Cyber Threat Intel

#NorthKorea-linked IT workers #infiltrated 300 #US firms with the help of individuals, causing significant financial losses and posing a threat to US businesses. The scheme involved stolen US identities, money laundering, and illicit activities to support North Korea's #nuclear program. - 🔍 The US #DOJ charged five individuals, including a US woman, for aiding North Korea-linked IT workers to infiltrate 300 firms. - 💼 North Korea used stolen US identities to dispatch skilled IT workers globally, defrauding over 300 US companies and raising revenue through online platforms and proxy computers. - ⚖️ The operations coordinated by the North Korean government occurred between October 2020 and October 2023, aiming to finance the government's illicit nuclear program. - 👩⚖️ Defendant Christina Marie Chapman and Oleksandr Didenko face charges related to wire fraud, money laundering, identity theft, and unlawful employment of aliens, with potential lengthy prison sentences. - 💰 Didenko ran a multi-year scheme creating false identities and accounts, facilitating overseas IT workers and managing proxy identities, resulting in significant financial gains for the workers. - 🔒 The FBI issued an advisory warning about the threat posed by North Korean IT workers to US businesses, emphasizing the need for vigilance in the public and private sectors. #CyberThreatIntel #CTI

The #Ebury #botnet, a 15-year-old malware operation, has resurfaced targeting #Linux #servers for #cryptocurrency theft and financial fraud, affecting various organizations globally. 💰 Ebury botnet has compromised nearly 400,000 Linux, #FreeBSD, and #OpenBSD servers, with over 100,000 servers still compromised as of late 2023. 🔒 Ebury operates as an #OpenSSH #backdoor to steal credentials like SSH keys and passwords, facilitating the deployment of secondary malware modules for various scams. 🛡️ Attackers use #0day vulnerabilities and known passwords to hack servers at scale, extracting credentials and surreptitiously installing Ebury on multiple servers. 🔍 #ESET researchers have released detection and remediation tools to help system administrators identify Ebury infections and warn about the challenges in cleaning up compromised servers. #CyberThreatIntel #CTI

Google Cloud accidentally deleted UniSuper's $135 billion pension account and its backups, causing a major disruption and downtime. Despite having backups with another provider, the incident raised concerns about data security and the reliability of cloud services. - ⚠️ UniSuper's entire account, including backups, was deleted at Google Cloud, leading to downtime from May 2 to May 15. - 🔒 Google Cloud CEO confirmed the deletion was due to an inadvertent misconfiguration during provisioning of UniSuper’s Private Cloud services, a unique occurrence globally. - 🔄 Despite having duplication in two geographies for protection, the deletion caused data loss across both locations, highlighting the failure of safeguards against account deletion. - 💰 UniSuper, a significant Australian pension fund, faced challenges in processing requests and payments during the downtime, impacting stakeholders and service restoration. https://buff.ly/4bnGxSu #GoogleCloud #UniSuper #deletion #backups #cloudservices #Australia #CyberThreatIntel #CTI