The CyberWire Daily Briefing
"Tennessee man arrested for alleged participation in North Korean employment scheme.
Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents. Accessed on 10 August 2024, 1623 UTC.
Content and Source: https://thecyberwire.com/newsletters/daily-briefing/13/152
Please check link or scroll down to read your selections. Thanks for joining us today.
Russ Roberts (https://www.hawaiicybersecurityjournal.net).
Daily Briefing for 08.09.24
Announcement
Upcoming webinar: Unpacking the 2024 Ransomware Landscape
Join David Bittner and Deepen Desai, Chief Security Officer at Zscaler, on August 22nd for an exclusive deep dive into the latest findings from the Zscaler ThreatLabz 2024 Ransomware Report. In this discussion, we will highlight critical insights into the most targeted industries and regions, uncover the dynamics behind a record ransom payout, discuss emerging ransomware families to watch, and share predictions for the upcoming year. Register now to secure your spot.
Summary
Join David Bittner and Deepen Desai, Chief Security Officer at Zscaler, on August 22nd for an exclusive deep dive into the latest findings from the Zscaler ThreatLabz 2024 Ransomware Report. In this discussion, we will highlight critical insights into the most targeted industries and regions, uncover the dynamics behind a record ransom payout, discuss emerging ransomware families to watch, and share predictions for the upcoming year. Register now to secure your spot.
At a glance.
- Tennessee man arrested for alleged participation in North Korean employment scheme.
- Iranian influence operations focus on the US elections.
- ADT discloses data breach.
- Tennessee man arrested for alleged participation in North Korean employment scheme.
- Iranian influence operations focus on the US elections.
- ADT discloses data breach.
Tennessee man arrested for alleged participation in North Korean employment scheme.
The US Justice Department has arrested a man in Nashville, Tennessee, for allegedly helping North Korean IT workers get remote jobs at companies in the US and the UK. Matthew Isaac Knoot is accused of running a "laptop farm" to make the North Korean workers appear as if they were located in the US.
The Justice Department stated, "The victim companies shipped laptops addressed to 'Andrew M.' to Knoot’s residences. Following receipt of the laptops, and without authorization, Knoot logged on to the laptops, downloaded and installed unauthorized remote desktop applications, and accessed the victim companies’ networks, causing damage to the computers. The remote desktop applications enabled the North Korean IT workers to work from locations in China, while appearing to the victim companies that 'Andrew M.' was working from Knoot’s residences in Nashville. For his participation in the scheme, Knoot was paid a monthly fee for his services by a foreign-based facilitator who went by the name Yang Di."
The Justice Department says North Korea's remote IT workers "have been known individually earn up to $300,000 annually, generating hundreds of millions of dollars collectively each year, on behalf of designated entities, such as the North Korean Ministry of Defense and others directly involved in the DPRK’s UN-prohibited WMD programs."
Unlock Key Insights from the SANS Application & API Security Survey 2024Discover how leading AppSec testing tools are securing today’s complex dev environments. The SANS report provides essential findings and expert recommendations on maximizing the impact of pentesting, DAST, SCA, and more. Streamline remediation with pre-validated findings and protect your expanding attack surface effectively.
The US Justice Department has arrested a man in Nashville, Tennessee, for allegedly helping North Korean IT workers get remote jobs at companies in the US and the UK. Matthew Isaac Knoot is accused of running a "laptop farm" to make the North Korean workers appear as if they were located in the US.
The Justice Department stated, "The victim companies shipped laptops addressed to 'Andrew M.' to Knoot’s residences. Following receipt of the laptops, and without authorization, Knoot logged on to the laptops, downloaded and installed unauthorized remote desktop applications, and accessed the victim companies’ networks, causing damage to the computers. The remote desktop applications enabled the North Korean IT workers to work from locations in China, while appearing to the victim companies that 'Andrew M.' was working from Knoot’s residences in Nashville. For his participation in the scheme, Knoot was paid a monthly fee for his services by a foreign-based facilitator who went by the name Yang Di."
The Justice Department says North Korea's remote IT workers "have been known individually earn up to $300,000 annually, generating hundreds of millions of dollars collectively each year, on behalf of designated entities, such as the North Korean Ministry of Defense and others directly involved in the DPRK’s UN-prohibited WMD programs."
Discover how leading AppSec testing tools are securing today’s complex dev environments. The SANS report provides essential findings and expert recommendations on maximizing the impact of pentesting, DAST, SCA, and more. Streamline remediation with pre-validated findings and protect your expanding attack surface effectively.
