Latest news with #AdvancedPersistentThreat
Yahoo
18-05-2025
- Business
- Yahoo
‘This is the mafia' — How North Korea structures its IT workers like an organized crime syndicate
A detailed report on North Korea's cyber-crime operations has revealed the inner workings and structure behind Kim Jong Un's plan to evolve a highly lucrative scheme in which trained tech workers infiltrate American and European businesses. The North Korean IT workers send nearly their entire salaries home to fund the regime's nuclear weapons program, using AI as a key tool. Meanwhile, North Korea has pitted its IT workers against each other to spur competition and rake in more money. The crime syndicate La Cosa Nostra in the U.S. is built around 'Five Families' that famously war with each other for money and power. North Korea's prosperous cyber-crime operations are similar, except there is only one family and it belongs to authoritarian leader Kim Jong Un. 'Stop looking at North Korea's cyber program as a government program like the other major state programs and liken them to a single-family mafia organization and the lines begin to unblur,' states a new report from cybersecurity firm DTEX. The report delves into the organization and structure of the Democratic People's Republic of Korea (DPRK) and its extensive—and flourishing—pipeline of trained operatives who have infiltrated Fortune 500 companies with its IT workers scheme. This year, North Korea advanced the strategy to a new stage, recruiting 90 top graduates for an AI research center and demanding double their monthly earnings from each worker—even as teams worked feverishly to launder $1.5 billion stolen in a hack of cryptocurrency exchange Bybit after the start of the year. For context, the DPRK's crime syndicate involves a vast global scheme in which trained technologists from North Korea have been deployed by the thousands. The workers have impersonated or stolen American identities to illegally obtain remote jobs in IT. They send their salaries back home to North Korea to fund Kim's nuclear weapons and ballistic missile ambitions. The IT workers are only one prong in the regime's cyber cartel; they share intelligence with malicious North Korean Advanced Persistent Threat (APT) actors who operate under the Korean People's Army. According to UN estimates, the IT workers reliably generate $250 million to $600 million per year, while the APTs have stolen at least $3 billion in crypto. 'This is the mafia,' Michael 'Barni' Barnhart, an investigator who leads DTEX's DPRK efforts, told Fortune. The economic structure ensures the money travels up the chain, spans multiple criminal enterprises, and is based on tight-knit but competitive internal relationships. Like in The Sopranos, titular mob boss Tony Soprano calls the shots, while capos like Christopher Moltisanti deliver whatever he needs, he said. 'The profits—from ransomware, cryptocurrency theft, financial fraud, and insider infiltration— flow upward to fund weapons development and sanctions evasion,' states the report, written by Barnhart. (He is the author, but notes that he sourced his intelligence from an extensive global alliance of investigators.) According to the report, many of the IT workers and APT actors know each other. As part of the scheme, children who show promise in math and science in elementary school are plucked from an early age to get training as a military cyber operative or an IT worker. They attend elite schools like the Kim Sung Il Military University and the Kumsong Academy together and learn advanced computer science in a constantly replenished talent pipeline. Cyber investigators call it a 'bro network,' and have found chats between workers who lean on old school friends to find out how to make more money, explained Barhart. An image of two verified IT workers published by DTEX shows happy-looking young guys with nice watches and Nike-branded gear hanging out. Many of the operatives who ran successful heists a decade ago are now in managerial positions or serving as advisors and professors for the new generation of IT workers, said Barnhart. However, the photos don't show a particularly brutal twist in the scheme: the various four- or five-man delegations of workers are encouraged to compete against each other. Barnhart described it as a 'dog eat dog world where the only real winners are Kim Jong Un's family and the North Korean elites.' While much of the revenue that's generated funds operations and weapons, some goes to purchasing luxury goods for Kim and his family, said Barnhart. In 2025, North Korea doubled the monthly financial quota for workers in China, the report revealed, and Barnhart said all workers—IT and otherwise—faced the same punishing new requirement to keep foreign money pouring into the regime. The workers face grueling, 16-hour days up to six days a week, with hardly any breaks. Thus, the friendly 'bro network' operates on a case-by-case basis, noted Barnhart. The competition is exacerbated by the need to bring in more cash and crypto. On average, workers get to keep less than 20% of their earnings and they have to fund operations, equipment, and servers with their own money. In one documented example in the report, a worker earned $5,000 in a month and was allowed to keep $200. 'These quotas also foster a culture of competition within teams, with workers seeking to gain advantages over their colleagues to receive favors and be allowed to send more money back to their families,' Barnhart wrote. 