Headline
North Korean IT Workers Are Infiltrating Tech Companies
Plus: The Conti ransomware gang shuts down, Canada bans Huawei and ZTE, and more of the week’s top security news.
As Russia’s full-scale war in Ukraine heads towards its hundredth day, opposition from Ukrainian forces is as strong as ever. At the same time, hacktivists all around the world continue to breach Russian institutions and publish their files and emails. This week one hacktivist collective took a different—and slightly peculiar—approach: launching a service to prank-call Russian government officials. The new website uses leaked details to put two random Russian officials on a call with each other. It obviously won’t make any difference to the outcome of the war, but the group that created it hopes the tool will cause some confusion and annoy those in Moscow.
New research from Google’s Threat Analysis Group has delved into the surveillance-for-hire industry and found that spyware vendors are targeting Android devices with zero-day exploits. State-sponsored actors in Egypt, Armenia, Greece, Madagascar, Côte d’Ivoire, Serbia, Spain, and Indonesia have all purchased hacking tools from the North Macedonian firm Cytrox, the Google team says. The malware has used five previously unknown Android exploits, alongside unpatched vulnerabilities. Overall, Google’s researchers say they’re tracking more than 30 surveillance-for-hire firms around the world.
In other malware news, academics at Germany’s Technical University of Darmstadt have figured out a way to track an iPhone’s location even when it is turned off. When you switch your iPhone off it doesn’t fully power down—instead chips inside run in a low-power mode. The researchers were able to run malware that can track the phone in this low-power mode. They believe their work is the first of its kind, but the method is unlikely to be much of a threat in the real world, as it first requires jailbreaking the targeted iPhone, which has generally become harder to do in recent years.
But wait, there’s more. We’ve rounded up all the news that we didn’t break or cover in depth this week. Click on the headlines to read the full stories. And stay safe out there.
International sanctions imposed against North Korea, for its continued development of nuclear weapons and ballistic missiles, mean the nation can’t trade with other countries or bring outside money within its borders. To get around this, in recent years Pyongyang has allowed its state-affiliated hackers to raid cryptocurrency platforms and rob banks. Now the FBI, the US Department of State, and the US Treasury have warned that thousands of North Korea’s IT workers—including app and software developers—have been freelancing at businesses around the world and sending money home. Many of them are based in China or Russia, the officials say. The risks of hiring North Korean workers range from “theft of intellectual property, data, and funds to reputational harm and legal consequences, including sanctions under both US and United Nations authorities.”
In a significant public move, the US Department of Justice says it will stop prosecuting security researchers under the Computer Fraud and Abuse Act. “Computer security research is a key driver of improved cybersecurity,” deputy attorney general Lisa Monaco said in a statement. For years the anti-hacking CFFA law has been criticized for its broad scope and its potential to be abused by prosecutors. While the DOJ’s explicit shift in policy will be welcomed by researchers, as Motherboard reports, the policy doesn’t go far enough and still can put legitimate researchers at risk.
The mostly Russia-based Conti ransomware gang has had a dreadful few months. After backing Vladimir Putin’s war in Ukraine, thousands of its internal messages and innermost secrets were published online. While the gang has continued to target victims, including Costa Rica’s government, researchers now say Conti has officially shut down its operations. Conti’s Tor admin panels have been taken offline, and the group’s members are splintering off into other ransomware groups, according to security firm Advanced Intel. The shutdown comes after the US government offered a $15 million reward for information about Conti’s members.
Canada has become the final country in the Five Eyes intelligence group—which also includes the US, UK, Australia, and New Zealand—to ban the use of Huawei’s telecoms equipment in its 5G networks. Fellow Chinese telecom firm ZTE is also included in the ban. The Canadian government, in an announcement, cited national security concerns and the fact that companies could be forced to comply with orders from “foreign governments.” Starting in September, Canadian firms will be banned from buying new 4G and 5G equipment from the Chinese companies. They must remove all existing 5G equipment by the summer of 2024, and 4G equipment must be removed by the end of 2027.