At a glance.
- UK arrests four suspects over retail cyberattacks.
- Qantas data breach affects 5.7 million customers.
- US Treasury sanctions North Korean for alleged IT worker scheme.
UK arrests four suspects over retail cyberattacks.
The UK's National Crime Agency (NCA) has arrested four individuals in connection with the recent cyberattacks on British retailers Marks & Spencer, Co-op, and Harrods. According to the Register, the suspects include "two young men from the West Midlands, a Brit aged 17 and a Latvian national aged 19; one 19-year-old British man from London; and a British woman aged 20 from Staffordshire." The four were apprehended on suspicion of "Computer Misuse Act offences, blackmail, money laundering and participating in the activities of an organised crime group."
The NCA stated, "All four were arrested at their home addresses and had their electronic devices seized for digital forensic analysis. They remain in custody for questioning by officers from the NCA's National Cyber Crime Unit in relation to the three attacks, which took place in April this year."
Qantas data breach affects 5.7 million customers.
Australian airline Qantas said in an update yesterday that attackers stole personal data belonging to 5.7 million customers during a cyberattack last week. All 5.7 million individuals had their names and email addresses leaked. Other breached information varied by customer, including addresses, dates of birth, phone numbers, gender, meal preferences, and Qantas Frequent Flyer numbers. Qantas says the breach did not involve financial data or login details. The company is contacting the affected individuals, but warns customers to be on the lookout for phishing attacks.
The attackers gained access via a social engineering attack against one of the airline's call centers. This tactic is frequently used by the cybercriminal gang Scattered Spider, which has recently been targeting airlines, although Qantas hasn't attributed the attack to any particular threat actor.
US Treasury sanctions North Korean for alleged IT worker scheme.
The US Treasury Department has sanctioned a North Korean individual for his alleged ties to Pyongyang's Andariel threat actor. The individual, Song Kum Hyok, is accused of facilitating North Korea's fraudulent IT worker schemes. Treasury stated, "Song is a DPRK-based cyber actor who used foreign-hired IT workers to seek remote employment with U.S. companies and planned to split income with them. In 2022 and 2023, Song used U.S. persons’ information, including names, social security numbers, and addresses to create aliases for the hired foreign workers. The workers then used the accounts to pose as U.S. persons looking for remote jobs with U.S. companies."
