North Korean digital fraud targeting Western companies

As analysts and governments around the world continue to call attention to North Korean digital fraud, researchers this week published 1,000 email addresses

Researchers this week published 1,000 email addresses they claim are linked to North Korean IT worker scams perpetrated against Western companies, along with photos of people allegedly involved in the fraud.

The researchers, who work for cybersecurity firm CCChain, said they were able to identify 70 North Korean IT workers who had set up fake LinkedIn profiles to scam Western companies. The researchers said they also collected photos of the IT workers and examples of the scams they perpetrated.

The researchers said they began their investigation after noticing an increase in reports of North Korean digital fraud. Analysts and governments around the world have been sounding the alarm about the threat posed by North Korean cybercrime, which researchers say is used to fund the totalitarian state’s nuclear and missile programs.

One common scam involves North Korean IT workers posing as executives at legitimate companies and contacting employees at Western firms. The IT workers then try to scam the employees into transferring money to bank accounts controlled by the North Koreans.

The researchers said they were able to track the IT workers' activities online and identify the email addresses they used to communicate with their victims. They also collected photos of the IT workers from their LinkedIn profiles and other social media accounts.

The researchers said they hope that their findings will help to raise awareness of the threat posed by North Korean digital fraud and put pressure on the regime to stop it.

"We believe that it is important to continue to shed light on the activities of the North Korean government and to hold them accountable for their actions," the researchers said in a statement.

The researchers' findings were reported by cybersecurity news outlet Zscaler.

In other news, marketplace and platform Xinbi Guarantee, which was used by Chinese-speaking crypto scammers for laundering money, grew into an $8.4 billion hub before a crackdown by messaging app Telegram this week.

The platform was shut down after Telegram moved to shut down a wave of crypto scam operations that were siphoning billions of dollars from users. The takedown included prominent names like Haowang Guarantee, a black market known for enabling $27 billion in transactions.

The move by Telegram comes as the messaging app faces increasing pressure to do more to combat the scourge of cryptocurrency scams.

The scammers would create fake investment opportunities to fleece users out of cryptocurrency, which they would then launder through platforms like Xinbi Guarantee. The scammers were able to operate with impunity for years, but their activities finally came to light in recent months as several high-profile scams were reported in the media.

The scammers were also able to use their wealth to influence the cryptocurrency community and get preferential treatment from exchanges and other institutions. For example, one scam known as "Plus Token" was able to raise billions of dollars from retail investors before collapsing in 2019.

The crackdown by Telegram is a significant development in the ongoing battle against cryptocurrency scams. It remains to be seen what impact the takedown will have on the scammers' activities. However, the fact that Telegram was willing to take such drastic measures is a clear indication that the messaging app is taking the problem seriously.

And if you’re looking for more coverage of the legal and regulatory issues impacting the online world, be sure to check out WIRED’s full coverage here.

The acting director of the Consumer Financial Protection Bureau is quietly eliminating a planned initiative to more tightly regulate the sale of Americans’ sensitive personal data.

The move by acting CFPB Director Russell Vought comes as Congress has largely failed to pass federal privacy legislation that would set clear limits on how companies collect, use, and sell consumers’ data. It also arrives amid a burgeoning threat posed by deepfake and generative AI scams.

CFPB had originally launched the initiative last year in response to increasingly far reaching and reckless behavior by data brokers.

The CFPB unveiled plans to propose new rules that year that would restrict the types of personal data that could be sold and require companies to obtain consumers’ consent before selling their data. The agency also planned to limit the types of inferences that data brokers could make about consumers based on the data they collect.

But Vought decided to axe the initiative to propose new data privacy rules this year, according to a CFPB spokesperson. The spokesperson said that Vought made the decision because he feels that Congress should be the one to set federal privacy standards.

The move is likely to enrage consumer advocates, who have been pushing for CFPB to take action to regulate the data privacy market. They argue that data brokers are engaging in unfair and deceptive practices, such as selling consumers’ personal data without their consent and making false or misleading claims about the data they sell.

“Congress has largely failed to act on federal privacy legislation that would set clear limits on how companies collect, use, and sell our personal data,” consumer groups wrote in January to House leadership. “This failure has left a vacuum that is being filled by an opaque and largely unregulated market in personal data.”

The CFPB is charged with enforcing federal consumer financial laws, including the Fair Credit Reporting Act