Iranian influence operations focus on the US elections.
Microsoft has published a report on Iranian cyber operations focused on the US 2024 elections. Microsoft says Mint Sandstorm, a threat actor attributed to the Islamic Revolutionary Guard Corps (IRGC), "sent a spear-phishing email to a high-ranking official of a presidential campaign from a compromised email account of a former senior advisor." The same group also "unsuccessfully attempted to log in to an account belonging to a former presidential candidate." Additionally, Peach Sandstorm, another group tied to the IRGC, compromised a low-level user account at a county government in a swing state.
Microsoft is also tracking an Iranian influence operation "comprising four websites masquerading as news outlets [that are] actively engaging US voter groups on opposing ends of the political spectrum with polarizing messaging on issues such as the US presidential candidates, LGBTQ rights, and the Israel-Hamas conflict." The threat actor uses generative AI tools to assist in this operation, but the campaign hasn't seen much traffic so far.
Microsoft adds, "Looking forward, we expect Iranian actors will employ cyberattacks against institutions and candidates while simultaneously intensifying their efforts to amplify existing divisive issues within the US, like racial tensions, economic disparities, and gender-related issues."
DMV Rising, D.C.’s Premier Conference for Cyber Execs.The Washington, D.C. Maryland, and Virginia (DMV) region has established itself as a top-tier player in the global cyber industry. Join us on September 12, 2024 to celebrate the remarkable accomplishments of the DMV's cybersecurity community, connect with the brilliant minds shaping the future of the field, and experience firsthand why the DMV region is the beating heart of cyber innovation. Register now to secure your spot.
Microsoft has published a report on Iranian cyber operations focused on the US 2024 elections. Microsoft says Mint Sandstorm, a threat actor attributed to the Islamic Revolutionary Guard Corps (IRGC), "sent a spear-phishing email to a high-ranking official of a presidential campaign from a compromised email account of a former senior advisor." The same group also "unsuccessfully attempted to log in to an account belonging to a former presidential candidate." Additionally, Peach Sandstorm, another group tied to the IRGC, compromised a low-level user account at a county government in a swing state.
Microsoft is also tracking an Iranian influence operation "comprising four websites masquerading as news outlets [that are] actively engaging US voter groups on opposing ends of the political spectrum with polarizing messaging on issues such as the US presidential candidates, LGBTQ rights, and the Israel-Hamas conflict." The threat actor uses generative AI tools to assist in this operation, but the campaign hasn't seen much traffic so far.
Microsoft adds, "Looking forward, we expect Iranian actors will employ cyberattacks against institutions and candidates while simultaneously intensifying their efforts to amplify existing divisive issues within the US, like racial tensions, economic disparities, and gender-related issues."
The Washington, D.C. Maryland, and Virginia (DMV) region has established itself as a top-tier player in the global cyber industry. Join us on September 12, 2024 to celebrate the remarkable accomplishments of the DMV's cybersecurity community, connect with the brilliant minds shaping the future of the field, and experience firsthand why the DMV region is the beating heart of cyber innovation. Register now to secure your spot.
ADT discloses data breach.
US residential security company ADT has disclosed a data breach that affected "limited customer information, email addresses, and locations," BleepingComputer reports. ADT said in an SEC filing, "Based on its investigation to date, the Company has no reason to believe that customers’ home security systems were compromised during this incident. Additionally, the Company has no reason to believe the attackers obtained other personally sensitive information such as credit card data or banking information."
BleepingComputer notes that a threat actor posted data allegedly stolen from ADT on a cybercriminal forum on July 31st, claiming the data includes "30,800 customer records, including customer emails, complete addresses, user IDs, and the products purchased."
US residential security company ADT has disclosed a data breach that affected "limited customer information, email addresses, and locations," BleepingComputer reports. ADT said in an SEC filing, "Based on its investigation to date, the Company has no reason to believe that customers’ home security systems were compromised during this incident. Additionally, the Company has no reason to believe the attackers obtained other personally sensitive information such as credit card data or banking information."
BleepingComputer notes that a threat actor posted data allegedly stolen from ADT on a cybercriminal forum on July 31st, claiming the data includes "30,800 customer records, including customer emails, complete addresses, user IDs, and the products purchased."
Notes.
Today's issue includes events affecting Iran, the Democratic People's Republic of Korea, the United Kingdom, and the United States.
