DOJ Charges North Korean Hackers for $1.3 Billion Conspiracy to Steal and Extortion Schemes
Canadian-American citizen arrested as a money launderer, Feds warn of N. Korea's Apple Jeus, Neuberger says nine federal agencies, 100 companies caught by SolarWinds breach, much more
As a reminder, if you subscribe to Metacurity, you will gain access to the full archives and special premium content. Sign up for your paid subscription below!
The U.S. Justice Department unsealed charges against three North Koreans who work for the Reconnaissance General Bureau, North Korea’s military intelligence agency, which houses hacking groups that go by various names, including Lazarus Group and Advanced Persistent Threat 38 (APT38). They stand accused of conspiring to steal and extort more than $1.3 billion in cash and cryptocurrency from banks and businesses worldwide, with one of the hackers, Park Jin Hyok, previously charged in 2014 with the connection of North Korea’s hack of Sony Pictures.
The DOJ also announced that a Canadian American citizen, Ghaleb Alaumary, has pleaded guilty to serving as a money launderer who assisted the alleged North Korean hackers.
The conspiracy charges against the hackers are wide-ranging and encompass ATM and cryptocurrency hacking, the creations of the damaging virus WannaCry, the development of malicious cryptocurrency applications, and more. The $1.3 billion figure represents almost half the total amount of North Korea’s civilian merchandise imports. (Ellen Nakashima / Washington Post)
The Cybersecurity and Infrastructure Security Agency, FBI, and Treasury Department issued a joint cybersecurity advisory about North Korean malicious activity known as AppleJeus, which the Lazarus Group has used. The advisory warns that AppleJeus is a modified cryptocurrency trading applications as a means to circumvent international sanctions on North Korea and is an evolving threat. (Homeland Security Today)
Related:Reuters: World News, PerthNow, Bloomberg, The Verge, DataBreachToday.com, Finextra, Engadget, Bleeping Computer, Wired, Politico, CNET, CBSNews.com, CNBC, NBC News, Engadget, ComputerWeekly: IT security, ZDNet, YonhapNews, WashingtonExaminer.com, SecurityWeek, Homeland Security Today, The Hill: Cybersecurity, Capital Gazette, Threatpost, The Guardian, USATODAY, Sputnik News, Justice.gov, Newsweek, UPI.com, DAILYSABAH, Channel News Asia, Courthouse News Service, Axios, Los Angeles Times, News : NPR, Inside Cybersecurity, Voice of America, Roll Call, SC Magazine, Euro Weekly News Spain, RT USA, The Record by Recorded Future, Associated Press Technology, The Independent, New York Daily News, Cyberscoop, Washington Post, WSJ Pro - Cybersecurity - Home, Devdiscourse News Desk, Slashdot, Vox, Wired, Reuters: World News, iTnews , South China Morning Post, DAILYSABAH, ABC.net.au, Financial Times Technology, Al Jazeera English, SiliconANGLE, Finextra, Bloomberg, DataBreachToday.com, Bleeping Computer, YonhapNews, Capital Gazette, Axios, Security Affairs, Courthouse News Service,Deutsche Welle, The Hill: Cybersecurity, Gizmodo, RT USA, Digital Journal, CBSNews.com, New York Times, CNN.com, FCW, Mashable, New York Post, MobileSyrup.com, Los Angeles Times, UPI.com,The Register - Security, SC Magazine, STL.News, DataBreaches.net, Homeland Security Today, rthk.hk World News, RFA Home, Exploit One, Malay Mail - All, News - English [KBS WORLD Radio], Krebs on Security, The Independent, Associated Press Technology, The Guardian, SecurityWeek, Reddit - cybersecurity, Meritalk, US-CERT Current Activity, CNN.com
White House Deputy National Security Adviser for Cyber and Emerging Technology Anne Neuberger said during a White House press briefing that nine federal agencies and 100 private-sector companies had been affected by the massive SolarWinds hack, believed to be the result of Russian state hackers.
Neuberger says it will take months for the administration to uncover the hack “layer by layer.” (Chris Bing / Reuters)
Related: CNN.com, CERT Recently Published Vulnerability Notes, The Hill: Cybersecurity, Yahoo, Cyberscoop, FCW, The Street, Dark Reading, Roll Call, Devdiscourse News Desk, InsideCyberSecurity.com, Washington Examiner, The Hill: Cybersecurity, Dark Reading, CRN, WhiteHouse.gov
Independent security researcher Patrick Wardle may have found what might be the first example of a malicious application developed natively for Apple’s new ARM M1 processors.
