Latest news with #ITworkers
Coin Geek
19 hours ago
- Business
- Coin Geek
North Korea exploits job market in latest cyberattacks: report
Getting your Trinity Audio player ready... In its ongoing campaign to evade sanctions and raise funds, North Korea's innovative hacking army has turned to the international job market, using artificial intelligence (AI) to pose as remote IT workers and offering fake IT jobs to gain access to western companies' cloud systems. North Korea, or the Democratic People's Republic of Korea (DPRK), has been continuously under some form of sanction since the end of the Korean War in 1953, primarily trade and financial restrictions from the United States. However, the sanctions were dramatically expanded in 2006 after North Korea's first test of its nuclear weapon program, with a number of countries and international bodies imposing additional investment, financial assistance, and travel sanctions. Up until Russia's illegal invasion of Ukraine in February 2022, North Korea was the most sanctioned country in the world. Naturally, these sanctions have taken a toll. Accurate data for North Korea can be hard to come by, but in 2023, the Bank of Korea (BOK) estimated North Korea's gross domestic product (GDP) at around $29.6 billion, which would place it around 109th in the world. For comparison, South Korea is 15th, at around $1.7 trillion. In recent years, North Korea has increasingly turned to hacking and cyberattacks as a way to make and launder money, with the digital asset and blockchain space proving particularly fruitful. The social media gateway Last week, Google Cloud published its H2 2025 Cloud Threat Horizons Report, which revealed that the 'Google Threat Intelligence Group' is 'actively tracking' UNC4899, a North Korean hacking operation that successfully hacked two companies after contacting employees via social media. In both cases, 'under the guise of freelance opportunities for software development work,' UNC4899 attackers successfully convinced the targeted employees of the companies to download and run malware, which established connections between the hacker-controlled command-and-control infrastructures and the target companies' cloud-based systems. After gaining access, UNC4899 conducted 'several internal reconnaissance activities on the victims' hosts and connected environments, before obtaining credential materials they used to pivot to the victims' cloud environments.' Eventually, the hacking group had the necessary credentials and information to transfer 'millions worth of cryptocurrency' out of company accounts. According to cloud security firm Wiz, which also reported on the UNC4899 hacks, this type of cyberattack falls within a cluster of such activity referred to by the U.S. government as 'TraderTraitor.' 'TraderTraitor has conducted several major campaigns since 2020, all sharing common tactics (social engineering, trojanized malware or code) but targeting different parts of the cryptocurrency ecosystem,' explained Wiz. The U.S. Treasury confirmed that the North Korea-backed entities behind TraderTraitor are tracked as Lazarus Group, APT38, BlueNoroff, and Stardust Chollima. The former of these, Lazarus Group, is the notorious North Korean hacking organization behind—among other attacks—the record-breaking February 2025 hack of digital asset exchange Bybit, in which the group stole $1.4 billion worth of Ethereum's ETH token—the largest exploit of its kind. Financial gain is the primary strategic objective of TraderTraitor, but Wiz also warned that it 'may also pursue strategic espionage objectives in the crypto/blockchain sector,' with reports indicating the attackers appear to seek to acquire sensitive cryptocurrency intellectual property and technology. While infiltrating companies by offering freelance work to existing employees has seen some notable successes for North Korean hackers, it's not the only employment-related avenue proving profitable for the country. Wolves in sheep's clothing On August 4, U.S.-based cybersecurity giant CrowdStrike released its '2025 Threat Hunting Report,' in which it highlighted the rise of the 'enterprising adversary.' In the context of North Korea, the company identified more than 320 incidents over the past 12 months in which state operatives gained fraudulent employment as remote software developers for Western companies. According to CrowdStrike, this marks a 220% increase from the previous year. Essentially, the scheme involves North Korean actors using false identities, resumes, and work histories, usually generated by artificial intelligence, to gain employment and earn money for the regime. The fake employees, many of whom don't speak English fluently, then use sophisticated AI to do the majority of the work required of them. CrowdStrike identified the North Korean hacking group dubbed 'Famous Chollima' as one of the principal offenders, conducting insider threat operations at 'an exceptionally high operational tempo.' 'Famous Chollima has been able to sustain this pace by interweaving GenAI-powered tools that automate and optimize workflows at every stage of the hiring and employment process,' said the report. This includes using generative AI and other AI-powered tools to draft resumes, modify or 'deepfake' their appearance during remote interviews, and translate for them. 