Sponsored EventsUpcoming Cyber Security Summits (Multiple Cities, Aug 20 - Sep 6, 2024) Join us In-Person and network over breakfast, lunch & a cocktail reception on 8/20 in Detroit, 8/22 in Portland, 8/27 in San Antonio and 9/6 in Chicago! Learn about the latest threats and solutions from The FBI, U.S. DHS/CISA, City of Detroit, City of Chicago & more. Earn CPE/CEU credits with your attendance. Get 50% off admission w/ code CSS24-CYBERWIRE at CyberSecuritySummit.com (Only $125 with code)Upcoming webinar: Unpacking the 2024 Ransomware Landscape (Virtual, Aug 22, 2024) Join David Bittner and Deepen Desai, Chief Security Officer at Zscaler, on August 22nd for an exclusive deep dive into the latest findings from the Zscaler ThreatLabz 2024 Ransomware Report. In this discussion, we will highlight critical insights into the most targeted industries and regions, uncover the dynamics behind a record ransom payout, discuss emerging ransomware families to watch, and share predictions for the upcoming year. Register now to secure your spot.DMV Rising, D.C.’s Premier Conference for Cyber Execs. (Virtual and Washington, DC, US, Sep 12, 2024) The Washington, D.C. Maryland, and Virginia (DMV) region has established itself as a top-tier player in the global cyber industry. Join us on September 12, 2024 to celebrate the remarkable accomplishments of the DMV's cybersecurity community, connect with the brilliant minds shaping the future of the field, and experience firsthand why the DMV region is the beating heart of cyber innovation. Register now to secure your spot.ISC2 Security Congress 2024 (Virtual / Las Vegas, NV, US, Oct 14 - 16, 2024) Join us at ISC2 Security Congress, October 14-16 in Las Vegas or online. Connect with global cyber experts, hear from four keynote speakers, and participate in one of eight pre-conference workshops. Discover cutting-edge insights and advance your skills in cybersecurity. Don’t miss out!Step into the heart of excitement at the Finance & Accounting Technology Expo! (New York, NY, Oct 29 - 30, 2024) FATE is the leading expo in the finance industry, bringing together experts, innovators, and professionals like yourself to connect, explore and expand! There will be over 70 technologies, more than 60 learning sessions, incredible networking with over 1000 finance and accounting professionals -- and great keynote speakers. Our keynote speakers range from Shark Tank Judge Daymond John to CFO Glenn Hopper and even a TechStack of Sports panel, bringing you CFOs of some of the most recognized brands in sports sharing how technology powers their decisions and their growth! This premier event will leave you with the latest insights, strategies, and tools necessary to excel in the dynamic landscape of finance, accounting, and technology. And the best part is that – it's FREE! Use Code: wko735 and reduce your ticket price to $0. Register here today!Selected Reading
Today's issue includes events affecting Iran, the Democratic People's Republic of Korea, the United Kingdom, and the United States.
Attacks, Threats, and Vulnerabilities
Exclusive: Russian spies hacked UK government systems earlier this year, stole data and emails (The Record) Russian spies hacked the British government earlier this year, stealing internal emails and data on individuals from the Home Office's corporate systems via an attack on Microsoft.
Cisco warns of critical RCE zero-days in end of life IP phones (BleepingComputer) Cisco is warning of multiple critical remote code execution zero-days in the web-based management interface of the end-of-life Small Business SPA 300 and SPA 500 series IP phones.
Exclusive: Russian spies hacked UK government systems earlier this year, stole data and emails (The Record) Russian spies hacked the British government earlier this year, stealing internal emails and data on individuals from the Home Office's corporate systems via an attack on Microsoft.
Cisco warns of critical RCE zero-days in end of life IP phones (BleepingComputer) Cisco is warning of multiple critical remote code execution zero-days in the web-based management interface of the end-of-life Small Business SPA 300 and SPA 500 series IP phones.
Marketplace
OPSWAT Acquires InQuest, Strengthening Federal Go-to-Market Strategy, Network Detection, and Threat Intelligence Capabilities (PR Newswire) /PRNewswire/ -- OPSWAT, a global leader in critical infrastructure protection (CIP) cybersecurity solutions, announced at Black Hat USA its acquisition of...
Jamf launches Global Partner Program to deliver tailored opportunities for partner growth (Jamf) Latest initiative improves speed to market, partner experience and scale through points-based system
Keeper Security Appoints Paul Aronhime as Senior Vice President of Federal Sector (PR Newswire) /PRNewswire/ -- Keeper Security, a leading provider of zero-trust and zero-knowledge cybersecurity software, is pleased to announce the appointment of Paul...