Wardle found what looks like a new version of infamous adware for MacOS, Pirrit, that installs itself as a malicious Safari extension and is an updated version of an app that calls itself GoSearch22. Apple has revoked the developer certificate used by Pirrit's makers, preventing users from installing it. (Lorenzo Franceschi-Bicchierai / Motherboard)
Related: Tom's Hardware, MacDailyNews, 9to5Mac, Engadget, Input, MobileSyrup.com, Ubergizmo, iClarified, Ars Technica, Engadget, Gizmodo, HotHardware.com, 9to5Mac, WCCFtech, MacRumors, iPhone in Canada Blog, SlashGear, BGR, Tom's Guide, iMore, The Hacker News, iClarified, Ubergizmo, Objective-See
Researchers at Confiant say that the ScamClub malvertising group used a zero-day vulnerability in the WebKit web browser engine to push payloads redirected to gift card scams.
The researchers submitted findings to both Apple and Google Chrome, and WebKit received a patch on December 2. Confiant released indicators of compromise (IoCs) in their GitHub repository. (Ionut Ilascu / Bleeping Computer)
The DoppelPaymer ransomware gang has produced evidence it is demanding that Kia Motors pay them 600 bitcoin worth around $20 million for a decryptor and not to leak stolen data.
Kia Motors America has been suffering a nationwide IT shutdown for the past several days, and although Kia says it cannot confirm a ransomware attack. (Lawrence Abrams / Bleeping Computer)
A group called “Myanmar Hackers” attacked military-run government websites as Myanmar copes with the chaos created by a military coup.
The hackers disrupted multiple government websites, including the Central Bank, Myanmar Military's propaganda page, state-run broadcaster MRTV, the Port Authority, Food, and Drug Administration. (AFP)
Microsoft is force installing a Windows 10 update that removes the embedded 32-bit version of Adobe Flash Player from the operating system, marking the bitter end of embedded Flash in the Windows 10, Windows 8, and Windows Server operating systems.
The automatic update to remove the embedded 32-bit Flash Player from Windows and prevent it from being installed again is installed without user permission or prompting. (Catalin Cimpanu / ZDNet)
A new report from F-Secure, based on interviews with a relatively small group of CISOs, says that emotional intelligence is becoming an increasingly important part of a CISO’s job.
Two-thirds of the CISOs said they understood the growing importance of emotional intelligence in enabling them to understand, empathize and negotiate with people both inside and outside of their organization. (James Coker / Infosecurity Magazine)
Nigerian entrepreneur Obinwanne Okeke has been jailed for 10 years by a US federal court for masterminding an $11 million business email and computer hacking scheme on British company Unatrac Holding Limited.
Okeke, who was hailed in a Forbes magazine '30 under 30 entry, pleaded guilty to the charge in June 2020 after being arrested during a U.S. visit. (Nimi Princewill / CNN)
Security scanner start-up Spectral exited stealth mode with a $6.2 million seed funding round led by Amiti and MizMaa Ventures.
The DevSecOps company has built a hybrid engine that combines hundreds of detectors with AI to identify and block costly coding mistakes. (Annie Musgrove / Tech.eu)
London-based mobile authentication platform, tru.ID has exited stealth mode with around $4.2 million in a fresh round of funding from investors, including Episode 1, MMC Ventures, and NHN Ventures.
tru.ID hopes to help developers eliminate passwords and bring user authentication to the current generation of mobile devices. It also wants to replace user authentication methods, such as email + password and SMS one-time-passwords. (Silicon Canals)
Software vulnerability hunting start-up vArmour has raised $58 million in a new funding round led by AllegisCyber Capital and NightDragon, with participation from existing investors Standard Chartered Ventures, Highland Capital Partners, Telstra, Redline Capital, and EDBI.
According to vArmour, its platform can map out relationships between a company’s systems in hours instead of the months the task takes manually. (Maria Deutscher / Silicon Angle)
Managed detections and response solution company Red Canary closed an $81 million Series C funding round led by global growth equity investor Summit Partners, with Noro-Moseley Partners and Access Venture Partners' participation.
The company offers SaaS threat detection and a security operations team through remotely delivered, around-the-clock SOC capabilities and technology. (Michael Novinson / CRN)