DOJ Charges North Korean Hackers for $1.3 Billion Conspiracy to Steal and Extortion Schemes

Canadian-American citizen arrested as a money launderer, Feds warn of N. Korea's Apple Jeus, Neuberger says nine federal agencies, 100 companies caught by SolarWinds breach, much more

As a reminder, if you subscribe to Metacurity, you will gain access to the full archives and special premium content. Sign up for your paid subscription below!

The U.S. Justice Department unsealed charges against three North Koreans who work for the Reconnaissance General Bureau, North Korea’s military intelligence agency, which houses hacking groups that go by various names, including Lazarus Group and Advanced Persistent Threat 38 (APT38). They stand accused of conspiring to steal and extort more than $1.3 billion in cash and cryptocurrency from banks and businesses worldwide, with one of the hackers, Park Jin Hyok, previously charged in 2014 with the connection of North Korea’s hack of Sony Pictures.

The DOJ also announced that a Canadian American citizen, Ghaleb Alaumary, has pleaded guilty to serving as a money launderer who assisted the alleged North Korean hackers.

The conspiracy charges against the hackers are wide-ranging and encompass ATM and cryptocurrency hacking, the creations of the damaging virus WannaCry, the development of malicious cryptocurrency applications, and more. The $1.3 billion figure represents almost half the total amount of North Korea’s civilian merchandise imports. (Ellen Nakashima / Washington Post)

The Cybersecurity and Infrastructure Security Agency, FBI, and Treasury Department issued a joint cybersecurity advisory about North Korean malicious activity known as AppleJeus, which the Lazarus Group has used. The advisory warns that AppleJeus is a modified cryptocurrency trading applications as a means to circumvent international sanctions on North Korea and is an evolving threat. (Homeland Security Today)

Related:Reuters: World NewsPerthNowBloombergThe VergeDataBreachToday.comFinextraEngadgetBleeping ComputerWiredPoliticoCNETCBSNews.comCNBCNBC NewsEngadgetComputerWeekly: IT securityZDNetYonhapNewsWashingtonExaminer.comSecurityWeekHomeland Security TodayThe Hill: CybersecurityCapital GazetteThreatpostThe GuardianUSATODAYSputnik NewsJustice.govNewsweekUPI.comDAILYSABAHChannel News AsiaCourthouse News ServiceAxiosLos Angeles TimesNews : NPRInside CybersecurityVoice of AmericaRoll CallSC MagazineEuro Weekly News SpainRT USAThe Record by Recorded FutureAssociated Press TechnologyThe IndependentNew York Daily NewsCyberscoopWashington PostWSJ Pro - Cybersecurity - HomeDevdiscourse News DeskSlashdotVox, WiredReuters: World NewsiTnews South China Morning PostDAILYSABAHABC.net.auFinancial Times TechnologyAl Jazeera English, SiliconANGLEFinextraBloombergDataBreachToday.comBleeping Computer, YonhapNews, Capital GazetteAxiosSecurity AffairsCourthouse News Service,Deutsche WelleThe Hill: CybersecurityGizmodoRT USADigital JournalCBSNews.comNew York TimesCNN.comFCWMashableNew York PostMobileSyrup.comLos Angeles TimesUPI.com,The Register - Security,  SC MagazineSTL.NewsDataBreaches.netHomeland Security Todayrthk.hk World NewsRFA HomeExploit OneMalay Mail - AllNews - English [KBS WORLD Radio]Krebs on SecurityThe IndependentAssociated Press TechnologyThe GuardianSecurityWeek, Reddit - cybersecurityMeritalkUS-CERT Current Activity, CNN.com

White House Deputy National Security Adviser for Cyber and Emerging Technology Anne Neuberger said during a White House press briefing that nine federal agencies and 100 private-sector companies had been affected by the massive SolarWinds hack, believed to be the result of Russian state hackers.

Neuberger says it will take months for the administration to uncover the hack “layer by layer.” (Chris Bing / Reuters)

Related: CNN.comCERT Recently Published Vulnerability NotesThe Hill: CybersecurityYahoo, CyberscoopFCWThe StreetDark ReadingRoll CallDevdiscourse News DeskInsideCyberSecurity.comWashington ExaminerThe Hill: CybersecurityDark ReadingCRN, WhiteHouse.gov

Independent security researcher Patrick Wardle may have found what might be the first example of a malicious application developed natively for Apple’s new ARM M1 processors.