'Once hired, Famous Chollima IT workers use GenAI code assistants (such as Microsoft Copilot or VSCodium) and GenAI translation tools to assist with daily tasks and correspondence related to their legitimate job functions,' explained the report. 'These operatives are not fluent in English, likely work three or four jobs simultaneously, and require GenAI to complete their work and manage and respond to multiple streams of communication.' Once employed, these operatives can also use their position and credentials to gain access to sensitive company data, which they can later use to extort the company. In this part of the operation, AI tools again come in useful to hackers, as CrowdStrike noted: 'They are using publicly available models to aid their reconnaissance, vulnerability research, and phishing campaign content and payload development.' CrowdStrike recommended several measures to reduce these attacks, including enhanced identity verification processes during the hiring phase, real-time deepfake challenges during interview or employment assessment sessions, and training programs designed to teach hiring managers and IT personnel to recognize potential insider threats using AI tools. In order for artificial intelligence (AI) to work right within the law and thrive in the face of growing challenges, it needs to integrate an enterprise blockchain system that ensures data input quality and ownership—allowing it to keep data safe while also guaranteeing the immutability of data. Check out CoinGeek's coverage on this emerging tech to learn more why Enterprise blockchain will be the backbone of AI. Watch: Blockchain could revolutionize cybersecurity title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen="">
WIRED
2 days ago
- Business
- WIRED
Leak Reveals the Workaday Lives of North Korean IT Scammers
Aug 7, 2025 7:15 PM Spreadsheets, Slack messages, and files linked to an alleged group of North Korean IT workers expose their meticulous job-planning and targeting—and the constant surveillance they're under. PHOTO-ILLUSTRATION: WIRED STAFF; GETTY IMAGES Job hunting is a fresh kind of hell. Hours are wasted sifting through open roles, tweaking cover letters, dealing with obtuse recruiters—and that's all before you get started with potential interviews. Arguably, some of the world's most prolific job applicants—or at least most persistent—are those of North Korea's sprawling IT worker schemes. For years, Kim Jong Un's repressive regime has successfully sent skilled coders abroad where they're tasked with finding remote work and sending money back to the heavily sanctioned and isolated nation. Each year, thousands of IT workers bring in somewhere between $250 million and $600 million, according to United Nations estimates. Now an apparent huge new trove of data, obtained by a cybersecurity researcher, sheds new light on how one group of alleged North Korean IT workers has been running its operations and the meticulous planning involved in the money-making schemes. Money made by scam IT workers contributes to North Korea's weapons of mass destruction development efforts and ballistic missile programs, the US government has said. Emails, spreadsheets, documents, and chat messages from Google, Github, and Slack accounts allegedly linked to the alleged North Korean scammers show how they track potential jobs, log their ongoing applications, and record earnings with a painstaking attention to detail. The cache of data, which represents a glimpse into the workaday life of some of North Korea's IT workers, also purportedly includes fake IDs that may be used for job applications, as well as example cover letters, details of laptop farms, and manuals used to create online accounts. It reinforces how reliant upon US-based tech services, such as Google, Slack, and GitHub, the DPRK workers are. 'I think this is the first time to see their internal [operations], how they are working,' says the security researcher, who uses the handle SttyK and asked not to be named due to privacy and security concerns. SttyK, who is presenting their findings at the Black Hat security conference in Las Vegas today, says an unnamed confidential source provided them with the data from the online accounts. 'There are several dozen gigabytes worth of data. There are thousands of emails,' says SttyK, who showed WIRED their presentation ahead of the conference. North Korea's IT workers have, in recent years, infiltrated huge Fortune 500 companies, a host of tech and crypto firms, and countless small businesses. While not all IT worker teams use the same approaches, they often use fake or stolen identities to get work and also use facilitators who help cover their digital tracks. The IT workers are often based in Russia or China and are given more freedom and liberties—they've been seen enjoying pool parties and dining out on expensive steak dinners—than millions of North Koreans who are not afforded basic human rights. One North Korean defector who operated as an IT worker recently told the BBC that 85 percent of their ill-gained earnings were sent to North Korea. 