Latest news with #BrettLeatherman
Politico
30-06-2025
- Business
- Politico
Hundreds of laptops, bank accounts linked to North Korean fake IT workers scheme seized in major crackdown
The Justice Department on Monday announced the seizure of hundreds of financial accounts, fraudulent websites and laptops linked to a massive scheme by North Korean operatives posing as remote workers to infiltrate top tech companies and funnel money back to Pyongyang's weapons program. The major government crackdown follows recent findings by cybersecurity experts revealing that several Fortune 500 firms were impacted by the intricate plot, which involves North Korean operatives using stolen identities and sophisticated AI tools to sail through the interview and hiring process. The cyber operation has grown more prolific as remote work in the U.S. has exploded, particularly in response to the Covid-19 pandemic. According to the DOJ, around 100 U.S. companies have unknowingly hired workers tied to the North Korean regime, who have also used their access to company systems to steal U.S. intellectual property and virtual currency. One company targeted was an unnamed California-based defense contractor that worked on artificial intelligence-powered equipment. Some of its technical data and files were compromised and sent abroad. 'Any government contracting company utilizing remote work could be a potential victim in the future,' said an FBI official, granted anonymity as a condition of speaking to reporters ahead of the announcement. These North Korean agents are often aided by individuals running so-called laptop farms across the U.S. According to the DOJ, 29 known or suspected laptop farms across 16 states were searched. Around 200 laptops were seized by the FBI, along with dozens of financial accounts and fraudulent websites used to launder money. Individuals from the U.S., China, United Arab Emirates and Taiwan, helped North Korean agents successfully embed themselves inside U.S. companies, the press release states. U.S. national Zhenxing Wang was arrested and indicted for his involvement in a multiyear plot that allowed overseas operatives to obtain remote IT work with U.S. companies, generating more than $5 million in revenue. The scheme involved stealing the identities of around 80 U.S. citizens. 'North Korean IT workers defraud American companies and steal the identities of private citizens, all in support of the North Korean regime,' Assistant Director Brett Leatherman of the FBI's Cyber Division said in a statement. 'Let the actions announced today serve as a warning: if you host laptop farms for the benefit of North Korean actors, law enforcement will be waiting for you.' In addition, four North Korean nationals were separately indicted for allegedly stealing $900,000 in virtual currencies from two unnamed companies based in Georgia. The DOJ has previously taken action against these schemes, including arresting multiple U.S. nationals running the laptop farms over the past year. One American woman pleaded guilty in February to hosting a laptop farm from her home, which allowed overseas IT workers to receive more than $17.1 million for their work. The State Department continues to offer a $5 million reward for information that could disrupt North Korean financial and other illicit activities.
Yahoo
21-05-2025
- Yahoo
US and European authorities crack down on hacking tool used by cybercriminals worldwide
US and European authorities on Wednesday announced a major crackdown on a prolific hacking tool that has been used by hundreds of hackers in damaging ransomware attacks, bank thefts and other digital crimes. The US Justice Department said it had seized the computer systems hackers used to access the tool, known as Lumma, while Microsoft used a court order to seize or take offline 2,300 web domains connected to the cybercriminal activity. It's a big blow for a global criminal hacking enterprise that had run rampant in the last two months, when Microsoft found roughly 394,00 computers around the world with Windows software infected by Lumma. Cybercriminals used Lumma to attack airlines, universities, banks, hospitals and US state governments, with Fortune 500 companies among the victims, according to Brett Leatherman, the FBI's deputy assistant director for cyber operations. Hackers used Lumma to cause credit card losses of $36.5 million in 2023 alone, he told reporters. But like many counter-cybercrime efforts, it hit a snag when Russian sovereignty entered the picture. The main software developer for Lumma is based in Russia, according to Microsoft's analysts. There, he hawks different levels of access to Lumma on Telegram and other Russian-language forums, charging from $250 to $1,000. US prosecutors have in the last decade charged numerous Russian hackers with serious cyberattacks on American companies and government agencies, but only a portion of the accused have seen a US courtroom. Russian diplomats have strenuously fought to keep accused Russian cybercriminals out of US custody. Leatherman declined to comment when asked by CNN if the FBI believes Lumma's lead developer is in Russia, or if the US government has relayed any such information to the Russian government. 'Regardless of where these individuals sit, even if we can't charge them with criminal conduct, our victim-centric approach is really focused on targeting that underlying ecosystem … because it brings relief to victims,' Leatherman said. The law enforcement bust included work by Europol, several other American and European tech firms, and a Japanese organization. It's an approach to fighting cybercrime that relies on the vast reach of software firms into the global economy, and which has become standard practice in recent years. 'This is part of a greater law enforcement investigation into the group [behind Lumma], and we hope that this will also fracture trust within the ecosystem itself,' Leatherman told reporters on Wednesday.
