Cybersecurity is a national security priority. That’s why Microsoft is setting the standard with security built-in. And our 8,000 threat hunters analyze 65 trillion+ signals daily, partnering with federal agencies to protect their digital estate. We help strengthen cybersecurity at scale—from identity, data, and apps to endpoints, infrastructure, and networks—so you can focus on what matters: your mission. Visit aka.ms/FedCyber today to get started.
We're always looking for ways to improve the N2K CyberWire network to give you an intelligence-driven news experience. Please take a few minutes to tell us about your network experience and share your feedback by completing our 2024 Audience Survey, and you will have a chance to win a $100 Amazon gift card. Take the survey.
The US Justice Department has charged five individuals for their alleged involvement in fraudulent activities designed to fund the North Korean government. The individuals are accused of stealing US citizens' identities in order to secure jobs for North Korean IT workers at US companies. The Justice Department says the scheme generated $6.8 million for the North Korean government from more than 300 American companies.
One of the defendants is a US citizen named Christina Chapman who was arrested in Arizona on Wednesday. Another defendant, Ukrainian national Oleksandr Didenko, was arrested in Poland. The other three individuals are North Korean citizens. The US State Department says the three North Koreans "are linked to the DPRK’s Munitions Industry Department, which oversees the development of the DPRK’s ballistic missiles, weapons production, and research and development programs." With the alleged assistance of Chapman, the three individuals used more than sixty US citizen identities to "obtain work as remote software and applications developers with companies in a range of sectors and industries." Chapman allegedly "received and hosted laptop computers issued to the IT workers by U.S. employers to make it appear that the overseas workers were located in the United States and assisted the workers in connecting remotely to the U.S. companies’ IT networks on a daily basis."
The State Department also announced a $5 million reward "for information that leads to the disruption of financial mechanisms of persons engaged in certain activities that support North Korea (Democratic People’s Republic of Korea, DPRK), including money laundering, exportation of luxury goods to North Korea, specified cyber-activity and actions that support weapons of mass destruction (WMD) proliferation."
SpyCloud has the world's largest repository of recaptured dark web data. Simply enter your email and we’ll check your corporate domain against hundreds of billions of recaptured darknet assets, from credentials to PII – for free. See your darknet footprint, including breach exposures and malware-exfiltrated data that puts your business at risk of account takeover and ransomware. Check your exposure now.
ESET has published a report on APT activity in Q4 2023 and Q1 2024, highlighting a malware campaign by the China-aligned threat actor Mustang Panda against the shipping industry in Europe. ESET states, "In the first quarter of 2024, our team identified the presence of Mustang Panda’s Korplug loaders on computer systems belonging to cargo shipping companies based in Norway, Greece, and the Netherlands, including some that appeared to be aboard the cargo ships themselves."
Robert Lipovsky, principal threat intelligence researcher at ESET, told NBC News, "We haven’t seen this in the past. It shows a clear interest in this sector. This was not a single occurrence. These were several distinct attacks at different, unrelated organizations."
Launching a new product or service? Looking for alternative ways to recruit cyber talent? Want your company or leadership team members to be seen as an industry thought leader? Be heard by over 350,000 subscribers on the N2K CyberWire network. Whether through sponsored advertising, executive events, or exclusive interviews, we offer off-the-shelf and bespoke packages to help you reach your goals. Let’s work together.
The US Securities and Exchange Commission (SEC) announced new rules yesterday requiring certain financial institutions to have well-defined data breach response plans, the Record reports. The rules cover "broker-dealers (including funding portals), investment companies, registered investment advisers, and transfer agents." The rules will "require covered institutions to develop, implement, and maintain written policies and procedures for an incident response program that is reasonably designed to detect, respond to, and recover from unauthorized access to or use of customer information."
The institutions will also need to provide data breach notices within thirty days of becoming aware of an incident. The SEC says, "The notice must include details about the incident, the breached data, and how affected individuals can respond to the breach to protect themselves."
Today's issue includes events affecting China, Greece, India, the Democratic People's Republic of Korea, the Netherlands, Norway, and the United States.
