TechNaduFeb 21

The sentencing of Oleksandr Didenko highlights the operational mechanics of North Korea’s IT worker revenue scheme.

TTPs included:
• Identity theft & resale infrastructure
• U.S.-based laptop farms
• Remote access tooling
• Money transmitter accounts
• Tax filings under stolen identities
The Federal Bureau of Investigation linked the activity to broader nation-state revenue generation.
The United Nations estimates up to $600M annually generated via embedded IT workers.
Technical mitigation questions:
- Device attestation + hardware-bound identity?
- Continuous behavioral authentication?
- Payroll anomaly detection?
- Zero-trust for remote contractors?

Drop your technical countermeasures below.

Source: https://therecord.media/north-korea-laptop-farm-ukraine

Follow Technadu for advanced cyber threat reporting.

#ThreatModeling #InsiderThreat #NorthKorea #IdentityManagement #ZeroTrust #RemoteAccessSecurity #CyberCounterintelligence #FraudDetection #Infosec #SecurityEngineering #RiskManagement #CyberIntelligence

OPSEC Cybersecurity News LiveMar 24, 2023
Cyberpion rebrands as Ionix, offering new EASM visibility improvements

https://www.csoonline.com/article/3691775/cyberpion-rebrands-as-ionix-offering-new-easm-visibility-improvements.html#tk.rss_all

#ThreatandVulnerabilityManagement #RemoteAccessSecurity #Vulnerabilities #NetworkSecurity
Cyberpion rebrands as Ionix, offering new EASM visibility improvements

Ionix is adding a suite of new features to help extend the visibility of interconnected assets and deliver risk-based prioritization.

CSO Online
OPSEC Cybersecurity News LiveMar 21, 2023
9 attack surface discovery and management tools

https://www.csoonline.com/article/3691110/9-attack-surface-discovery-and-management-tools.html#tk.rss_all

#ThreatandVulnerabilityManagement #DataandInformationSecurity #RemoteAccessSecurity #NetworkSecurity #Vulnerabilities
9 attack surface discovery and management tools

The main goal of cyber asset attack surface management tools is to protect information about a company’s security measures from attackers. Here are 9 tools to consider when deciding what is best for the business.

CSO Online
OPSEC Cybersecurity News LiveFeb 15, 2023
China-based cyberespionage actor seen targeting South America

https://www.csoonline.com/article/3687618/china-based-cyberespionage-actor-seen-targeting-south-america.html#tk.rss_all

#AdvancedPersistentThreats #RemoteAccessSecurity #Cyberattacks
China-based cyberespionage actor seen targeting South America

Cyberthreat group DEV-0147 is deploying the ShadowPad RAT to hit diplomatic targets in South America, expanding from its traditional attack turf in Asia and Europe, Microsoft says.

CSO Online
OPSEC Cybersecurity News LiveJan 27, 2023
Hackers abuse legitimate remote monitoring and management tools in attacks

https://www.csoonline.com/article/3686610/hackers-abuse-legitimate-remote-monitoring-and-management-tools-in-attacks.html#tk.rss_all

#RemoteAccessSecurity #Cyberattacks #Cybercrime
Hackers abuse legitimate remote monitoring and management tools in attacks

Researchers and government agencies warn that threat actors are increasing their use of commercial RMM tools to enable financial scams.

CSO Online
OPSEC Cybersecurity News LiveDec 6, 2022
Action1 launches threat actor filtering to block remote management platform abuse

https://www.csoonline.com/article/3681933/action1-launches-threat-actor-filtering-to-block-remote-management-platform-abuse.html#tk.rss_all

#ThreatandVulnerabilityManagement #RemoteAccessSecurity
Action1 launches threat actor filtering to block remote management platform abuse

Action1 says remote management platform can now identify and terminate any attempt at misuse by attackers.

CSO Online