The Cybersecurity Defenders Podcast Russian cyber ops, Sygnia, Ollama & TeamPCP / Intel Chat [#293]
5 snips
Feb 16, 2026 A deep dive into Russian cyber operations targeting defense industry networks and phishing campaigns tied to the war in Ukraine. Examination of an AI-driven scam that cloned 150+ law firm websites to harvest data. Investigation into hundreds of thousands of exposed Ollama LLM hosts and the risks of tool-calling and LLM jacking. Breakdown of TeamPCP’s massive cloud compromises and worm-like propagation across 60,000+ servers.
AI Snips
Chapters
Transcript
Episode notes
Geopolitics Drives Targeting Of The Defense Industrial Base
- Nation-state cyber activity is now tightly integrated with kinetic conflicts and targets the defense industrial base at both tactical and strategic levels.
- Google GTIG documents Russia, China, North Korea and Iran using targeted phishing, mobile malware, supply-chain lures, and zero-days to reach UAV operators, frontline personnel, and contractors.
Scan For Cloned Law Firm Sites With Reverse Image Search
- Proactively scan for impersonation and cloned sites using reverse image search and logo reuse checks.
- Inspect site depth and functionality: most Signia-identified fake law firm sites had one or two pages and broken navigation.
Widespread OLAMA Deployments Create An LLM Attack Surface
- Unmanaged OLAMA deployments have created a massive exposed LLM compute surface with over 175,000 hosts globally, many lacking authentication.
- Almost half advertise tool-calling; exposed instances enable LLM jacking and resale of compute on illicit marketplaces.