OPSWAT Acquires InQuest, Strengthening Federal Go-to-Market Strategy, Network Detection, and Threat Intelligence Capabilities (PR Newswire) /PRNewswire/ -- OPSWAT, a global leader in critical infrastructure protection (CIP) cybersecurity solutions, announced at Black Hat USA its acquisition of...
Jamf launches Global Partner Program to deliver tailored opportunities for partner growth (Jamf) Latest initiative improves speed to market, partner experience and scale through points-based system
Keeper Security Appoints Paul Aronhime as Senior Vice President of Federal Sector (PR Newswire) /PRNewswire/ -- Keeper Security, a leading provider of zero-trust and zero-knowledge cybersecurity software, is pleased to announce the appointment of Paul...
Products, Services, and Solutions
Trend Micro Strengthens AI Deployments for Enterprises and Governments with NVIDIA AI Enterprise (Trend Micro | Newsroom) Trend Micro Incorporated (TYO: 4704; TSE: 4704) has launched multiple efforts to shape the future of AI implementation by enterprises and governments. The new solution, included in Trend Micro's...
Securonix and Cribl Form Strategic Partnership to Bolster Threat Detection Against AI-Powered Cyber Threats Through Expanded Data Ingestion Capabilities (BusinessWire) Strategic partnership enables organizations to leverage Cribl to ingest broader range of data into Securonix’s Gartner Magic Quadrant-leading SIEM for enhanced defense against AI-based cyber threats
Trend Micro Expands Partnership Focus to Secure Enterprise AI Use (Trend Micro | Newsroom) Trend Micro Incorporated (TYO: 4704; TSE: 4704) continues to pioneer advancements in its cybersecurity platform to secure enterprise AI use. Aligned with this innovation focus, the company today...
MetaRouter and Zeotap Partner to Deliver an End-to-End, Europe-Centric Customer Data Solution That Puts Privacy and Security At the Forefront (PR Newswire) /PRNewswire/ -- We are thrilled to announce a new partnership between MetaRouter, the trailblazers in server-side tag management and real-time event routing,...
Securonix EON: The Next Wave of Innovation Arrives at Black Hat USA 2024 (Securonix) Securonix is thrilled to unveil the next wave of innovation for Securonix EON at Black Hat USA 2024.
Trend Micro Strengthens AI Deployments for Enterprises and Governments with NVIDIA AI Enterprise (Trend Micro | Newsroom) Trend Micro Incorporated (TYO: 4704; TSE: 4704) has launched multiple efforts to shape the future of AI implementation by enterprises and governments. The new solution, included in Trend Micro's...
Securonix and Cribl Form Strategic Partnership to Bolster Threat Detection Against AI-Powered Cyber Threats Through Expanded Data Ingestion Capabilities (BusinessWire) Strategic partnership enables organizations to leverage Cribl to ingest broader range of data into Securonix’s Gartner Magic Quadrant-leading SIEM for enhanced defense against AI-based cyber threats
Trend Micro Expands Partnership Focus to Secure Enterprise AI Use (Trend Micro | Newsroom) Trend Micro Incorporated (TYO: 4704; TSE: 4704) continues to pioneer advancements in its cybersecurity platform to secure enterprise AI use. Aligned with this innovation focus, the company today...
MetaRouter and Zeotap Partner to Deliver an End-to-End, Europe-Centric Customer Data Solution That Puts Privacy and Security At the Forefront (PR Newswire) /PRNewswire/ -- We are thrilled to announce a new partnership between MetaRouter, the trailblazers in server-side tag management and real-time event routing,...
Securonix EON: The Next Wave of Innovation Arrives at Black Hat USA 2024 (Securonix) Securonix is thrilled to unveil the next wave of innovation for Securonix EON at Black Hat USA 2024.
Legislation, Policy, and Regulation
UN cybercrime treaty passes in unanimous vote (The Record) The United Nations passed its first cybercrime treaty on Thursday in a unanimous vote supporting an agreement first put forward by Russia.
UN cybercrime treaty passes in unanimous vote (The Record) The United Nations passed its first cybercrime treaty on Thursday in a unanimous vote supporting an agreement first put forward by Russia.
Litigation, Investigation, and Law Enforcement
SEC decides against penalizing MOVEit software maker (The Record) Progress Software, the company behind MOVEit, says it will not face enforcement action by the Securities and Exchange Commission (SEC) related to a widely exploited vulnerability in the product.
