Latest news with #Andariel
Scoop
4 days ago
- Business
- Scoop
Sanctioning Malicious North Korean Cyber Actors
July 8, 2025 The United States is imposing sanctions on Song Kum Hyok, a North Korean cyber actor associated with the U.S.-designated North Korea hacking group Andariel. Song was involved in in malicious cyber-enabled activities, which included an illicit information technology (IT) worker scheme. He is also linked to an attempted hack of the U.S. Department of the Treasury. We are also imposing sanctions on Russia-based facilitator Gayk Asatryan and four entities – two Russian and two North Korean – all involved in deploying IT workers internationally to generate revenue for the North Korean government. The Democratic People's Republic of Korea deploys IT workers who obfuscate their identities, often through identity theft of U.S. persons, to fraudulently obtain employment at unwitting foreign firms. The North Korea regime uses revenue generated by these workers to support its unlawful weapons of mass destruction and ballistic missile programs. Today's sanctions are part of the U.S. government's efforts to combat North Korean cyber espionage and revenue generation. We will continue to take action against malicious cyber actors who attempt to undermine U.S. national security or the U.S. financial sector. The U.S. Department of State's Rewards for Justice program (RFJ) is offering a reward of up to $10 million for information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government, engages in certain malicious cyber activities against U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act. RFJ is also offering a reward of up to $5 million for information leading to the disruption of financial mechanisms of persons engaged in certain activities that support North Korea, including the exportation of its workers to generate revenue. The Department of the Treasury's actions were taken pursuant to Executive Order (E.O.) 13694, as amended; E.O. 13722; and E.O. 13810. For more information, see Treasury's press release, the State Department's RFJ website, Department of Justice's press release, and the Cybersecurity and Infrastructure Security Agency cybersecurity advisory.
UPI
5 days ago
- Politics
- UPI
U.S. sanctions North Korean hacker for crimes benefitting Kim Jong Un's arms programs
Secretary of State Marco Rubio (pictured in April at the White House) and the State Department announced sanctions on accused North Korean hacker Song Kum Hyok on Tuesday for his part in a notorious hacking group called Andariel. File Photo by Bonnie Cash/UPI | License Photo July 8 (UPI) -- The federal government has sanctioned alleged North Korean hacker Song Kum Hyok for illegal activities related to his participation in the Andariel hacking group. Song has participated in malicious cyber activities, including an illicit information technology worker scheme and an attempted hack of the Department of Treasury, State Department spokeswoman Tammy Bruce announced on Tuesday. North Korea "deploys IT workers who obfuscate their identities, often through identity theft of U.S. persons, to fraudulently obtain employment at unwitting foreign firms," Bruce said. "The North Korea regime uses revenue generated by these workers to support its unlawful weapons of mass destruction and ballistic missile programs." Treasury Department Deputy Secretary Michael Faulkender said the sanctions affirm the importance of staying vigilant of North Korea's efforts to illicitly fund its ballistic missile and weapons of mass destruction programs. "Treasury remains committed to using all available tools to disrupt the Kim regime's efforts to circumvent sanctions through its digital asset theft, attempted impersonation of Americans and malicious cyber attacks," Faulkender said. The State Department also announced sanctions on Russia-based facilitator Gayk Asatryan, two Russian entities and two North Korean entities that deploy cyber actors to generate revenue for North Korea through hacking activities and other cyber crimes. "Today's sanctions are part of the U.S. government's effort to combat North Korean cyber espionage and revenue generation," Bruce said. "We will continue to take action against malicious cyber actors who attempt to undermine U.S. national security or the U.S. financial sector." The State Department also announced it will pay a reward of up to $10 million for information leading to the identity or location of anyone who violates the U.S. Computer Fraud and Abuse Act at the direction of a foreign government. The State Department's Rewards for Justice program also will pay up to $5 million for information that enables the disruption of finances for those who help the North Korean government export workers to generate revenue. The United States in July indicted North Korean hacker Rim Jong Hyok and offered a $10 million reward for information about him for allegedly working on behalf of North Korea's Reconnaissance General Bureau. He is accused of conspiring to "hack and extort U.S. hospitals and other healthcare providers, launder the ransom proceeds and then use these proceeds to fund additional computer intrusions," the Department of Justice said in a statement.