'It's still much better than when we were in North Korea,' they said. Multiple screenshots of spreadsheets in the data obtained by SttyK show a cluster of IT workers that appear to be split into 12 groups—each with around a dozen members—and an overall 'master boss.' The spreadsheets are methodologically put together to track jobs and budgets: They have summary and analysis tabs that drill down into the data for each group. Rows and columns are neatly filled out; they appear to be updated and maintained regularly. The tables show the potential target jobs for IT workers. One sheet, which seemingly includes daily updates, lists job descriptions ('need a new react and web3 developer'), the companies advertising them, and their locations. It also links to the vacancies on freelance websites or contact details for those conducting the hiring. One 'status' column says whether they are 'waiting' or if there has been 'contact.' Screenshots of one spreadsheet seen by WIRED appears to list the potential real-world names of the IT workers themselves. Alongside each name is a register of the make and model of computer they allegedly have, as well as monitors, hard drives, and serial numbers for each device. The 'master boss,' who does not have a name listed, is apparently using a 34-inch monitor and two 500GB hard drives. One 'analysis' page in the data seen by SttyK, the security researcher, shows a list of types of work the group of fraudsters are involved in: AI, blockchain, web scraping, bot development, mobile app and web development, trading, CMS development, desktop app development, and 'others.' Each category has a potential budget listed and a 'total paid' field. A dozen graphs in one spreadsheet claim to track how much they have been paid, the most lucrative regions to make money from, and whether getting paid weekly, monthly, or as a fixed sum is the most successful. 'It's professionally run,' says Michael 'Barni' Barnhart, a leading North Korean hacking and threat researcher who works for insider threat security firm DTEX. 'Everyone has to make their quotas. Everything needs to be jotted down. Everything needs to be noted,' he says. The researcher adds that he has seen similar levels of record keeping with North Korea's sophisticated hacking groups, which have stolen billions in cryptocurrency in recent years, and are largely separate to IT worker schemes. Barnhart has viewed the data obtained by SttyK and says it overlaps with what he and other researchers were tracking. 'I do think this data is very real,' says Evan Gordenker, a consulting senior manager at the Unit 42 threat intelligence team of cybersecurity company Palo Alto Networks, who has also seen the data SttyK obtained. Gordenker says the firm had been tracking multiple accounts in the data and that one of the prominent GitHub accounts was previously exposing the IT workers' files publicly. None of the DPRK-linked email addresses responded to WIRED's requests for comment. GitHub removed three developer accounts after WIRED got in touch, with Raj Laud, the company's head of cybersecurity and online safety, saying they have been suspended in line with its 'spam and inauthentic activity' rules. 'The prevalence of such nation-state threat activity is an industry-wide challenge and a complex issue that we take seriously,' Laud says. Google declined to comment on specific accounts WIRED provided, citing policies around account privacy and security. 'We have processes and policies in place to detect these operations and report them to law enforcement,' says Mike Sinno, director of detection and response at Google. 'These processes include taking action against fraudulent activity, proactively notifying targeted organizations, and working with public and private partnerships to share threat intelligence that strengthens defenses against these campaigns.' 'We have strict policies in place that prohibit the use of Slack by sanctioned individuals or entities, and we take swift action when we identify activity that violates these rules,' says Allen Tsai, senior director of corporate communications at Slack's parent company Salesforce. 'We cooperate with law enforcement and relevant authorities as required by law and do not comment on specific accounts or ongoing investigations.' Another spreadsheet also lists members as being part of a 'unit' called 'KUT,' a potential abbreviation of North Korea's Kim Chaek University of Technology, which has been cited in US government warnings about DPRK-linked IT workers. One column in the spreadsheet also lists 'ownership' as 'Ryonbong,' likely referring to defense company Korea Ryonbong General Corporation, which has been sanctioned by the US since 2005 and UN since 2009. 'The vast majority of them [IT workers] are subordinate to and working on behalf of entities directly involved in the DPRK's UN-prohibited WMD and ballistic missile programs, as well as its advanced conventional weapons development and trade sectors,' the US Treasury Department said in a May 2022 report. Across the myriad of IT worker-linked GitHub and LinkedIn accounts, CVs, and portfolio websites that researchers have identified in recent years, there are often distinct patterns. Email addresses and accounts use the same names; CVs can look identical. 