Industry EventsFor a complete running list of events, please visit the Event Tracker.
SEC decides against penalizing MOVEit software maker (The Record) Progress Software, the company behind MOVEit, says it will not face enforcement action by the Securities and Exchange Commission (SEC) related to a widely exploited vulnerability in the product.
For a complete running list of events, please visit the Event Tracker.
Events
Unpacking the 2024 Ransomware Landscape: Insights and Strategies from ThreatLabz (Virtual, Aug 22, 2024) This live discussion on the latest findings from the Zscaler ThreatLabz 2024 Ransomware Report highlights the most targeted industries and regions, the dynamics behind a ransom payout, emerging ransomware families, and predictions for 2025. Register now.
SecureWorld Manufacturing & Retail Virtual Conference (Virtual, Aug 28, 2024) Join with cybersecurity professionals for training and information sharing through an interactive online experience. Earn 6 CPE credits learning from nationally recognized industry leaders. The agenda offers 12+ educational presentations, including panel discussions, breakout sessions, and keynotes. Connect with your peers in the Networking Lounge, enter to win prizes, and see demos and resources from top solution vendors in the Exhibitor Hall.
SANS Network Security Las Vegas 2024 (Las Vegas (and virtual), Nevada, USA, Sep 4 - 9, 2024) At SANS Network Security 2024, choose from 41 interactive courses with hands-on labs. Practice your skills and compete against your peers during NetWars Tournaments, and network with your instructor and industry colleagues in real-time. Each course includes electronic and printed books, and several courses align with GIAC certifications!
Jailbreak Brewing Company Security Summit (Laurel, Maryland, USA, Sep 6, 2024) Join some of the world's best security researchers as they talk about disinformation; the misleading and deliberate deception in today's connected world, both from the technical and policy sides at the only computer security event held at a production brewery. Attendance is limited to 150 to keep the Security Summit small and encourage conversation between speakers, attendees, and sponsors. Tickets include breakfast, lunch, and an awesome time to chat with fellow security experts. Come participate in the talks, the conversation, and the beer!
DMV Rising 2024 (Washington, DC, Sep 12, 2024) DMV Rising is D.C.'s premier cybersecurity event, bringing together cybersecurity executives to tackle tough problems, share new insights, and explore innovative solutions emerging in D.C., Maryland, and Virginia.
Sponsor & SupportGrow your brand, generate leads, and fill your funnel.With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.
Unpacking the 2024 Ransomware Landscape: Insights and Strategies from ThreatLabz (Virtual, Aug 22, 2024) This live discussion on the latest findings from the Zscaler ThreatLabz 2024 Ransomware Report highlights the most targeted industries and regions, the dynamics behind a ransom payout, emerging ransomware families, and predictions for 2025. Register now.
SecureWorld Manufacturing & Retail Virtual Conference (Virtual, Aug 28, 2024) Join with cybersecurity professionals for training and information sharing through an interactive online experience. Earn 6 CPE credits learning from nationally recognized industry leaders. The agenda offers 12+ educational presentations, including panel discussions, breakout sessions, and keynotes. Connect with your peers in the Networking Lounge, enter to win prizes, and see demos and resources from top solution vendors in the Exhibitor Hall.
SANS Network Security Las Vegas 2024 (Las Vegas (and virtual), Nevada, USA, Sep 4 - 9, 2024) At SANS Network Security 2024, choose from 41 interactive courses with hands-on labs. Practice your skills and compete against your peers during NetWars Tournaments, and network with your instructor and industry colleagues in real-time. Each course includes electronic and printed books, and several courses align with GIAC certifications!
Jailbreak Brewing Company Security Summit (Laurel, Maryland, USA, Sep 6, 2024) Join some of the world's best security researchers as they talk about disinformation; the misleading and deliberate deception in today's connected world, both from the technical and policy sides at the only computer security event held at a production brewery. Attendance is limited to 150 to keep the Security Summit small and encourage conversation between speakers, attendees, and sponsors. Tickets include breakfast, lunch, and an awesome time to chat with fellow security experts. Come participate in the talks, the conversation, and the beer!
DMV Rising 2024 (Washington, DC, Sep 12, 2024) DMV Rising is D.C.'s premier cybersecurity event, bringing together cybersecurity executives to tackle tough problems, share new insights, and explore innovative solutions emerging in D.C., Maryland, and Virginia.
Comments
Post a Comment
Please leave a comment about our recent post.