In recent years, North Korea has deployed thousands of so-called IT workers to infiltrate Western businesses, get paid salaries, and send money back to support the regime. As the schemes have become more successful, they have grown increasingly elaborate and employed new tactics to evade detection.
But this week, the United States Justice Department revealed one of its biggest operations to tackle IT workers to date. The DOJ says it has identified six Americans who allegedly helped enable the schemes and has arrested one of them. Law enforcement officials searched 29 “laptop farms” in 16 states and seized more than 200 computers, as well as web domains and financial accounts.
Meanwhile, a group of young cybercriminals has been causing chaos around the world, leaving grocery stores empty and temporarily grounding some flights in the wake of their crippling cyberattacks. After a quiet period in 2024, the Scattered Spider hackers have returned this year and are ruthlessly targeting retailers, insurers, and airlines.
Also this week, we’ve detailed how LGBTIQ+ organizations in El Salvador are helping activists chronicle attacks against their community and better protect themselves against state surveillance.
And there’s more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.
Cell-site simulators, often known as stingrays or IMSI catchers, are some of the most stealthy and powerful surveillance tools in operation today. The devices, which impersonate cell towers and intercept communications, can collect call metadata, location information, and other traffic about what you do on your devices. They’ve increasingly been used by law enforcement and immigration officials.
However, according to reporting from Android Authority and Ars Technica, upcoming hardware advances has led to Google upping its efforts to combat the potential snooping. Starting in Android 16, compatible devices will be able to identify when networks request device identifiers, such as device or SIM IDs, and issue alerts when you are connecting to a non-encrypted cell network. Examples of alerts show warnings that “calls, messages, and data are vulnerable to interception” when connected to insecure networks. There will also be notifications when you move back to an encrypted network. An option to turn on these notifications appears on a mobile network security settings page alongside the option to avoid 2G networks, which could help block some IMSI catchers from connecting to your device. However, while the settings will reportedly be available in Android 16, it may take some time for Android devices to widely use the required hardware.
Ahead of the presidential election last November, Iran-linked hackers attacked Donald Trump’s presidential campaign and stole scores of emails in an apparent bid to influence the election results. Some of the emails were distributed to journalists and the Biden campaign. This week, following the Israel-Iran conflict and US intervention with “bunker-buster” bombs, the hackers behind the email compromise reemerged, telling Reuters that they may disclose or sell more of the stolen emails.
The cybercriminals claimed they had stolen 100 GB of emails, including some from Susie Wiles, the White House chief of staff. The cache of emails also allegedly includes those from Lindsey Halligan, a Trump lawyer, adviser Roger Stone, and adult film star Stormy Daniels. The hackers, who have used the name Robert, told Reuters they wanted to “broadcast this matter.” It is unclear whether they will act upon the threats.
In response, US officials claimed that the threat from the hackers was a “calculated smear campaign” by a foreign power. “A hostile foreign adversary is threatening to illegally exploit purportedly stolen and unverified material in an effort to distract, discredit, and divide,” Marci McCarthy, a spokesperson for the Cybersecurity and Infrastructure Security Agency, said in a statement.
Over the past few years, Chinese hacker group Salt Typhoon has been on a hacking rampage against US telecoms networks, successfully breaking into at least nine firms and gaining access to Americans’ texts and calls. Brett Leatherman, the recently appointed leader of the FBI’s cyber division, tells Cyberscoop that the Chinese hackers are now “largely contained” and lying “dormant” in the networks. The groups have not been kicked out of networks, Leatherman said, since the longer they are in the systems there are more ways they can find to “create points of persistence.” “Right now, we’re very focused on resilience and deterrence and providing significant support to victims,” Leatherman said.
Deepfake platforms that allow people to create nonconsensual, often illegal, harmful images of women without clothes on have boomed in recent years. Now a former whistleblower and leaked documents from one of the largest so-called “nudify” apps, Clothoff, claims the service has a multimillion-euro budget and is planning an aggressive expansion where it will create nonconsensual explicit images of celebrities and influencers, according to reporting by German publication Der Spiegel. The alleged expansion has a marketing budget of €150,000 (around $176,000) per country to promote the images of celebrities and influencers, according to the report. It says more than “three dozen people” work for Clothoff, and the publication identified some of the potential key operators of the platform. Documents exposed online also revealed customer email addresses. A spokesperson who claimed to represent Clothoff denied there were more than 30 people as part of the central team and told Der Spiegel it does not have a multimillion-euro budget.
