Cybersecurity today.

Would like to thank Meter for their support in bringing you.

This podcast Meter delivers a complete networking stack with wired, wireless and cellular, all in one integrated solution that's built for performance and scale.

You can find them at meter.com/cst.

Trump hints us used cyber to turn off lights in Venezuela, Nova Scotia Power fights to keep.

Its April, 2025 breach.

Instant detail, secret and trust Wallet hack linked to Sha-Hulud.

This is cybersecurity today, and I'm your host, David Shipley.

Let's get started.

US President Donald Trump and senior US military officials over the weekend alluded to the use of cyber disruption in their recent raid on Venezuela's Capital.

Over the weekend, the United States carried out an operation in and around Ikas that ended with Venezuelan president Nicholas Maduro in US custody.

At a press conference at Mar-a-Lago, president Donald Trump suggested without explicitly confirming a cyber attack, that US technical capabilities helped cut power in the Venezuelan capital during the strikes.

Trump said Keas was largely turned off and attributed it to quote a certain expertise that we have adding.

It was dark and it was deadly.

During the same press conference, the Chairman of the Joint Chiefs of Staff General Dan Kain, said, US Cyber Command, US Space Command and other combatant commands, quote, began layering different effects.

End quote to quote, create a pathway end quote for US forces flying into the country early Saturday morning.

Kain did not explain what those effects were, and the White House Cyber command and space Command did not respond to media requests for comments on cyber operations in Venezuela.

But there was an external indicator of disruption during the timeframe described.

Internet monitoring group net blocks reported a loss of internet connectivity in keas during power cuts.

Early Saturday morning net blocks.

Founder ALP Toker said that if the cyber attacks contributed, the disruption was likely targeted and not a broader attack across the entire network space.

The US government has not confirmed cyber activity affecting Venezuela's power grid, but the President's comments and military references to coordinated effects have renewed attention on how cyber capabilities can and should be used in conflict, including effects on civilian critical infrastructure.

This news also follows recent accusations from Venezuela's State Oil Company, Pedevesa, which last month claimed the US government was responsible for a cyber attack that caused disruptions in its business operations across the country.

The Trump administration has not publicly commented on that allegation.

Critical infrastructure and especially the operational technology that runs our power grids, water utilities, telecommunications companies and so much more have long been known to be incredibly vulnerable.

We know that nation, states and state sponsored hackers have the capacity to break into them, to spy, and even to disrupt them.

The bigger question has been, what's been holding so many back.

Many believe it's seen as a line not to be crossed lightly, but now that line may have been crossed in a very public way.

So where does this leave cyber professionals first, the open public discussion around the potential use of cyber to attack civilian critical infrastructure means the threat landscape just escalated for everyone everywhere.

And it comes after we've learned from attacks like Salt Typhoon, China's nation state team that compromised telecommunications critical infrastructure around the world that most countries are ill prepared to defend against nation state, or even criminal compromises.

And this has to change.

Now, after this weekend, the global critical infrastructure security race just heated up even more.

All right.

Our second story today stays with critical infrastructure.

The incident report from Nova Scotia, Power's major April, 2025 breach was released on December 29th.

Nova Scotia Power is fighting to keep key elements of that incident report.

Most importantly, the actual details of how the compromise happened from being released to the broader public.

We still don't know today what the root cause of the incident was, which did result in detailed personal information on up to 375,000 customers being compromised by a Russian linked threat actor.

The report doesn't say if the initial compromise was the result of a phishing attack, credential stuffing, internet connected system, or software vulnerability, third party supply chain or insider threat.

In the request to keep certain details redacted, however, NS.

Power alludes to references to software incursion, the regulatory body responsible for NS.

Power.

The Nova Scotia Energy Board has released the redacted 40 page incident report while it reviews Nova Scotia Power's request.

What we do know from the report is that when it discovered the incident in April, Nova Scotia Power hired Osler, one of Canada's most powerful law firNS who in turn hired Mandiant to help with the investigation and incident response.

