TrickBot:
Trickbot is a banking trojan which started off as a derivative of the Dyre banking trojan in 2016 before evolving independent features which turned it into a flexible and modular piece of malware, enabling cybercriminals to deploy multiple payloads including malware. Joint sanctions between the United Kingdom and the United States were levied against 11 named individuals believed to have been involved in the development of the TrickBot trojan. Additionally, two individuals have been arrested and faced charges relating to their involvement with the banking trojan, a Latvian national, Alla Witte, plead guilty to conspiracy to commit computer fraud for their involvement with the group, and in June 2023 was sentenced to 32 months imprisonment. Additionally, Russian national Vladimir Dunaev, was arrested in South Korea in September 2021 and was extradited to the United States; he plead guilty to committing computer fraud and identity theft as well as conspiracy to commit wire fraud and bank fraud, and faces up to a maximum of 35 years in prison upon his scheduled sentencing on 20 March 2024.
Sanctions against North Korea:
worker operations threaten international security by financing the DPRK regime and its dangerous activities, including its unlawful weapons of mass destruction (WMD) and ballistic missile programs.”
In May, the US Treasury Department’s Office of Foreign Assets Control (OFAC) levied sanctions against four corporate, government, and academic entities as well as one individual for their involvement in international fraud for the purposes of raising funds for the North Korean regime. Thousands of workers hide their identity to be hired as IT professionals overseas in order to generate revenue for the government through receiving foreign salaries and funnelling them back to Pyongyang. Some of these workers receive salaries in excess of a quarter of a million dollars, and while this may not be applicable for every one of the illicit IT workers, the economy of scale through utilising thousands of agents means the Kim regime is able to generate significant funds.
BreachForums and Pompompurin
US authorities in March arrested the threat actor responsible for successfully hacking the FBI in 2021. Conor Brian Fitzpatrick, known online by his alias Pompompurin, and is also connected to the FBI’s InfraGard network breach in 2022, the 2022 Twitter data leak, the 2021 Robinhood hack, as well as being the owner of BreachForums. BreachForums rose to take the place of RaidForums after its own takedown at the hands of the FBI in 2022 and has been host to such data as PII of roughly 170,000 individuals affected by the DC Health Link breach in March 2023. Only 20 at the time of his arrest, Fitzpatrick was charged with three crimes: conspiracy to commit access device fraud; solicitation for the purpose of offering access devices; and possession of child pornography. Held on a $300,000 bond paid by his parents, Fitzpatrick has since pled guilty to all three charges and faces up to a maximum of 40 years behind bars.
US Secretary of State, Anthony Blinken, summarises the issue as:
“The DPRK conducts malicious cyber activities and deploys information technology (IT) workers abroad who fraudulently obtain employment to generate revenue that supports the Kim regime . . . The DPRK’s extensive illicit cyber and IT
15
Made with FlippingBook - PDF hosting