In recent years, North Korea has deployed thousands of so-called IT workers to infiltrate Western businesses, get salaries and remittances to support the regime. As plans become more and more successful, they have become more and more crafted and adopted new strategies to evade detection.
But this week, the U.S. Department of Justice revealed one of the biggest moves to address IT workers so far. The Justice Department said it has identified six Americans who allegedly helped implement the plans and arrested one of them. Law enforcement officers searched 29 “laptop farms” in 16 states and occupied more than 200 computers, as well as network domain and financial accounts.
Meanwhile, a group of young cybercriminals have caused chaos around the world, leaving grocery stores empty and temporarily rooted for some flights after their serious cyberattacks. After a quiet period of 2024, the scattered spider hackers returned this year and were ruthlessly targeting retailers, insurers and airlines.
Again, this week, we detail how LGBTIQ+ organizations in El Salvador can help activists attack their communities and better protect themselves from state surveillance.
And more. Every week, we fill in security and privacy news that we don’t cover in depth. Click on the headlines to read the full story. And stay safe.
The simulator of the cell site, commonly known as the stingray or IMSI catcher, is the most secretive and powerful surveillance tool in operation today. Devices that mimic battery towers and intercept communications can collect call metadata, location information, and other traffic about what you do on the device. Law enforcement and immigration officials are increasingly using them.
But, according to reports from Android Authority and ARS Technica, upcoming hardware advances have led Google to boost its efforts to combat potential snooping. Starting with Android 16, compatible devices will be able to identify network request device identifiers (such as devices or SIMS IDs) and issue an alert when connected to a non-encrypted unit network. An example of an alert shows that when connecting to an unsafe network, the warning says “calls, messages, and data are susceptible to interception.” There will also be notifications when you return to the encrypted network. The option to open these notifications appears on the Mobile Network Security Settings page as well as the option to avoid 2G networks, and this option, which can help prevent certain IMSI capturers from connecting to your device. However, the setup will be available in Android 16, but Android devices may take some time to widely use the required hardware.
Before the presidential election last November, Iran-linked hackers attacked Donald Trump’s presidential campaign and stole many emails, apparently to influence the election results. Some emails were distributed to journalists and Biden’s campaigns. The hackers behind the email compromise reappeared this week after Israel-Iran conflict and U.S. interference in the “bundle” bomb, telling Reuters that they may disclose or sell more stolen emails.
Cybercriminals claim they have stolen 100 GB of emails, including White House Chief of Staff Susie Wiles. The cache of emails is also allegedly included upgrades from Trump’s lawyer, consultant Roger Stone and adult movie star Starry Daniels’ Lindsey Halligan. Hackers using the name Robert told Reuters they wanted to “broadcast the matter.” It is not clear whether they will take the threat.
In response, U.S. officials claimed that the threat of hackers was a “calculated smear movement” of foreign power. “A hostile foreign opponent threatens to illegally use allegedly stolen and unverified material to distract, discredit and divide,” Marci McCarthy, spokesman for the Cybersecurity and Infrastructure Security Agency, said in a statement.
Over the past few years, Chinese hacker group Salt Typhoon has been rampaging against hackers from the U.S. telecom network, successfully breaking into at least nine companies and getting American text and phone calls. Brett Leatherman, a recently appointed leader of the FBI’s Cyber Division, told Cyberscoop that Chinese hackers are now “mostly included” and are “dormant” in the network. Leatherman said the groups weren’t kicked out of the network because the longer they were in the system, the more ways they could find to “create durability.” “At present, we are very focused on resilience and deterrence and provide a lot of support for victims,” Leatherman said.
In recent years, the Deepfake platform, which allows people to create harmful images of involuntary, often illegal, harmful women, has flourished in recent years. Now a former whistleblower and leaked documents from the largest so-called “nude” app, which claims the service has a budget of millions of euros and plans to make an aggressive expansion, and create images of involuntarily explicit celebrities and influencers in it. The so-called expansion of marketing budget is 150,000 euros (about $176,000) per country to promote the image of celebrities and influencers, the report said. It said more than “thirty people” worked for Blov, and the publication identified some of the potential major operators of the platform. The online exposed files also show the customer’s email address. A spokesman who claimed to represent Blov denied that more than 30 people were part of the Central Team and told Der Spiegel that there was no multi-million dollar budget.