'Reusing resume content is also something that we've seen frequently across their profiles,' says Benjamin Racenberg, a senior researcher who has tracked North Korean IT worker personas at cybersecurity firm Nisos. Racenberg says the scammers are increasingly adopting AI for image manipulation, video calls, and as part of scripts they use. 'For portfolio websites, we've seen them use templates and use the same template over and over again,' Racenberg says. That all points to some day-to-day drudgery for the IT workers tasked with running the criminal schemes for the Kim regime. 'It's a lot of copy and paste,' Unit 42's Gordenker says. One suspected IT worker Gordenker has tracked was spotted using 119 identities. 'He Googles Japanese name generators—spelled wrong of course—and then over the course of about four hours, just fills out spreadsheets just full of names and potential places [to target].' The detailed documentation also serves another purpose, though: tracking the IT workers and their actions. 'There's a lot of moving parts once the money gets into the actual hands of leadership, so they're going to need accurate numbers,' DTEX's Barnhart says. Employee monitoring software has been seen on the scammers' machines in some instances and researchers claim North Koreans in job interviews won't answer questions about Kim. SttyK says they saw dozens of screen recordings in Slack channels showing the workers daily activity. In screenshots of a Slack instance, the 'Boss' account sends a message: '@channel: Everyone should try to work more than at least 14 hrs a day.' The next message they sent says: 'This time track includes idling time, as you know.' 'Interestingly, their communication has been all English, not Korean,' SttyK says. The researcher, along with others, speculates this may be for a couple of reasons: first, to blend into legitimate activity; and secondly, to help improve their English skills for applications and interviews. Google account data, SttyK says, shows they were frequently using online translation to process messages. Beyond a glimpse at the ways in which the IT workers track their performance, the data SttyK obtained gives some limited clues about the day-to-day lives of the individual scammers themselves. One spreadsheet lists a volleyball tournament the IT workers apparently had planned; in Slack channels, they celebrated birthdays and shared inspirational memes from a popular Instagram account. In some screen recordings, SttyK says, they can be seen playing Counter-Strike . 'I felt there was a strong unity among the members,' SttyK says.
TechCrunch
5 days ago
- Business
- TechCrunch
North Korean spies posing as remote workers have infiltrated hundreds of companies, says CrowdStrike
Researchers at security giant CrowdStrike say they have seen hundreds of cases where North Koreans posing as remote IT workers have infiltrated companies to generate money for the regime, marking a sharp increase over previous years. Per CrowdStrike's latest threat hunting report, the company has identified over 320 incidents over the past 12 months, up by 220% from the year earlier, in which North Koreans gained fraudulent employment at Western companies working remotely as developers. The scheme relies on North Koreans using false identities, resumes, and work histories to gain employment and earn money for the regime, as well as allowing access for the workers to steal data from the companies they work for and later extort them. The aim is to generate funds for North Korea's sanctioned nuclear weapons program, which has so far made billions of dollars for the regime to date. It's not known exactly how many North Korean IT workers are currently working for unknowing U.S. companies, but some have estimated the number to be in the thousands. According to CrowdStrike, the North Korean IT workers, which the company calls 'Famous Chollima' using its naming scheme of hacking groups, rely on generative AI and other AI-powered tools to draft resumes and modify or 'deepfake' their appearance during remote interviews. While the scheme is not new, North Koreans are increasingly succeeding at getting jobs, despite sanctions laws preventing U.S. companies from hiring North Korean workers. CrowdStrike said in its report that one of the ways to prevent hiring sanctioned workers is by implementing better identity verification processes during the hiring phase. TechCrunch has anecdotally heard of some crypto-focused companies asking prospective employees to say critical things about North Korea's leader, Kim Jong Un, in an effort to weed out potential spies. The would-be North Korean employees are often highly monitored and surveilled, making any such request impossible and likely outing the fraudulent worker. Over the past year, the U.S. Department of Justice has sought to disrupt these operations by going after the U.S.-based facilitators who help run and operate the scheme for their North Korean bosses. These operations have included targeting the individuals who run 'laptop farm' operations, which include racks of open laptops used by the North Koreans to remotely do their work as if they were physically located in the United States. Prosecutors said in a June indictment that one North Korean operation stole the identities of 80 individuals in the U.S. between 2021 and 2024 to get remote work at more than 100 U.S. companies.