Wardle found what looks like a new version of infamous adware for MacOS, Pirrit, that installs itself as a malicious Safari extension and is an updated version of an app that calls itself GoSearch22. Apple has revoked the developer certificate used by Pirrit's makers, preventing users from installing it. (Lorenzo Franceschi-Bicchierai / Motherboard)

Related: Tom's HardwareMacDailyNews9to5MacEngadgetInputMobileSyrup.com, UbergizmoiClarifiedArs TechnicaEngadgetGizmodoHotHardware.com9to5MacWCCFtechMacRumorsiPhone in Canada BlogSlashGearBGRTom's GuideiMoreThe Hacker News, iClarifiedUbergizmo, Objective-See

Researchers at Confiant say that the ScamClub malvertising group used a zero-day vulnerability in the WebKit web browser engine to push payloads redirected to gift card scams.

The researchers submitted findings to both Apple and Google Chrome, and WebKit received a patch on December 2. Confiant released indicators of compromise (IoCs) in their GitHub repository. (Ionut Ilascu / Bleeping Computer)

Related: The Hacker News, Confiant

The DoppelPaymer ransomware gang has produced evidence it is demanding that Kia Motors pay them 600 bitcoin worth around $20 million for a decryptor and not to leak stolen data.

Kia Motors America has been suffering a nationwide IT shutdown for the past several days, and although Kia says it cannot confirm a ransomware attack. (Lawrence Abrams / Bleeping Computer)

Related:MSSP AlertIndustry WeekDark Reading: Vulnerabilities / ThreatsSecureReadingSiliconANGLE

A group called “Myanmar Hackers” attacked military-run government websites as Myanmar copes with the chaos created by a military coup.

The hackers disrupted multiple government websites, including the Central Bank, Myanmar Military's propaganda page, state-run broadcaster MRTV, the Port Authority, Food, and Drug Administration. (AFP)

Related: TheNews.com.pkRiyad DailyDigital JournalChannel News AsiaMalay Mail - AllDigital JournalThe Guardian

Microsoft is force installing a Windows 10 update that removes the embedded 32-bit version of Adobe Flash Player from the operating system, marking the bitter end of embedded Flash in the Windows 10, Windows 8, and Windows Server operating systems. 

The automatic update to remove the embedded 32-bit Flash Player from Windows and prevent it from being installed again is installed without user permission or prompting. (Catalin Cimpanu / ZDNet)

Related: PetriCyber News GroupCERT Recently Published Vulnerability NotesWindows CentralBleeping Computer

A new report from F-Secure, based on interviews with a relatively small group of CISOs, says that emotional intelligence is becoming an increasingly important part of a CISO’s job.

Two-thirds of the CISOs said they understood the growing importance of emotional intelligence in enabling them to understand, empathize and negotiate with people both inside and outside of their organization. (James Coker / Infosecurity Magazine)

Related: Infosecurity MagazineBusiness Insider, Global Security MagazineComputerWeekly: IT securityBetaNews, F-Secure

Nigerian entrepreneur Obinwanne Okeke has been jailed for 10 years by a US federal court for masterminding an $11 million business email and computer hacking scheme on British company Unatrac Holding Limited.

Okeke, who was hailed in a Forbes magazine '30 under 30 entry, pleaded guilty to the charge in June 2020 after being arrested during a U.S. visit. (Nimi Princewill / CNN)

Related: DataBreaches.netThe Daily Swig, BBC News, Justice.gov

Security scanner start-up Spectral exited stealth mode with a $6.2 million seed funding round led by Amiti and MizMaa Ventures.

The DevSecOps company has built a hybrid engine that combines hundreds of detectors with AI to identify and block costly coding mistakes. (Annie Musgrove / Tech.eu)

Related: TechCrunch, SiliconAngle, SDTimes, FinSMEs

London-based mobile authentication platform, tru.ID has exited stealth mode with around $4.2 million in a fresh round of funding from investors, including Episode 1, MMC Ventures, and NHN Ventures.

tru.ID hopes to help developers eliminate passwords and bring user authentication to the current generation of mobile devices. It also wants to replace user authentication methods, such as email + password and SMS one-time-passwords. (Silicon Canals)

Related: Private Equity Wire, Telecompaper

Software vulnerability hunting start-up vArmour has raised $58 million in a new funding round led by AllegisCyber Capital and NightDragon, with participation from existing investors Standard Chartered Ventures, Highland Capital Partners, Telstra, Redline Capital, and EDBI.

According to vArmour, its platform can map out relationships between a company’s systems in hours instead of the months the task takes manually. (Maria Deutscher / Silicon Angle)

Related: FinSMEs, TechCrunch, Global Newswire

Managed detections and response solution company Red Canary closed an $81 million Series C funding round led by global growth equity investor Summit Partners, with Noro-Moseley Partners and Access Venture Partners' participation.

The company offers SaaS threat detection and a security operations team through remotely delivered, around-the-clock SOC capabilities and technology. (Michael Novinson / CRN)

Related: Denver Business Journal, AI Thority

Photo by Steve Barker on Unsplash