CBS News
5 days ago
- Business
- CBS News
U.S. sanctions North Korean member of Kim Jong Un's spy agency over IT worker scheme
The Treasury Department has levied sanctions against a North Korean cyber operative and notorious member of Kim Jong Un's military intelligence agency, formally known as the "Reconnaissance General Bureau." The U.S. has accused Song Kum Hyok of facilitating an IT worker scheme and charges that the member of the "Andariel" hacking group recruited North Korean cyber operatives to pose as American remote workers for hire at unwitting companies worldwide. The sprawling scheme, according to the Treasury Department, allowed North Koreans operating in China and Russia to collect paychecks as a way of fundraising for Kim's nuclear missile program. In some cases, North Korean IT workers have gone as far as to plant malware into company networks. In 2022, Song began choreographing the moneymaking plot that stole personal information of U.S. citizens – including names, Social Security numbers, and addresses – in order to create aliases for the hired foreign workers disguised as American job applicants, with whom he ultimately split the proceeds. As CBS News has reported, North Korea deploys IT workers worldwide to fraudulently seek jobs with top companies, allowing North Korean cyber operatives to take home a hefty paycheck that is ultimately funneled to the regime. The moneymaking scheme is worth hundreds of millions, according to FBI senior officials. Treasury officials said North Korea's IT worker scheme employs "thousands of highly skilled workers" who are primarily located in China and Russia, ultimately channeling funds to Kim Jong Un's weapons of mass destruction and ballistic missile programs. As part of its crackdown on Kim Jong Un's growing cyber espionage campaign and attempted impersonation of American workers, the department's Office of Foreign Assets Control, known as OFAC, is also sanctioning four entities that it found were funneling money to North Korea as part of a Russia-based IT worker scheme. The Treasury Department is also targeting the Russia-based "Asatryan IT Worker Network." The network's founder, Gayk Asatryan, according to the department, was found to have signed a 10-year contract with the North Korean regime in 2024, agreeing to dispatch as many as 30 North Korean IT workers to work in Russia for his company, part of a broad money-making scheme. The government's efforts to undercut North Korea's "unlawful weapons development," stem from a March 2016 United Nations Security Council Resolution. "Today's action underscores the importance of vigilance on the DPRK's continued efforts to clandestinely fund its WMD and ballistic missile programs," Treasury Deputy Secretary Michael Faulkender told CBS News in a statement, reaffirming the government's goal of "using all available tools to disrupt the Kim regime's efforts to circumvent sanctions through its digital asset theft, attempted impersonation of Americans, and malicious cyber-attacks." According to the Treasury, North Korean cyber operatives engaged in IT worker schemes routinely hide their locations and use proxy accounts, stolen identities and falsified or forged documentation to apply for jobs at employers in wealthier countries. Applications and software developed by North Korean IT workers span popular industry sectors like business, health and fitness, social networking, sports, entertainment and lifestyle, according to the Treasury Department. The North Korean cyber operatives often take on projects involving virtual currency exchanges, enabling them to more easily launder money back to the regime, undetected. In May, CBS Mornings profiled "Steven Smith," a suspected member of North Korean leader Kim Jong Un's cyber army. Smith was caught red-handed a by the cryptocurrency firm Kraken after a "do not hire" list circulated by law enforcement flagged him as a potential North Korean spy.
Time of India
06-06-2025
- Business
- Time of India
FBI warns of 'dangerous' hacking campaign linked to North Korean attack group
The Federal Bureau of Investigation (FBI), in collaboration with the US Cybersecurity and Infrastructure Security Agency (CISA), has issued a joint cybersecurity advisory following a surge in confirmed victims of Play ransomware attacks in May. The FBI reports that these threat actors have impacted over 900 organisations across North and South America, as well as Europe, including businesses and critical infrastructure providers. The updated advisory, released as part of the ongoing Stop Ransomware campaign, includes findings from new investigations this year that reveal an evolution in the cybercriminal group's tactics, techniques and procedures (TTPs). The advisory aims to inform organisations on how to defend against these attacks. Who are the hackers, why this is dangerous and more details According to FBI (via Forbes) advisory, Play a closed ransomware group, operating independently to "guarantee the secrecy of deals" regarding exfiltrated data. Play ransomware is believed to be linked to Andariel, a North Korean state-sponsored attack group associated with the Democratic People's Republic of Korea's "Reconnaissance General Bureau." Researchers suggest Play is an "integral part" of Andariel's cyberattack arsenal, distributed by threat groups such as Balloonfly. The hackers leave ransom notes with victims that do not include an initial demand or payment instructions. Instead, victims are directed to contact the attackers via email, often using unique German email domains. The FBI noted that some victims are contacted by telephone and threatened with data release to compel ransom payment. Balloonfly has been implicated in multiple incidents involving Play ransomware deployment, primarily against businesses in the US and Europe, often using a malware backdoor to infect Windows systems. Microsoft Threat Intelligence Center and Microsoft Security Response Center previously observed Play ransomware being deployed after attackers exploited a zero-day vulnerability in the Windows Common Log File System. This flaw was mitigated in April. The FBI emphasizes that the Play ransomware campaign shows no signs of abating and urges organisations to enhance their defenses immediately. AI Masterclass for Students. Upskill Young Ones Today!– Join Now
Time Business News
23-04-2025
- Entertainment
- Time Business News
IGGM.com Diablo 4 Season 8 Guide: How To Get Lilith's Wind Of Hate Boss Power?
