At a glance.
- US Justice Department charges five individuals for alleged participation in North Korean employment fraud scheme.
- Mustang Panda targets the shipping industry.
- SEC announces new data breach response requirements.
US Justice Department charges five individuals for alleged participation in North Korean employment fraud scheme.
The US Justice Department has charged five individuals for their alleged involvement in fraudulent activities designed to fund the North Korean government. The individuals are accused of stealing US citizens' identities in order to secure jobs for North Korean IT workers at US companies. The Justice Department says the scheme generated $6.8 million for the North Korean government from more than 300 American companies.
One of the defendants is a US citizen named Christina Chapman who was arrested in Arizona on Wednesday. Another defendant, Ukrainian national Oleksandr Didenko, was arrested in Poland. The other three individuals are North Korean citizens. The US State Department says the three North Koreans "are linked to the DPRK’s Munitions Industry Department, which oversees the development of the DPRK’s ballistic missiles, weapons production, and research and development programs." With the alleged assistance of Chapman, the three individuals used more than sixty US citizen identities to "obtain work as remote software and applications developers with companies in a range of sectors and industries." Chapman allegedly "received and hosted laptop computers issued to the IT workers by U.S. employers to make it appear that the overseas workers were located in the United States and assisted the workers in connecting remotely to the U.S. companies’ IT networks on a daily basis."
The State Department also announced a $5 million reward "for information that leads to the disruption of financial mechanisms of persons engaged in certain activities that support North Korea (Democratic People’s Republic of Korea, DPRK), including money laundering, exportation of luxury goods to North Korea, specified cyber-activity and actions that support weapons of mass destruction (WMD) proliferation."
Mustang Panda targets the shipping industry.
ESET has published a report on APT activity in Q4 2023 and Q1 2024, highlighting a malware campaign by the China-aligned threat actor Mustang Panda against the shipping industry in Europe. ESET states, "In the first quarter of 2024, our team identified the presence of Mustang Panda’s Korplug loaders on computer systems belonging to cargo shipping companies based in Norway, Greece, and the Netherlands, including some that appeared to be aboard the cargo ships themselves."
Robert Lipovsky, principal threat intelligence researcher at ESET, told NBC News, "We haven’t seen this in the past. It shows a clear interest in this sector. This was not a single occurrence. These were several distinct attacks at different, unrelated organizations."
SEC announces new data breach response requirements.
The US Securities and Exchange Commission (SEC) announced new rules yesterday requiring certain financial institutions to have well-defined data breach response plans, the Record reports. The rules cover "broker-dealers (including funding portals), investment companies, registered investment advisers, and transfer agents." The rules will "require covered institutions to develop, implement, and maintain written policies and procedures for an incident response program that is reasonably designed to detect, respond to, and recover from unauthorized access to or use of customer information."
The institutions will also need to provide data breach notices within thirty days of becoming aware of an incident. The SEC says, "The notice must include details about the incident, the breached data, and how affected individuals can respond to the breach to protect themselves."