The Guardian
6 days ago
- Business
- The Guardian
Ninety laptops, millions of dollars: US woman jailed over North Korea remote-work scam
In March 2020, about the time the Covid pandemic started, Christina Chapman, a woman who lived in Arizona and Minnesota, received a message on LinkedIn asking her to 'be the US face' of a company and help overseas IT workers gain remote employment. As working from home became the norm for many people, Chapman was able to find jobs for the foreign workers at hundreds of US companies, including some in the Fortune 500, such as Nike; 'a premier Silicon Valley technology company'; and one of the 'most recognizable media and entertainment companies in the world'. The employers thought they were hiring US citizens. They were actually people in North Korea. Chapman was participating in the North Korean government's scheme to deploy thousands of 'highly skilled IT workers' by stealing identities to make it look like they were in the US or other countries. They have collected millions of dollars to boost the government's nuclear weapons development, according to the US justice department and court records. Chapman's bizarre story – which culminated in an eight-year prison sentence – is a curious mix of geopolitics, international crime and one woman's tragic tale of isolation and working from home in a gig-dominated economy where increasingly everything happens through a computer screen and it is harder to tell fact from fiction. The secret North Korean workers, according to the federal government and cybersecurity experts, not only help the US's adversary – a dictatorship which has been hobbled by international sanctions over its weapons program – but also harm US citizens by stealing their identities and potentially hurt domestic companies by 'enabling malicious cyber intrusions' into their networks. 'Once Covid hit and everybody really went virtual, a lot of the tech jobs never went back to the office,' said Benjamin Racenberg, a senior intelligence manager at Nisos, a cybersecurity firm. 'Companies quickly realized: I can get good talent from anywhere. North Koreans and other employment fraudsters have realized that they can trick hiring systems to get jobs. I don't think that we have done enough as a community to prevent this.' To run the schemes, the North Koreans need facilitators in the United States, because the companies 'aren't going to willingly send laptops to North Korea or even China', said Adam Meyers, head of counter-adversary operations for CrowdStrike, a cybersecurity firm. 'They find somebody that is also looking for a gig-economy job, and they say, 'Hey, we are happy to get you $200 per laptop that you manage,'' said Meyers, whose team has published reports on the North Korean operation. Chapman grew up in an abusive home and drifted 'between low-paying jobs and unstable housing', according to documents submitted by her attorneys. In 2020, she was also taking care of her mother, who had been diagnosed with renal cancer. About six months after the LinkedIn message, Chapman started running what law enforcement officials describe as 'laptop farms'. In addition to hosting computers, she helped the North Koreans pose as US citizens by validating stolen identity information; sent some laptops abroad; logged into the computers so that the foreign workers could connect remotely; and received paychecks and transferred the money to the workers, according to court documents. Meanwhile, the North Koreans created fictitious personas and online profiles to match the job requirements for remote IT worker positions. They often got the jobs through staffing agencies. In one case, a 'top-five five national television network and media company' headquartered in New York hired one of the North Koreans as a video-streaming engineer. The person posing as 'Daniel B' asked Chapman to join a Microsoft Teams meeting with the employer so that the co-conspirator could also join. The indictment does not list victims' full names. 