Latest news with #BryanVorndran
Forbes
25-04-2025
- Business
- Forbes
North Korean Hackers Pose As Remote Workers To Infiltrate U.S. Firms
Remote hiring has created extraordinary flexibility for global workforces. It has also opened new ... More frontiers for exploitation by nation-state actors using synthetic identities and cross-border deception. Even cybersecurity companies aren't immune. In mid-2024, KnowBe4, a global leader in security awareness training, hired a seemingly well-qualified remote software engineer. The candidate passed a rigorous background check, provided references, attended multiple video interviews, and even submitted a professional photo. But just weeks into the role, their security team discovered malware being installed on the employee's company-issued laptop. The engineer wasn't who he claimed to be. He was a North Korean threat actor using a stolen U.S. identity and an AI-enhanced image to dupe one of the most security-conscious companies in the world. That incident, once viewed as an outlier, now appears to be part of a much larger and more coordinated national security threat. In December 2024, the Department of Justice announced the indictment of 14 North Korean nationals who fraudulently obtained remote IT jobs with U.S. companies using stolen identities and false credentials. Over six years, the scheme generated at least $88 million, money that was ultimately funneled to the North Korean regime to fund its weapons programs. Just weeks later, in January 2025, another indictment charged two additional North Korean nationals and three international facilitators — including two U.S. citizens — with similar fraud. That group allegedly infiltrated 64 U.S. companies, laundering more than $866,000 through just ten of them. One of the American defendants reportedly ran a 'laptop farm' out of his North Carolina home, receiving company-issued devices and installing remote access software so North Korean workers could appear to be U.S.-based hires. 'The Department of Justice remains committed to disrupting North Korea's cyber-enabled sanctions-evading schemes, which seek to trick U.S. companies into funding the North Korean regime's priorities, including its weapons programs,' said Devin DeBacker of the DOJ National Security Division. This isn't a minor fraud operation. It's an intentional, state-directed economic campaign. Thousands of North Korean 'IT warriors' have been dispatched abroad, mostly to China and Russia, where they use fabricated online profiles and borrowed identities to gain employment with U.S. firms, often as freelancers or contract developers. Some even extort their employers by threatening to leak stolen source code if additional payments aren't made. 'The indictments announced today should highlight to all American companies the risk posed by the North Korean government,' warned FBI Cyber Division Assistant Director Bryan Vorndran. The methods used by these operatives are sophisticated and increasingly difficult to detect: In the KnowBe4 case, a stolen identity was paired with an AI-enhanced photo to impersonate a qualified U.S. engineer. Despite multiple interviews, background checks, and reference calls, the ruse held until malware activity triggered an alert. This mirrors growing concerns from federal law enforcement. A 2021 FBI bulletin warned that foreign and criminal actors would 'almost certainly leverage synthetic content' to enable cyber and fraud operations. This includes a rising threat known as Business Identity Compromise (BIC), a form of digital impersonation where adversaries use AI to pose as legitimate employees or contractors. 'Synthetic content may also be used... to create a sophisticated emulation of an existing employee,' the FBI states. And now, the DOJ has launched a formal crackdown on domestic enablers of this threat. Under the DPRK RevGen: Domestic Enabler Initiative, prosecutors are targeting individuals operating laptop farms in the U.S. and facilitating access to sensitive systems for foreign adversaries. Hiring fraud has evolved. It's no longer limited to resume inflation or fake degrees. It now involves state-sponsored threat actors, synthetic identities, and cross-border data laundering. The stakes? Intellectual property theft, regulatory liability, sanctions exposure, and brand-damaging extortion. And it's not just the 'big names' being targeted. The DOJ confirmed that dozens of U.S. companies, across sectors, have unknowingly employed Democratic People's Republic of Korea (DPRK) operatives, sometimes for years. This is a wake-up call for employers to modernize identity verification and improve cyber-hiring resilience. Identity verification should go beyond basic document review to include government-issued ID validation, biometric face matching, and liveness detection. One example is HireRight's Global ID check, which leverages technology from identity verification provider Yoti Ltd. to authenticate identity documents from more than 200 countries. The system can also verify that the individual presenting the document is both physically present and matches the ID photo, all completed remotely in minutes. This process offers a practical alternative to in-person verification, helping employers strengthen identity assurance while streamlining remote hiring. Don't rely on a single video call. Spread interviews across stages, require on-camera participation during onboarding, and watch for proxies or inconsistencies in responses. Ensure endpoint protection is in place. Look for signs of foreign remote access, VPN manipulation, or device sharing. In KnowBe4's case, early detection through endpoint detection and response (EDR) software helped prevent a deeper breach. Be cautious about shipping equipment to addresses that don't match hiring documentation. If devices are requested at odd times or to alternate addresses, investigate further. The FBI warns of telltale signs of synthetic media, such as distorted facial features, inconsistent lighting, or awkward lip-syncing in video. Use identity screening platforms with liveness and deepfake detection features. Train HR and talent acquisition teams on how to recognize fraud indicators. Use the FBI's SIFT method — Stop, Investigate the source, Find trusted coverage, Trace original content — to evaluate suspicious profiles or resumes. The line between a fake resume and a national security breach is blurring. Remote hiring has created extraordinary flexibility for global workforces. It has also opened new frontiers for exploitation by nation-state actors using synthetic identities and cross-border deception. What began as a fringe tactic has become a well-coordinated global campaign, and the private sector is squarely in its sights. As Stu Sjouwerman, CEO of KnowBe4, warned after his company fell victim to one such scheme: As the DOJ ramps up enforcement and threat actors increase their sophistication, employers must shift from reactive to proactive hiring security. In this era, it's not enough to verify that someone can work. You must confirm who they are.
