Nine To Noon Technology: AstraZeneca subject to cyberattacks
Mar 25, 2026
Tony Grasso, CISO at COGENT and former GCHQ/New Zealand intelligence officer, breaks down recent high-profile cyber incidents. He discusses data exfiltration from a finance ministry, ransomware theft of 1.5 TB from a major pharmaceutical, industrial espionage risks to pharma, and attribution of a defense contractor breach to Iranian actors. He also explains account hijacks via social engineering and living-off-the-land attacker tactics.
AI Snips
Chapters
Transcript
Episode notes
State Actors Steal Policy Not Just Ransom
- State-level attackers target government finance ministries for policy intelligence, not ransom.
- The Dutch Finance Ministry had data exfiltrated undetected and had to shut internal networks while keeping public services running.
Internal Teams Often Miss Sophisticated Exfiltration
- Internal security teams often miss sophisticated exfiltration hidden in normal traffic.
- Dutch intelligence (or allies) detected the breach after internal teams failed to spot data leaving the ministry.
Isolate Internal Networks Immediately After Detection
- When breaches are suspected, take the ‘nuclear option’ of isolating internal networks while preserving public services.
- The Dutch ministry shut internal systems off to stop ongoing exfiltration while keeping public-facing services live.