'I just typed in the name Daniel,' Chapman told the person in North Korea, according to court records of an online conversation. 'If they ask WHY you are using two devices, just say the microphone on your laptop doesn't work right.' 'OK,' the foreign actor responded. 'Most IT people are fine with that explanation,' Chapman replied. Chapman was aware that her actions were illegal. 'I hope you guys can find other people to do your physical I-9s. These are federal documents. I will SEND them for you, but have someone else do the paperwork. I can go to FEDERAL PRISON for falsifying federal documents,' Chapman wrote to a group of her co-conspirators. Chapman was also active on social media. In a video posted in June 2023, she talked about having breakfast on the go because she was so busy, and her clients were 'going crazy!', Wired reported. Behind Chapman were racks with at least a dozen open laptops with sticky notes. In October 2023, federal investigators raided her home and found 90 laptops. In February this year, she pleaded guilty to conspiracy to commit wire fraud, aggravated identity theft and conspiracy to launder monetary instruments. Over the three years that Chapman worked with the North Koreans, some of the employees received hundreds of thousands of dollars from a single company. In total, the scheme generated $17m for Chapman and the North Korean government. The fraudsters also stole the identities of 68 people, who then also had false tax liabilities, according to the justice department. In a letter to the court before her sentencing, Chapman thanked the FBI for arresting her because she had been 'trying to get away from the guys that I was working with for awhile [sic] and I wasn't really sure how to do it'. 'The area where we lived didn't provide for a lot of job opportunities that fit what I needed,' Chapman wrote. 'To the people who were harmed, I send my sincerest apologies. I am not someone who seeks to harm anyone, so knowing that I was a part of a company that set out to harm people is devastating to me.' Last week, US district court judge Randolph Moss sentenced Chapman to more than eight years in prison; to forfeit $284,000 that was to be paid to the North Koreans, and to pay a fine of $176,000. Chapman and her co-conspirators were not the only ones conducting such fraud. In January, the federal government also charged two people in North Korea, a Mexican citizen and two US citizens for a scheme that helped North Korean IT workers land jobs with at least 64 US companies and generated at least $866,000 in revenue, according to the justice department. Racenberg, of Nisos, said he expected cybercriminals to use artificial intelligence to 'get better and better' at performing such schemes. Companies should conduct 'open-source research' on applicants because oftentimes the fraudsters reuse résumé content, Racenberg said. 'If you put the first few lines of the résumé in, you might find two, three other résumés online that are exactly the same with these very similar companies or similar dates,' Racenberg added. 'That should raise some flags.' During an interview, if there is background noise that sounds like a call center or if the applicant refuses to remove a fake or blurred background, that could also be cause for concern, Meyers, of CrowdStrike, said. And companies should ask new hires to visit the office to pick up their laptop rather than mail it to them because that allows the company to see if the person who shows up is the same one you interviewed, Racenberg said. Five years after the pandemic, more companies have also started to require employees to return to the office at least part time. If all corporations did that, would it eliminate the threat? 'It's going to prevent all of this from happening, yes,' Racenberg said. 'But are we going to go back to that? Probably not.'
