All news with #valid accounts tag

⚖️ The U.S. Department of Justice announced five U.S. citizens pleaded guilty for facilitating North Korea’s illicit IT worker and revenue-generation schemes. The defendants hosted company-issued laptops, supplied or sold U.S. identities, and helped overseas IT workers pass vetting to obtain jobs at American firms. DOJ says the schemes impacted more than 136 U.S. companies, generated over $2.2 million for the DPRK, and compromised the identities of more than 18 U.S. persons.

🔒 Five individuals pleaded guilty to facilitating North Korea’s placement of overseas IT workers at U.S. firms using false, stolen, or brokered identities, a scheme that affected 136 companies and generated over $2.2 million for the DPRK. The DOJ also filed civil forfeiture actions to recover more than $15 million in cryptocurrency tied to APT38 thefts that were part of $382 million stolen in 2023. One defendant, Oleksandr Didenko, agreed to forfeit $570,000 in cash and about $830,000 worth of cryptocurrency.

🛡️ Researchers report that threat actors have compromised more than a hundred SonicWall SSLVPN accounts in a large-scale campaign that began on October 4 and persisted through at least October 10. The attackers appear to be using valid, stolen credentials rather than brute-force methods, and many malicious requests originated from IP 202.155.8[.]73. After authenticating, actors conducted reconnaissance and attempted lateral movement to access numerous local Windows accounts; investigators recommend immediate secret rotation, strict access restrictions, and multi-factor authentication for all admin and remote accounts.