This is a standard approach that's often used to help shield technical details in an incident as privileged legal information.

However, blanket approaches to prevent disclosure of expert reports have been fought over in the courts around the world, including by Canadian privacy regulators after the Life Lab's Health Information breach, and in the United States, a ruling against Capital One in a data breach case in 2020 forced it to hand over a Mandiant incident report.

A 2025 ruling on the Australian health information breach at Medibank also ruled against the use of privilege in trying to shield technical reports.

Under the direction of Osler Mandiant assisted Nova Scotia power and other cybersecurity experts with containment, investigation and remediation efforts, and took immediate actions to contain and remediate the unauthorized activity, including containing and isolated affected servers, limiting network connectivity, and identifying and resetting compromised account credentials and hardening the environment, the reaction to the incident didn't just focus on business systeNS.

Risk to operational technology networks were also dealt with, according to the report, quote, teaNS within Nova Scotia power began working diligently with cybersecurity experts to further isolate the operational technology and energy delivery systeNS.

End quote.

The report notes that they have no evidence attackers access to operational technology or energy delivery systeNS.

Interestingly, the report doesn't say those systeNS were never exposed or at risk.

The report says forensic investigations were complex and the subsequent details were all redacted except that it believed the incident started on March 19th and was discovered by Nova Scotia Power on April 25th.

The attack and recovery impacted enterprise reporting and planning systeNS, including PeopleSoft, PowerPlan, and interestingly, Oracle's e-Business Suite, Oracle's E-Business Suite, has popped up in a number of major incidents in 2025.

It also took down customer billing systeNS and IT systeNS, including active directory and most troubling the privilege access Management system.

According to the report, full restoration efforts for all affected systeNS may take until September 20, 26, 17 months after the incident was discovered to be completed.

An identity and access management project is set to be completed by September 30th.

A new MDR project will be completed by the end of January.

Network and backup projects were completed in November, 2025, more than six months after the incident was discovered.

Story three.

Today is an update on the trust wallet incident we covered in our December 29th special holiday update.

Trust wallet now believes the compromise of its chrome browser extension is likely connected to the broader cross industry-wide Sha-Hulud supply chain campaign.

.

Trust Wallet says the incident led to roughly $8.5 million being stolen from more than 2,500 wallets.

In an update last week, trust Wallet said developer GitHub Secrets were exposed, which gave the attackers access to the extension source code and critically, the Chrome Web store API Key Trust Wallet says the attacker then obtained full Chrome Web Store API access through that leak key, allowing the builds to be uploaded directly without trust wallet's standard internal release process, which normally requires internal approval and manual code review.

Trust Wallet says this is a key reason they believe the incident is likely related to Sha-Hulud ud because Sha-Hulud ud is known for targeting the developer ecosystem to steal credentials, secrets, and publishing access at scale.

.

And the mechanism described here, stolen secrets leading to trusted release pipeline compromise is consistent with what researchers have been warning about.

Sha-Hulud trust Wallet also described additional infrastructure involved in the incident saying the attacker registered.

A domain used to host malicious code referenced by the Trojan Extension, and the company says it has since revoked the release.

APIs worked to suspend malicious domains and started reimbursing affected users trust Wallet is also warning that attackers are now impersonating trust wallet support accounts, and pushing fake compensation forNS and scam ads, including through Telegram.

I've been your host, David Shipley.

Jim Love will be back on Wednesday if you enjoy the show, please tell others.

Consider leaving a review and remember to like and subscribe.

We'd love to reach even more people, and we continue to need your help.

Thanks for listening and happy New Year.

We'd like to thank Meter for their support in bringing you this podcast Meter delivers full stack networking infrastructure, wired, wireless, and cellular to leading enterprises working with their partners Meter designs.

Deploys and manages everything required to get performant, reliable, and secure connectivity.

They design the hardware, the firmware, build the software, manage deployments, and run support.

It's a single integrated solution that scales from branch offices.

To warehouses and large campuses to data centers, book a demo at me.com/cst.

That's METE r.com/cst.