E-prescription provider MediSecure impacted by a ransomware attack (Security Affairs) Electronic prescription provider MediSecure in Australia suffered a ransomware attack likely originate from a third-party vendor.
Hacker claims theft of India's Samco account data | TechCrunch (TechCrunch) A hacker claims to be selling sensitive user data associated with Indian online brokerage firm Samco Securities.
Kimsuky hackers deploy new Linux backdoor in attacks on South Korea (BleepingComputer) The North Korean hacker group Kimsuki has been using a new Linux malware called Gomir that is a version of the GoBear backdoor delivered via trojanized software installers.
Norway recommends replacing SSL VPN to prevent breaches (BleepingComputer) The Norwegian National Cyber Security Centre (NCSC) recommends replacing SSLVPN/WebVPN solutions with alternatives due to the repeated exploitation of related vulnerabilities in edge network devices to breach corporate networks.
Merger between Exabeam, LogRhythm announced (SC Media) Security intelligence and management firms Exabeam and LogRhythm have announced plans to merge, aiming to leverage their combined strengths to deliver advanced AI-driven security operations, reports SiliconAngle.
Lawmakers call for $32B in support for AI development (SC Media) A bipartisan group of U.S. senators, led by Majority Leader Chuck Schumer, D-N.Y., has urged Congress to allocate $32 billion for artificial intelligence research to maintain U.S. leadership over China in this crucial technology, Reuters reports.
Congressional leaders concerned by NYPD's use of Chinese-made drones (The Record) The NYPD said it is trying to phase out the Chinese-made drones, but also defended their use, saying they are far more effective and affordable than any produced by American manufacturers.
US offers $5 million for info on North Korean IT workers involved in job fraud (The Record) According to the State Department, a U.S. national named Christina Chapman helped four people fraudulently obtain work as remote software and applications developers with companies in a range of sectors and industries, earning millions of dollars for the North Korean regime.
For a complete running list of events, please visit the Event Tracker.
Space Cyber Executive Course and Conference (Glasgow, Scotland, UK, May 13 - 17, 2024) The first Executive Space Course to be offered in Scotland by the International Space University (ISU) will be hosted and developed in partnership with the University of Strathclyde Business School (SBS). The programme will have cybersecurity as its central theme and includes postgraduate level micro credentials. The Course will be followed by a two-day conference with the theme “Space: Securing our Entrepreneurial Future".
SANS Leadership & Cloud Security – Crystal City 2024 (Arlington (and virtual), Virginia, USA, May 20 - 24, 2024) At SANS Leadership & Cloud Security – Crystal City 2024, choose from 41 interactive courses with hands-on labs. Practice your skills and compete against your peers during NetWars Tournaments, and network with your instructor and industry colleagues in real-time. Each course includes electronic and printed books, and several courses align with GIAC certifications!
Cybersec Europe 2024 (Brussels, Belgium, May 29 - 30, 2024) Cyber attacks are an ever-growing threat in today's tech environment. Cybersec Europe 2024 is the platform for experienced cyber security experts as well as next-gen start-ups to share knowledge with peers for jointly coping with the cybersecurity challenges. Businesses and institutions of all sectors learn how to enhance cyber resilience and protect their core.
SANS Stay Sharp: May 2024 (Virtual, May 29 - 31, 2024) At SANS Stay Sharp: May 2024, choose from 48 interactive courses with hands-on labs. Practice your skills and compete against your peers during NetWars Tournaments, and network with your instructor and industry colleagues in real-time. Each course includes electronic and printed books, and several courses align with GIAC certifications!
2024 State of the Space Industrial Base (Albuquerque, New Mexico, USA, May 29 - 31, 2024) Don’t miss out! Mark your calendars and join us for a dynamic hybrid workshop that is a “must attend” space industry event. Participants will learn how the strength of the industrial base has advanced in the last year, and they will contribute to progressing solutions that support the Space industrial base, increase prosperity and ensure national security. Please sign up to learn more about the 2024 Space Industrial Conference and SSIB Workshop! Stay tuned for more details about the 2024 Space Industrial Conference and SSIB Hybrid Workshop!