Voice of America
07-03-2025
- Politics
- Voice of America
ກະຊວງຍຸຕິທຳໄດ້ຟ້ອງຊາວຈີນ 12 ຄົນ ທີ່ຖືກກ່າວຫາວ່າ ລັກເຈາະຂໍ້ມູນ ຫຼື hacking
ເມື່ອວັນພຸດວານນີ້ ກະຊວງຍຸຕິທຳຂອງສະຫະລັດ ປະກາດການຟ້ອງຮ້ອງຊາວຈີນ 12 ຄົນທີ່ຖືກກ່າວຫາວ່າ ລັກເຈາະຂໍ້ມູນ ຫຼື ແຮັກກິ້ງ ໃນຄວາມພະຍາຍາມລະດັບໂລກ ທີ່ແນເປົ້າໝາຍໃສ່ນັກຕໍ່ຕ້ານລັດຖະບານ ທີ່ມີຫ້ອງການຢູ່ໃນສະຫະລັດ, ອົງການຂ່າວ, ອົງການລັດຖະບານ ແລະ ອົງການສາດສະໜາຂະໜາດໃຫຍ່ໃນສະຫະລັດ. ອີງຕາມການລາຍງານຂອງອົງການຂ່າວ ວີໂອເອ. ຕາມເອກະສານຂອງສານ ກະຊວງປ້ອງກັນຄວາມສະຫງົບ ແລະ ກະຊວງຄວາມໝັ້ນຄົງແຫ່ງລັດຂອງຈີນ ໃຊ້ເຄືອຂ່າຍຂອງບໍລິສັດເອກະຊົນ ແລະພວກແຮັກເກີ້ ຮັບຈ້າງເພື່ອລັກຂໍ້ມູນ ແລະຊ່ວຍຄົ້ນຫາຜູ້ຕໍ່ຕ້ານລັດຖະບານ ແລະວິພາກວິຈານຢູ່ທົ່ວໂລກ. ' ການປະກາດໃນມື້ນີ້ ເປີດເຜີຍໃຫ້ເຫັນວ່າ ກະຊວງປ້ອງກັນຄວາມສະຫງົບຂອງຈີນ ວ່າຈ້າງພວກແຮັກເກີ້ ເພື່ອສ້າງອັນຕະລາຍທາງລະບົບດິດຈິດໂຕລ ໃຫ້ກັບຊາວອາເມຣິກັນທີ່ວິພາກວິຈານພັກຄອມມູນິດຈີນ ຫຼື (CCP)' ໄບຣອັນ ວອນດຣານ (Bryan Vorndran) ຜູ້ຊ່ວຍອຳນວຍການຝ່າຍໄຊເບີ້ຂອງອົງການສັນຕິບານກາງ ຫຼື FBI ກ່າວໃນຖະແຫຼງການ. ຜູ້ຕ້ອງສົງໄສທັງ 12 ຄົນ ໄດ້ແກ່ເຈົ້າໜ້າທີ່ 2 ຄົນ ໃນກະຊວງປ້ອງກັນຄວາມສະຫງົບຂອງຈີນ ແລະ ພະນັກງານ 8 ຄົນ ຂອງບໍລິສັດທີ່ຮູ້ຈັກກັນໃນຊື່ i-Soon ແລະ ອີກ 2 ຄົນ ເປັນສະມາຊິກຂອງກຸ່ມທີ່ເອີ້ນວ່າ Advanced Persistent Threat 27 (APT27). ໂຄສົກຂອງສະຖານທູດຈີນ ໃນນະຄອນຫຼວງວໍຊິງຕັນ ທ່ານ ຫຼີວ ເຜີງຢູ ກ່າວກັບອົງການຂ່າວເອພີ ເມື່ອວັນພຸດວານນີ້ວ່າ ຂໍ້ກ່າວຫາດັ່ງກ່າວ ເປັນພຽງການໃສ່ຮ້າຍ ແລະ ກ່າວວ່າ ' ເຮົາຫວັງວ່າ ຝ່າຍທີ່ກ່ຽວຂ້ອງຈະສະແດງທ່າທີເປັນມືອາຊີບ ແລະມີຄວາມຮັບຜິດຊອບແລະສະຫຼຸບເຫດການທາງໄຊເບີ້ ໂດຍໃຊ້ຫຼັກຖານທີ່ພຽງພໍແທນທີ່ຈະໃຊ້ການຄາດເດົາ ແລະກ່າວຫາທີ່ບໍ່ມີມູນຄວາມຈິງ.' ຜູ້ຖືກຕັ້ງຂໍ້ກ່າວຫາທັງໝົດມີຈຳນວນຫຼາຍ ແລະກະຊວງຍຸຕິທຳສະເໜີລາງວັນສູງສຸດ 10 ລ້ານໂດລາສຳລັບຂໍ້ມູນກ່ຽວກັບເຈົ້າໜ້າທີ່ຕຳຫຼວດ MPS ແລະ i-Soon ຊຶ່ງເປັນບໍໍລິສັດຂອງຈີນ ທີ່ຈ້າງພວກແຮັກເກີ້ສ່ວນຫຼາຍ. ບໍລິສັດດັ່ງກ່າວ ຖືກກ່າວຫາວ່າ ຂາຍຂໍ້ມູນທີ່ລັກມາ ' ໃຫ້ກັບໜ່ວຍງານສືບຂ່າວລັບ ແລະຄວາມໝັ້ນຄົງຂອງຈີນ ເພື່ອປາບປາມເສລີພາບໃນການປາກເວົ້າແລະຂະບວນການປະຊາທິປະໄຕທົ່ວໂລກ ແລະກຸ່ມເປົ້າໝາຍທີ່ຖືກມອງວ່າເປັນໄພຄຸກຄາມຕໍ່ລັດຖະບານຈີນ' ຕາມຂ່າວປະຊາສຳພັນຈາກອົງການສັນຕິບານກາງ FBI. ອ່ານຂ່າວເປັນພາສາອັງກິດ The U.S. Justice Department announced indictments Wednesday against a dozen Chinese nationals accused in a global hacking campaign targeting U.S.-based dissidents, news organizations, government agencies and a large religious organization. According to court documents, China's Ministry of Public Security and Ministry of State Security used a network of private companies and hackers-for-hire to steal information and help locate dissidents and critics throughout the world. 'Today's announcements reveal that the Chinese Ministry of Public Security has been paying hackers-for-hire to inflict digital harm on Americans who criticize the Chinese Communist Party (CCP),' said Assistant Director Bryan Vorndran of the FBI's Cyber Division in a statement. The 12 suspects include two officers in China's Ministry of Public Security and eight employees of a company known as i-Soon and two members of a group known as Advanced Persistent Threat 27 (APT27). A spokesperson for the Chinese Embassy in Washington, Liu Pengyu, told The Associated Press Wednesday that the allegations were a 'smear' and said, 'We hope that relevant parties will adopt a professional and responsible attitude and base their characterization of cyber incidents on sufficient evidence rather than groundless speculation and accusations.' All of those indicted are at large, and the Justice Department is offering a reward of up to $10 million for information about the MPS officers and i-Soon, the Chinese company that employed most of the hackers. The company is accused of selling stolen information 'to China's intelligence and security services to suppress free speech and democratic processes worldwide, and target groups deemed a threat to the Chinese government,' according to a news release from the FBI.
