December 13, 2024 at 11:45AM The U.S. Department of Justice has indicted 14 North Korean nationals for allegedly violating sanctions through a scheme involving wire fraud, money laundering, and identity theft. They illegally sought remote IT jobs while generating at least $88 million for the North Korean regime, utilizing various deceptive tactics to conceal their … Read more
November 25, 2024 at 08:01AM Microsoft reports that North Korean fake IT workers have infiltrated global markets, particularly in the US, UK, and Australia, generating revenue for the regime while potentially stealing data. Numerous fake profiles exist online, and various North Korean threat actors engage in phishing and cryptocurrency theft, targeting sensitive sectors like aerospace … Read more
November 23, 2024 at 07:24AM The North Korean threat actor Sapphire Sleet has reportedly stolen over $10 million in cryptocurrency through social engineering via fake LinkedIn profiles since 2020. Utilizing malware disguised as skills assessments and AI-generated identities, they target users in job recruitment scams, gaining system access and financial credentials for theft. **Meeting Takeaways … Read more
November 20, 2024 at 08:37PM The US Department of Justice has indicted five individuals linked to the cyber gang Scattered Spider, accused of stealing millions in cryptocurrency through SMS phishing and social engineering. The group also targeted MGM Resorts and Caesars Entertainment. Arrests were made in the US and Spain, with serious charges facing the … Read more
November 20, 2024 at 02:29PM The U.S. Justice Department has charged five members of the Scattered Spider cybercrime gang with wire fraud and identity theft, accused of stealing over $11 million from cryptocurrency wallets through SMS phishing. This loosely organized group employs varied tactics and has connections to other hacking collectives and ransomware gangs. ### … Read more
November 15, 2024 at 09:14AM Ilya Lichtenstein has been sentenced to five years in prison for stealing nearly 120,000 Bitcoin from Bitfinex in 2016, worth about $69 million at the time. He and his wife, Heather Morgan, also pleaded guilty to laundering the stolen proceeds. Their assets will be forfeited to the US government. ### … Read more
November 1, 2024 at 05:11AM LottieFiles reported a supply chain attack on Lottie-Player, aimed at stealing cryptocurrency. This breach poses risks to cryptocurrency wallets, highlighting vulnerabilities in software supply chains. **Meeting Takeaways:** 1. **Incident Confirmation**: LottieFiles has confirmed a breach involving Lottie-Player. 2. **Nature of the Attack**: The breach is classified as a supply chain … Read more
October 23, 2024 at 02:08PM The North Korean Lazarus hacking group exploited a Google Chrome zero-day (CVE-2024-4947) through a fake DeFi game, targeting cryptocurrency users. Discovered by Kaspersky on May 13, 2024, the exploit gained access to sensitive data. Google issued a fix by May 25, 2024, addressing the vulnerability. ### Meeting Takeaways: **Incident Overview:** … Read more
October 6, 2024 at 11:50AM Evan Frederick Light from Indiana pleaded guilty to stealing $37.7 million worth of cryptocurrency from 571 victims in a 2022 cyberattack. He stole the funds by exploiting vulnerabilities in an investment company’s servers and used various means to conceal the trace of the assets. The FBI tracked and arrested Light, … Read more
September 28, 2024 at 06:24AM A malicious Android app discovered in the Google Play Store masqueraded as a legitimate WalletConnect protocol to deceive users and steal $70,000 in cryptocurrency. It achieved over 10,000 downloads through fake reviews and consistent branding, impacting over 150 users. The app prompted users to sign transactions, enabling attackers to drain … Read more