Undoubtedly, the most attractive new content in Diablo 4 Season 8, which will be launched on April 29, should be the boss power, because like other seasonal powers before, the boss power is the most intuitive way to help you in the new season. In order to fully ensure that boss power can help you cope with most situations, Diablo 4 brings up to 24 boss powers for Season 8, and the most difficult to get and powerful ones are 5 legendary boss powers, which come from the 5 most powerful lair (endgame) bosses in the game: Andariel's Flaming Skull Belial's Eye Beams Duriel's Burrow Harbinger of Hatred's Volley Lilith's Wind of Hate In addition to the ultimate boss Belial of this season, the most eye – catching ones should be Lilith and Lilith's Wind of Hate, because she is one of the main villains of Diablo 4, and has brought you endless nightmares in the past few seasons, but it is precisely because of this that you will want to get her power more. Based on this, we will introduce you to how to get Lilith's Wind of Hate, a boss power belonging to Lilith. Before you get this power, it's important to understand its effects so you can determine when it's appropriate and switch powers before a fight begins. Each boss power in Season 8 consists of a main power and a modifier power, and you can equip one main power and three modifier powers in a single battle. The main power effect of Lilith's Wind of Hate allows you to attack enemies with a spike wave that lasts for 2 seconds while casting a skill, causing them up to 1,925% physical damage! And every time Wind of Hate hits an enemy, their damage increases by 60%, up to 300%. As for the modifier effect, when you use the main boss skill to hit an elite enemy other than the world boss, a Blister Clone that lasts for 15 seconds will be created at 10% of their maximum health. Killing the clone will reduce the health of the corresponding enemy by 10.25%. A single elite enemy can have up to 3 clones active at the same time. First of all, considering that Lilith is a very strong lair boss, you must accumulate enough Diablo 4 g old and good enough gear, as well as power from other bosses, by completing other tasks or defeating other bosses in advance, and use them as the basis for your fight with Lilith. Generally speaking, you must unlock the boss battle with Lilith after your character reaches level 60 and unlocks Torment difficulty level 4. Then go to the southwestern Fractured Peaks and find the entrance to Echo of Hatred next to Nevesk waypoint. At this time, you will receive a task called Echo of Hatred in your quest log. Visit it and enter the corresponding dungeon to start the battle. Before Season 8, in addition to the preparations we have mentioned, you also need to collect materials for summoning Lilith by killing other bosses to summon her. However, Season 8 has made changes to the endgame boss mechanism. Not only has it been renamed lair boss, but it has also cancelled the summoning material. Instead, you need to farm lair keys to open the hoard and take away the loot after winning. This fight is divided into two phases, and in both phases the boss will have a full health bar at the beginning of the fight. Here are the different ways to deal with each phase. When Phase 1 begins, Lilith will first create Blood Blisters, and Blood Orbs will further spawn around her. All you have to do is destroy the blood blisters and be careful not to be hit by the blood orbs. However, in order to ensure that you don't lose health in this phase as much as possible, it is best to exchange some healing potions with Diablo 4 items in advance, just in case. Towards the end of this phase, the boss will continue to summon Oppressors to assist her. Fortunately, the health of this enemy type is very low, so it shouldn't be a problem for you to destroy them. At the end of this phase, Lilith will also summon Triangle Wave. You need to stay in the outer circle of the arena before the boss lands to avoid the inner wave, and then immediately move into the boss circle to continue to avoid the outer wave. Once Lilith lands, you must deal as much damage to her as possible – in fact you should kill the boss as soon as possible in the first phase to avoid the damage debuffs she may continue to cause you. All you have to do in this phase is to always avoid the blood orbs and void orbs generated by the blood pools, and when the boss destroys the platform, you can avoid it while attacking her until her second health is reduced to 0 and all three platform parts are destroyed. After winning, if you get Lilith's lair keys beforehand, you can open more loot in addition to the regular D4 gold rewards, as well as the focus of this time: the boss power Lilith's Wind of Hate! The above is all we have introduced to you this time. If you think it is of reference value, please complete the relevant battles as soon as possible after Season 8 starts! I wish you success! TIME BUSINESS NEWS