WIRED
05-07-2025
- WIRED
Android May Soon Warn You About Fake Cell Towers
Jul 5, 2025 6:30 AM Plus: Iran-linked hackers threaten to release Trump campaign emails, Chinese hackers still in US telecoms networks, and an abusive deepfake website plans an expansion. Photo-Illustration:In recent years, North Korea has deployed thousands of so-called IT workers to infiltrate Western businesses, get paid salaries, and send money back to support the regime. As the schemes have become more successful, they have grown increasingly elaborate and employed new tactics to evade detection. But this week, the United States Justice Department revealed one of its biggest operations to tackle IT workers to date. The DOJ says it has identified six Americans who allegedly helped enable the schemes and has arrested one of them. Law enforcement officials searched 29 'laptop farms' in 16 states and seized more than 200 computers, as well as web domains and financial accounts. Meanwhile, a group of young cybercriminals has been causing chaos around the world, leaving grocery stores empty and temporarily grounding some flights in the wake of their crippling cyberattacks. After a quiet period in 2024, the Scattered Spider hackers have returned this year and are ruthlessly targeting retailers, insurers, and airlines. Also this week, we've detailed how LGBTIQ+ organizations in El Salvador are helping activists chronicle attacks against their community and better protect themselves against state surveillance. And there's more. Each week, we round up the security and privacy news we didn't cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there. Cell-site simulators, often known as stingrays or IMSI catchers, are some of the most stealthy and powerful surveillance tools in operation today. The devices, which impersonate cell towers and intercept communications, can collect call metadata, location information, and other traffic about what you do on your devices. They've increasingly been used by law enforcement and immigration officials. However, according to reporting from Android Authority and Ars Technica, upcoming hardware advances has led to Google upping its efforts to combat the potential snooping. Starting in Android 16, compatible devices will be able to identify when networks request device identifiers, such as device or SIM IDs, and issue alerts when you are connecting to a non-encrypted cell network. Examples of alerts show warnings that 'calls, messages, and data are vulnerable to interception' when connected to insecure networks. There will also be notifications when you move back to an encrypted network. An option to turn on these notifications appears on a mobile network security settings page alongside the option to avoid 2G networks, which could help block some IMSI catchers from connecting to your device. However, while the settings will reportedly be available in Android 16, it may take some time for Android devices to widely use the required hardware. Iran-Linked Hackers Threaten to Release 100 GB of Trump Campaign Emails Ahead of the presidential election last November, Iran-linked hackers attacked Donald Trump's presidential campaign and stole scores of emails in an apparent bid to influence the election results. Some of the emails were distributed to journalists and the Biden campaign. This week, following the Israel-Iran conflict and US intervention with 'bunker-buster' bombs, the hackers behind the email compromise reemerged, telling Reuters that they may disclose or sell more of the stolen emails. The cybercriminals claimed they had stolen 100 GB of emails, including some from Susie Wiles, the White House chief of staff. The cache of emails also allegedly includes those from Lindsey Halligan, a Trump lawyer, adviser Roger Stone, and adult film star Stormy Daniels. The hackers, who have used the name Robert, told Reuters they wanted to 'broadcast this matter.' It is unclear whether they will act upon the threats. In response, US officials claimed that the threat from the hackers was a 'calculated smear campaign' by a foreign power. 'A hostile foreign adversary is threatening to illegally exploit purportedly stolen and unverified material in an effort to distract, discredit, and divide,' Marci McCarthy, a spokesperson for the Cybersecurity and Infrastructure Security Agency, said in a statement. Chinese Hackers Lay 'Dormant' in US Telecoms Networks, FBI Says Over the past few years, Chinese hacker group Salt Typhoon has been on a hacking rampage against US telecoms networks, successfully breaking into at least nine firms and gaining access to Americans' texts and calls. Brett Leatherman, the recently appointed leader of the FBI's cyber division, tells Cyberscoop that the Chinese hackers are now 'largely contained' and lying 'dormant' in the networks. The groups have not been kicked out of networks, Leatherman said, since the longer they are in the systems there are more ways they can find to 'create points of persistence.' 'Right now, we're very focused on resilience and deterrence and providing significant support to victims,' Leatherman said. Explicit Deepfake Website Leaks User Information, Has Expansion Plans Revealed Deepfake platforms that allow people to create nonconsensual, often illegal, harmful images of women without clothes on have boomed in recent years. Now a former whistleblower and leaked documents from one of the largest so-called 'nudify' apps, Clothoff, claims the service has a multimillion-euro budget and is planning an aggressive expansion where it will create nonconsensual explicit images of celebrities and influencers, according to reporting by German publication Der Spiegel. The alleged expansion has a marketing budget of €150,000 (around $176,000) per country to promote the images of celebrities and influencers, according to the report. It says more than 'three dozen people' work for Clothoff, and the publication identified some of the potential key operators of the platform. Documents exposed online also revealed customer email addresses. A spokesperson who claimed to represent Clothoff denied there were more than 30 people as part of the central team and told Der Spiegel it does not have a multimillion-euro budget.
