Tag: sanctions

What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 7/21/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Woman gets 8 years for aiding North Koreans infiltrate 300 US firms

This article details the sentencing of Christina Marie Chapman to 102 months in prison for her pivotal role in a sophisticated scheme that allowed North Korean IT workers to infiltrate over 300 U.S. companies. Chapman facilitated this by operating a “laptop farm” in her Arizona home, creating the illusion that the workers were based in the United States. Her co-conspirator, Ukrainian citizen Oleksandr Didenko, ran an online platform, UpWorkSell, which provided false identities for the North Koreans seeking remote IT positions. This elaborate operation enabled the North Korean workers to illicitly collect over $17 million, a portion of which was funneled through Chapman’s financial accounts.

The scope of this infiltration was extensive, with North Korean individuals securing remote software and application development roles in a wide array of high-profile U.S. entities, including Fortune 500 companies, an aerospace and defense firm, a major television network, and a Silicon Valley technology company. This access not only generated significant illicit revenue for the North Korean regime but also posed substantial national security risks by potentially exposing sensitive information and intellectual property within critical U.S. industries. The scheme highlights the persistent and evolving methods used by foreign adversaries to exploit vulnerabilities in remote work environments.

In response to this and similar incidents, U.S. authorities have intensified their efforts to counter North Korean IT worker schemes. The Department of Justice has been actively disrupting extensive networks involved in these operations, leading to charges against individuals like Chapman and Didenko, as well as other foreign nationals. Concurrently, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has issued sanctions against North Korean front companies and associated individuals. These actions, coupled with updated FBI guidance for U.S. businesses and joint advisories with international partners, underscore a concerted strategy to mitigate the threat posed by North Korea’s illicit revenue generation and espionage activities.

Projects
- TryHackMe – Web Application Basics – In Progress
Articles
- Ivanti Zero-Days Exploited to Drop MDifyLoader and Launch In-Memory Cobalt Strike Attacks – Cybersecurity researchers have disclosed details of a new malware called MDifyLoader that has been observed in conjunction with cyber attacks exploiting security flaws in Ivanti Connect Secure (ICS) appliances.
- CISA Orders Urgent Patching After Chinese Hackers Exploit SharePoint Flaws in Live Attacks – The U.S. Cybersecurity and Infrastructure Security Agency (CISA), on July 22, 2025, added two Microsoft SharePoint flaws, CVE-2025-49704 and CVE-2025-49706, to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
- Ukraine arrests suspected admin of XSS Russian hacking forum – The suspected administrator of the Russian-speaking hacking forum XSS.is was arrested by the Ukrainian authorities yesterday at the request of the Paris public prosecutor’s office.
- ExpressVPN bug leaked user IPs in Remote Desktop sessions – ExpressVPN has fixed a flaw in its Windows client that caused Remote Desktop Protocol (RDP) traffic to bypass the virtual private network (VPN) tunnel, exposing the users’ real IP addresses.
- Nuclear Weapons Agency Breached in Microsoft SharePoint Hack – The US agency responsible for maintaining and designing the nation’s cache of nuclear weapons was among those breached by a hack of Microsoft Corp.’s SharePoint document management software, according to a person with knowledge of the matter.
- Scattered Spider Hijacks VMware ESXi to Deploy Ransomware on Critical U.S. Infrastructure – The notorious cybercrime group known as Scattered Spider is targeting VMware ESXi hypervisors in attacks targeting retail, airline, and transportation sectors in North America.
- UK Student Sentenced to Prison for Selling Phishing Kits – Ollie Holman was sentenced to prison for selling over 1,000 phishing kits that caused estimated losses of over $134 million.
- Woman gets 8 years for aiding North Koreans infiltrate 300 US firms – Christina Marie Chapman, a 50-year-old woman from Arizona, was sentenced to 102 months in prison after pleading guilty to her involvement in a scheme that enabled North Korean IT workers to infiltrate 309 U.S. companies.
Podcasts
July 28, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 6/30/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: US shuts down a string of North Korean IT worker scams