'They're also encouraged to report each other for 'unpatriotic' behavior.' That's one of the reasons small U.S. tech founders have asked job applicants to make a negative comment about Kim's intellect or his weight before progressing to a formal interview. The IT workers wouldn't risk being caught insulting the authoritarian leader—and it would be unheard of to do so. Barhnart said it's very much 'every man out there is for himself' and the workers are beaten if they don't make enough money. 'It is a rough life,' he said. 'If they can't make their quotas, we see them at times mention (beatings).' Another picture DTEX published showed IT workers in a cramped space working on doctored IDs and WhatsApp chats with a mounted camera on the wall for government monitoring. Barnhart said the competition for work on freelance-job platforms where the IT workers find new opportunities is intense. He estimated that it takes roughly three hours to get a North Korean IT worker to apply for a job posting if it's related to crypto and software development. Some of the workers have even resorted to reporting each other on the freelance platforms, with one IT worker calling another a 'scammer' in a reply to a post from an IT worker seeking a job. The report states that the pressures on workers to generate revenues has given rise to side hustles, which are allowed as long as they continue to increase their earnings. Much like the mafia, financial gain, fear, violence, and identity are drivers of the IT worker scheme, but Barnhart wrote that what sets the DPRK apart is the 'survival-based incentive structure at the heart of its engine.' 'Cyber operatives are not motivated by ideology, but by material necessities: food, shelter, healthcare, and education for their families,' he wrote. 'Loyalty is not the core driver. Survival is.' Read more about North Korea's IT workers scheme: Chinese companies are secretly powering North Korea's global IT workers scheme The North Korean IT worker scheme infiltrated an American election campaign website A North Korean agent applied for a job at a popular crypto firm: They tripped him up with a simple question about Halloween Nashville man accused of helping thousands of North Koreans get remote-work jobs in IT This story was originally featured on
India Today
13-05-2025
- Politics
- India Today
15 lakh cyberattacks by Pak hackers on Indian websites, only 150 successful
Maharashtra cyber officials on Monday said that they have traced over 15 lakh cyberattacks targeting critical infrastructure websites across India to seven Advanced Persistent Threat (APT) groups. These accounts are primarily linked to Pakistan, Bangladesh, Indonesia, and the Middle East, and the attacks intensified following the Pahalgam terror strike on April the high volume, only 150 attacks were successful. The officials also informed that the cyberattacks continued even after a ceasefire understanding between India and Pakistan, PTI said, citing probe discovered that cyberattacks on (government websites in) India decreased after India-Pakistan ceased hostilities, but did not fully stop. These attacks continue from Pakistan, Bangladesh, Indonesia, Morocco, and Middle Eastern countries," PTI quoted an official. A senior Maharashtra Cyber official refuted claims that hackers had breached Mumbai's Chhatrapati Shivaji Maharaj International Airport, aviation systems, municipal networks or the Election Commission officials have detailed a wave of cyberattacks in a new report titled "Road of Sindoor", named after an Indian military operation against terrorists. The report, submitted to key agencies including the Director General of Police and State Intelligence Department, outlines the scale and methods of the to Additional Director General of Police Yashasvi Yadav, attack tactics included malware distribution, DDoS assaults, GPS spoofing, and website defacement. While many attacks were blocked, some targeted India's critical of Sindoor" builds on an earlier report, "Echoes of Pahalgam", which examined cyber activity following the Pahalgam terror strike. The new findings identify seven hacking groups, these include APT 36, Pakistan Cyber Force, Team Insane PK, Mysterious Bangladesh, Indo Hacks Sec, Cyber Group HOAX 1337 and National Cyber officials also highlighted that, of the 150 successful cyberattacks, the Kulgaon Badlapur Municipal Council website was defaced. In addition to this, the website of the Defence Nursing College in Jalandhar was Pakistan-allied groups falsely claimed to have hacked India's banking system and caused power outages. Maharashtra Cyber has also taken down over 5,000 pieces of fake news and flagged 80 misinformation items for removal, urging the public to verify information via official Additional Director General of Police also informed that these fabricated narratives included claims of cyber attacks on India's power grid, satellite jamming, disruption of the Northern Command and an alleged attack on a BrahMos missile storage InMust Watch IN THIS STORY#Operation Sindoor#India-Pakistan#Pakistan
Times
29-04-2025
- Politics
- Times
Russian agency ‘waged silent war for a decade' on France
France has accused Russia's military intelligence service of waging 'a silent war' against it for the past decade to sow strife and spy for the Kremlin. In a sign of its anger over hostile Russian interference, the government named the GRU, the Kremlin's largest foreign intelligence agency, as the perpetrator of a stream of attacks since 2015 for the first time. These include hacking President Macron's 2017 election campaign, flooding social media with false information, attempted sabotage of broadcasters, meddling in the 2024 Olympics and cyberattacks on infrastructure and French companies, the foreign ministry said. A Russian hacking organisation, called Advanced Persistent Threat or APT28 and also known as Fancy Bear, is on the front line of these attacks, it said. 'Behind these initials
