Latest news with #cyberattacks
Coin Geek
6 hours ago
- Business
- Coin Geek
North Korea exploits job market in latest cyberattacks: report
Getting your Trinity Audio player ready... In its ongoing campaign to evade sanctions and raise funds, North Korea's innovative hacking army has turned to the international job market, using artificial intelligence (AI) to pose as remote IT workers and offering fake IT jobs to gain access to western companies' cloud systems. North Korea, or the Democratic People's Republic of Korea (DPRK), has been continuously under some form of sanction since the end of the Korean War in 1953, primarily trade and financial restrictions from the United States. However, the sanctions were dramatically expanded in 2006 after North Korea's first test of its nuclear weapon program, with a number of countries and international bodies imposing additional investment, financial assistance, and travel sanctions. Up until Russia's illegal invasion of Ukraine in February 2022, North Korea was the most sanctioned country in the world. Naturally, these sanctions have taken a toll. Accurate data for North Korea can be hard to come by, but in 2023, the Bank of Korea (BOK) estimated North Korea's gross domestic product (GDP) at around $29.6 billion, which would place it around 109th in the world. For comparison, South Korea is 15th, at around $1.7 trillion. In recent years, North Korea has increasingly turned to hacking and cyberattacks as a way to make and launder money, with the digital asset and blockchain space proving particularly fruitful. The social media gateway Last week, Google Cloud published its H2 2025 Cloud Threat Horizons Report, which revealed that the 'Google Threat Intelligence Group' is 'actively tracking' UNC4899, a North Korean hacking operation that successfully hacked two companies after contacting employees via social media. In both cases, 'under the guise of freelance opportunities for software development work,' UNC4899 attackers successfully convinced the targeted employees of the companies to download and run malware, which established connections between the hacker-controlled command-and-control infrastructures and the target companies' cloud-based systems. After gaining access, UNC4899 conducted 'several internal reconnaissance activities on the victims' hosts and connected environments, before obtaining credential materials they used to pivot to the victims' cloud environments.' Eventually, the hacking group had the necessary credentials and information to transfer 'millions worth of cryptocurrency' out of company accounts. According to cloud security firm Wiz, which also reported on the UNC4899 hacks, this type of cyberattack falls within a cluster of such activity referred to by the U.S. government as 'TraderTraitor.' 'TraderTraitor has conducted several major campaigns since 2020, all sharing common tactics (social engineering, trojanized malware or code) but targeting different parts of the cryptocurrency ecosystem,' explained Wiz. The U.S. Treasury confirmed that the North Korea-backed entities behind TraderTraitor are tracked as Lazarus Group, APT38, BlueNoroff, and Stardust Chollima. The former of these, Lazarus Group, is the notorious North Korean hacking organization behind—among other attacks—the record-breaking February 2025 hack of digital asset exchange Bybit, in which the group stole $1.4 billion worth of Ethereum's ETH token—the largest exploit of its kind. Financial gain is the primary strategic objective of TraderTraitor, but Wiz also warned that it 'may also pursue strategic espionage objectives in the crypto/blockchain sector,' with reports indicating the attackers appear to seek to acquire sensitive cryptocurrency intellectual property and technology. While infiltrating companies by offering freelance work to existing employees has seen some notable successes for North Korean hackers, it's not the only employment-related avenue proving profitable for the country. Wolves in sheep's clothing On August 4, U.S.-based cybersecurity giant CrowdStrike released its '2025 Threat Hunting Report,' in which it highlighted the rise of the 'enterprising adversary.' In the context of North Korea, the company identified more than 320 incidents over the past 12 months in which state operatives gained fraudulent employment as remote software developers for Western companies. According to CrowdStrike, this marks a 220% increase from the previous year. Essentially, the scheme involves North Korean actors using false identities, resumes, and work histories, usually generated by artificial intelligence, to gain employment and earn money for the regime. The fake employees, many of whom don't speak English fluently, then use sophisticated AI to do the majority of the work required of them. CrowdStrike identified the North Korean hacking group dubbed 'Famous Chollima' as one of the principal offenders, conducting insider threat operations at 'an exceptionally high operational tempo.' 'Famous Chollima has been able to sustain this pace by interweaving GenAI-powered tools that automate and optimize workflows at every stage of the hiring and employment process,' said the report. This includes using generative AI and other AI-powered tools to draft resumes, modify or 'deepfake' their appearance during remote interviews, and translate for them. 'Once hired, Famous Chollima IT workers use GenAI code assistants (such as Microsoft Copilot or VSCodium) and GenAI translation tools to assist with daily tasks and correspondence related to their legitimate job functions,' explained the report. 'These operatives are not fluent in English, likely work three or four jobs simultaneously, and require GenAI to complete their work and manage and respond to multiple streams of communication.' Once employed, these operatives can also use their position and credentials to gain access to sensitive company data, which they can later use to extort the company. In this part of the operation, AI tools again come in useful to hackers, as CrowdStrike noted: 'They are using publicly available models to aid their reconnaissance, vulnerability research, and phishing campaign content and payload development.' CrowdStrike recommended several measures to reduce these attacks, including enhanced identity verification processes during the hiring phase, real-time deepfake challenges during interview or employment assessment sessions, and training programs designed to teach hiring managers and IT personnel to recognize potential insider threats using AI tools. In order for artificial intelligence (AI) to work right within the law and thrive in the face of growing challenges, it needs to integrate an enterprise blockchain system that ensures data input quality and ownership—allowing it to keep data safe while also guaranteeing the immutability of data. Check out CoinGeek's coverage on this emerging tech to learn more why Enterprise blockchain will be the backbone of AI. Watch: Blockchain could revolutionize cybersecurity title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen="">
