FlagThis

North Korean IT workers are increasingly using their access to company systems to steal source code and extort companies for ransom. These workers, often hired under false pretenses, are becoming more aggressive and are actively funneling funds back to the North Korean regime. The FBI and Mandiant have issued fresh warnings regarding this evolving threat, urging organizations to be vigilant. These North Korean IT workers are exploiting their remote access to extract sensitive data from companies and demand payment to prevent its release. Additionally, the US Department of Justice has charged several individuals involved in this scheme for conspiracy and money laundering. This highlights the severity and breadth of North Korean cybercrime activities.

A new cybersecurity advisory details tactics, techniques, and procedures (TTPs) used by the BianLian ransomware group, which is suspected of targeting critical infrastructure. BianLian’s methods include data exfiltration and extortion. The advisory underscores the growing threat of ransomware attacks targeting critical infrastructure and highlights the need for proactive security measures to mitigate the impact of such incidents.

A prolific hacker known as Kiberphant0m, suspected to be a U.S. Army soldier stationed in South Korea, is extorting companies that use the cloud data storage company Snowflake. The hacker obtained stolen Snowflake account credentials and is selling data stolen from customers who refuse to pay a ransom. The stolen data includes sensitive customer information from major corporations such as AT&T, which has led to high-profile threats of data leaks involving government officials.