The US Department of Justice has successfully disrupted several sophisticated IT worker scams orchestrated by North Korea, leading to two indictments, one arrest, and the seizure of 137 laptops. These operations involved North Korean IT staff using stolen or fictitious identities to secure remote positions at over 100 US companies. Beyond drawing salaries, these individuals allegedly exfiltrated sensitive data for Pyongyang and engaged in virtual currency theft, with one instance involving a $740,000 cryptocurrency heist. This tactic of deploying remote IT workers, facilitated by the shift to remote work during the COVID-19 pandemic, is a significant evolution from North Korea’s traditional cybercrime activities, which are primarily aimed at circumventing international sanctions and funding their illicit weapons programs.

One key aspect of these scams involved the establishment of “laptop farms” in the US. These farms allowed North Korean coders to remotely control company-issued laptops, making it appear as though the workers were operating within the US, thereby evading detection by employers monitoring IP ranges. Zhenxing “Danny” Wang, one of the indicted individuals, is accused of setting up a fake software development business that funneled approximately $5 million back to North Korea and left US companies with an estimated $3 million in cleanup costs. This complex network highlights the critical role of US-based collaborators in enabling these schemes and the substantial financial gains reaped by both the North Korean regime and its stateside operatives.

The investigations also revealed a more direct form of cryptocurrency theft, as seen in the case of four North Koreans who traveled to the UAE to secure remote programming jobs. These individuals, using stolen identities, were able to gain access to company virtual wallets and subsequently steal significant amounts of cryptocurrency, which was then laundered using sanctioned tools like Tornado Cash. The ongoing nature of these threats underscores the challenges faced by companies hiring remote IT workers and the persistent efforts by North Korea to exploit vulnerabilities for financial gain. The US Department of Justice is actively pursuing these cases, offering substantial bounties for information that helps dismantle North Korea’s illicit financial mechanisms.

Projects
- TryHackMe – Web Application Basics – In Progress
Articles
- US shuts down a string of North Korean IT worker scams – The US Department of Justice has announced a major disruption of multiple North Korean fake IT worker scams.
- Stablecoin protocol Resupply loses $9.6M to price manipulation exploit – A flaw in ResupplyFi’s contract allowed an attacker to manipulate token prices and drain $9.6 million from its wstUSR market.
- Hacker Conversations: Rachel Tobac and the Art of Social Engineering – Rachel Tobac is a cyber social engineer. She is skilled at persuading people to do what she wants, rather than what they know they ought to do.
- Hackers stole data on 2.2 million people in cyberattack affecting American grocery chains – The Dutch conglomerate behind dozens of major American supermarket brands said more than 2.2 million people had information stolen from its systems during a cyberattack in November that left customers unable to place delivery orders online.
- Aloha, you’ve been pwned: Hawaiian Airlines discloses ‘cybersecurity event’ – ‘No impact on safety,’ FAA tells The Reg
- The FBI warns that Scattered Spider is now targeting the airline sector – The FBI warns that Scattered Spider is now targeting the airline sector. Feds are working with aviation partners to combat the threat and assist affected victims.
- Ex-student charged over hacking university for cheap parking, data breaches – New South Wales police in Australia have arrested a 27-year-old former Western Sydney University (WSU) student for allegedly hacking into the University’s systems on multiple occasions, starting with a scheme to obtain cheaper parking.
- Qantas Confirms Major Data Breach Linked to Third-Party Vendor – Qantas has confirmed a data breach after attackers gained access through a third-party call centre platform, affecting millions of frequent flyers just as the airline industry heads into its busiest season.
July 7, 2025

Tag: sanctions

What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 7/21/25

Featured Analysis

Projects

Articles

Podcasts

What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 6/30/25

Featured Analysis

Projects

Articles