card 2.0 & The Rise of Nigeria

• Interpol Crackdown: An 8-week operation across 16 African countries resulting in 651 arrests and millions recovered from mobile money fraud.
• The Demographic Shift: Why Nigeria’s projected population growth (set to surpass the U.S. by 2050) makes Nigeria a pivotal part in the cyber landscape defenders need to start taking notice of now.
• Individual Impact: A reminder that while BEC hits corporations, these scams devastate individuals and families.

Events & Community:

• FS-ISAC Spring Summit (Orlando): March 1–4 presentations on the latest fintech threats and CLOP ransomware.
  
  • 🔗 to register: https://www.fsisac.com/events/2026-americas-spring
• RISE Ireland (Dublin): April 14–15 at Stripe Dublin. 
  
  • 🔗 to register: https://go.team-cymru.com/rise-ireland

Connect with Us:

• Follow us on LinkedIn: https://www.linkedin.com/company/team-cymru
• Subscribe to the Dragon News Bytes feed: https://www.team-cymru.com/dnb

Disclaimer: The views expressed in this podcast are those of the hosts and do not necessarily reflect the official policy or position of our employers.