North Korean IT workers infiltrate tech companies


As Russia’s full-scale War in Ukraine is approaching its hundredth day, the resistance of the Ukrainian armed forces is as strong as ever. At the same time, hacktivists around the world continue to break into Russian institutions and release their files and emails. This week, a hacktivist collective took a different — and slightly odd — approach: They launched a service to prank Russian government officials. The new website uses leaked details to phone two random Russian officials to each other. It obviously won’t make a difference in the outcome of the war, but the group that developed it hopes the tool will cause some confusion and anger Muscovites.

New research from Google’s Threat Analysis Group has looked into the surveillance-for-hire industry and found that spyware vendors are targeting Android devices with zero-day exploits. State-sponsored actors in Egypt, Armenia, Greece, Madagascar, Ivory Coast, Serbia, Spain and Indonesia have all bought hacking tools from North Macedonian firm Cytrox, the Google team says. The malware used five previously unknown Android exploits in addition to unpatched vulnerabilities. Overall, Google researchers say they track more than 30 surveillance firms around the world.

In other malware news, scientists at the Technical University of Darmstadt have found a way to track an iPhone’s location even when it’s turned off. When you turn off your iPhone, it doesn’t shut down completely — instead, the chips inside run in a low-power mode. The researchers were able to run malware that can track the phone in this power saving mode. They believe their work is the first of its kind, but the method shouldn’t pose much of a threat in the real world since it requires jailbreaking the target iPhone first, which has generally become more difficult in recent years.

But wait, there’s more. We’ve rounded up all the news that we haven’t published or covered in depth this week. Click on the headlines to read the full stories. And stay safe out there.

International sanctions imposed on North Korea over continued development of nuclear weapons and ballistic missiles mean the nation cannot trade with other countries or bring foreign money within its borders. To circumvent this, Pyongyang has allowed its state-affiliated hackers to raid cryptocurrency platforms and rob banks in recent years. Now the FBI, US State Department and US Treasury Department have warned that thousands of North Korean IT workers – including app and software developers – are freelancing and sending money home in companies around the world. Many of them are based in China or Russia, officials say. The risks of hiring North Korean workers range from “theft of intellectual property, data and funds to reputational damage and legal consequences, including sanctions by US and United Nations authorities”.

In a significant public move, the US Department of Justice announces it will stop prosecuting security researchers under the Computer Fraud and Abuse Act. “Computer security research is a key driver of improved cybersecurity,” Assistant Attorney General Lisa Monaco said in a statement. For years, the anti-hacking law CFFA has been criticized by prosecutors for its broad scope and potential for abuse. While the DOJ’s explicit policy change is welcomed by researchers, as motherboard The policy reportedly doesn’t go far enough and can still endanger legitimate researchers.

The Conti ransomware gang, mainly based in Russia, has had a terrible couple of months. After supporting Vladimir Putin’s war in Ukraine, thousands of her internal messages and innermost secrets have been released online. While the gang continues to target victims, including the Costa Rican government, researchers now say Conti has officially suspended its operations. Conti’s Tor admin panels have been taken offline, and members of the group are splitting off into other ransomware groups, according to security firm Advanced Intel. The closure comes after the US government offered a $15 million reward for information on Conti members.

Canada is the latest country in the Five Eyes intelligence group – which also includes the US, UK, Australia and New Zealand – to ban the use of Huawei telecoms equipment on its 5G networks. The Chinese telecommunications company ZTE is also affected by the ban. In an announcement, the Canadian government cited national security concerns and the fact that companies may be forced to comply with orders from “foreign governments”. From September, Canadian companies will be banned from buying new 4G and 5G devices from the Chinese companies. They must remove all existing 5G devices by summer 2024, and 4G devices must be removed by the end of 2027.


About Author

Comments are closed.