Voice of America
06-03-2025
- Politics
- Voice of America
US indicts 12 Chinese nationals in hacking-for-hire scheme
The U.S. Justice Department announced indictments Wednesday against 12 Chinese nationals accused in a global hacking campaign targeting U.S.-based dissidents, news organizations, government agencies and a large religious organization. According to court documents, China's Ministry of Public Security and Ministry of State Security used a network of private companies and hackers-for-hire to steal information and help locate dissidents and critics throughout the world. "Today's announcements reveal that the Chinese Ministry of Public Security has been paying hackers-for-hire to inflict digital harm on Americans who criticize the Chinese Communist Party (CCP)," said Assistant Director Bryan Vorndran of the FBI's Cyber Division in a statement. The suspects include two officers in China's Ministry of Public Security, eight employees of a company known as i-Soon, and two members of a group known as Advanced Persistent Threat 27 (APT27). A spokesperson for the Chinese Embassy in Washington, Liu Pengyu, told The Associated Press Wednesday that the allegations were a "smear" and said, "We hope that relevant parties will adopt a professional and responsible attitude and base their characterization of cyber incidents on sufficient evidence rather than groundless speculation and accusations." All of those indicted are at large, and the Justice Department is offering a reward of up to $10 million for information about the MPS officers and i-Soon, the Chinese company that employed most of the hackers. The company is accused of selling stolen information "to China's intelligence and security services to suppress free speech and democratic processes worldwide, and target groups deemed a threat to the Chinese government," according to a news release from the FBI. i-Soon also conducted computer intrusions on its own initiative, charging "the MSS and MPS equivalent to between approximately $10,000 and $75,000 for each email inbox it successfully hacked," the indictment said. The company also provided training in hacking skills to the government agencies. Among the group's targets were a large religious organization critical of the Chinese government that previously sent missionaries to China, and a group that promoted human rights and religious freedom in China. The New York Assembly and multiple news organizations in the United States were targeted, including those that have opposed the Communist Party of China or delivered uncensored news to China. Foreign targets included a religious leader, a Hong Kong newspaper and the foreign ministries of Taiwan, India, South Korea, and Indonesia, according to the Justice Department release. Separate indictments were issued against the two men connected to APT27, Zhou Shuai and Yin Kecheng, "for their involvement in the multi-year, for-profit computer intrusion campaigns dating back, in the case of Yin, to 2013," the Justice Department release stated. The State Department announced a reward of up to $2 million for information leading to the arrest of Zhou and Yin. They are accused of hacking numerous "U.S.-based technology companies, think tanks, law firms, defense contractors, local governments, health care systems, and universities, leaving behind them a wake of millions of dollars in damages," the release stated. Yin is accused in a U.S. Treasury Department hack between September and December 2024. The two face several charges that include computer network conspiracy, wire fraud, aggravated identity theft and money laundering. "As evidenced by today's and previous announcements, China offers safe harbor for private sector companies that conduct malicious cyber activity against the United States and its partners," State Department spokesperson Tammy Bruce said in a statement. The indictments were the result of a joint investigation by the Justice Department, FBI, Naval Criminal Investigative Service and Departments of State and the Treasury. Information from The Associated Press was used in this report.
The Hill
05-03-2025
- Politics
- The Hill
DOJ charges Chinese hackers, government officials in campaign targeting US agencies
The U.S. government has charged 10 Chinese hackers-for-hire and two of the country's security officials in a scheme to steal data from American entities and dissidents of the Chinese government, the Department of Justice (DOJ) announced Wednesday. 'Today, we are exposing the Chinese government agents directing and fostering indiscriminate and reckless attacks against computers and networks worldwide, as well as the enabling companies and individual hackers that they have unleashed,' DOJ national security head Sue J. Bai said in a statement. 'We will continue to fight to dismantle this ecosystem of cyber mercenaries and protect our national security.' According to the DOJ, hackers worked independently and for state-affiliated contractor I-Soon to collect bounties from the People's Republic of China (PRC). The China's Ministry of Public Safety (MPS) and Ministry of State Security (MSS) targeted specific victims for exploitation, according to court documents. 'The MPS and MSS paid handsomely for stolen data,' the DOJ said in announcing the charges. 'Victims include U.S.-based critics and dissidents of the PRC, a large religious organization in the United States, the foreign ministries of multiple governments in Asia, and U.S. federal and state government agencies, including the U.S. Department of the Treasury in late 2024.' The U.S. Treasury Department revealed the breach last year. 'Operating from their safe haven and motivated by profit, this network of private companies and contractors in China cast a wide net to identify vulnerable computers, exploit those computers, and then identify information that it could sell directly or indirectly to the PRC government,' the DOJ said. FBI cyber division assistant director Bryan Vorndran thanked the 'victims who bravely came forward with evidence of intrusions.' 'And to those who choose to aid the CCP in its unlawful cyber activities, these charges should demonstrate that we will use all available tools to identify you, indict you, and expose your malicious activity for all the world to see,' Vorndran said in a statement. The Associated Press reported last year about the hacker-for-hire relationships that have fueled the Chinese government's quest for overseas intelligence.