Yahoo
a day ago
- Business
- Yahoo
Motorola Solutions raises annual revenue forecast on steady demand
(Reuters) -Safety and enterprise security services provider Motorola Solutions raised annual revenue forecast on Thursday, driven by robust demand for its safety and security solutions. Government agencies and businesses have been making efforts to strengthen their security and communication infrastructure, aiming to prevent disruptions to operations caused by cyberattacks, benefiting Motorola. The verticals that drive Motorola's enterprise security business are healthcare, critical infrastructure and education, which are markets that tend to be more resilient. To address the impact of tariffs, Motorola has been implementing discretionary cost controls, adjusting its supply chain and increasing pricing across its portfolio. The company makes radio communication equipment, 911 emergency call handling software and body cameras widely used by law enforcement agencies in the United States and globally. Motorola has also expanded into video surveillance and data analytics, integrating these technologies into its tools for public safety and first responders. In July, the company said it will introduce AI labelsacross its safety and security products to enhance transparency around the use of artificial intelligence in public safety and enterprise security. The company closed its acquisition of wireless-radio maker Silvus Technologies for $4.4 billion on Wednesday, aiming to strengthen its market position and capitalize on rising demand. Motorola now forecasts fiscal 2025 revenue growth of 7.7% to about $11.65 billion, including expected revenue related to Silvus, higher than its prior projection of a 5.5% growth. Analysts expect $11.41 billion in revenue, according to data compiled by LSEG. Its revenue for the second quarter was $2.77 billion, compared with an estimate of $2.73 billion. Adjusted quarterly profit was $3.75 per share, up from $3.24 a year ago. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
CTV News
a day ago
- Politics
- CTV News
U.S. federal courts say their systems were targeted by recent cyberattacks
WASHINGTON - The federal judiciary's information technology systems have been targeted by 'recent escalated cyberattacks of a sophisticated and persistent nature,' the Administrative Office of the U.S. Courts said in a statement on Thursday. The statement follows a Politico report late on Wednesday that the judiciary's electronic case filing system had been compromised in a sweeping hack that was believed to have exposed sensitive court data in several states. Politico, which cited two people familiar with the matter, said the incident had affected the judiciary's federal case management system, which includes the Case Management/Electronic Case Files, or CM/ECF, which legal professionals use to upload and manage case documents; and Public Access to Court Electronic Records, or PACER, which provides the public with pay-for access to some of the same data. The Administrative Office's statement did not address the specifics of Politico's reporting. It said the judiciary was focused on 'further enhancing security of the system' and 'working with courts to mitigate the impact on litigants.' Reporting by Raphael SatterEditing by Rod Nickel.
Reuters
a day ago
- Politics
- Reuters
US federal courts say their systems were targeted by recent cyberattacks
WASHINGTON, Aug 7 (Reuters) - The federal judiciary's information technology systems have been targeted by "recent escalated cyberattacks of a sophisticated and persistent nature," the Administrative Office of the U.S. Courts said in a statement on Thursday, opens new tab. The statement follows a Politico report late on Wednesday that the judiciary's electronic case filing system had been compromised in a sweeping hack that was believed to have exposed sensitive court data in several states. Politico, which cited two people familiar with the matter, said the incident had affected the judiciary's federal case management system, opens new tab, which includes the Case Management/Electronic Case Files, or CM/ECF, which legal professionals use to upload and manage case documents; and Public Access to Court Electronic Records, or PACER, which provides the public with pay-for access to some of the same data. The Administrative Office's statement did not address the specifics of Politico's reporting. It said the judiciary was focused on "further enhancing security of the system" and "working with courts to mitigate the impact on litigants."
CNA
a day ago
- Politics
- CNA
US federal courts say their systems were targeted by recent cyberattacks
WASHINGTON :The federal judiciary's information technology systems have been targeted by "recent escalated cyberattacks of a sophisticated and persistent nature," the Administrative Office of the U.S. Courts said in a statement on Thursday. The statement follows a Politico report late on Wednesday that the judiciary's electronic case filing system had been compromised in a sweeping hack that was believed to have exposed sensitive court data in several states. Politico, which cited two people familiar with the matter, said the incident had affected the judiciary's federal case management system, which includes the Case Management/Electronic Case Files, or CM/ECF, which legal professionals use to upload and manage case documents; and Public Access to Court Electronic Records, or PACER, which provides the public with pay-for access to some of the same data. The Administrative Office's statement did not address the specifics of Politico's reporting. It said the judiciary was focused on "further enhancing security of the system" and "working with courts to mitigate the impact on litigants."
