North Korean hackers attack US hospitals

With Major As U.S. intelligence mandate expires at the end of the year, with congressional controversy brewing over whether to renew it or not, new internal audit details show U.S. Federal Bureau of Investigation (FBI) officials have repeatedly conducted illegal searches of data collected under threat from an oversight body . The agents requested information about journalists, a US congressman, and a political party as a result of what the US Department of Justice called “misunderstandings.”

This week, WIRED spoke to the creator of Sinbad.io, a cryptocurrency privacy service popular with North Korean hackers and other cybercriminals that has facilitated tens of millions of dollars in money laundering. And UK and US officials have announced sanctions against seven alleged members of the Conti and Trickbot ransomware groups, releasing their real names, dates of birth, email addresses and photos. Both governments have also taken the unusual step of bluntly saying they see evidence of links between Russian-based cybercriminal groups and the Kremlin’s intelligence agencies.

US President Joe Biden said in his address to Congress this week that the US needs a bipartisan effort to “impose stricter limits on the personal data that companies collect about all of us.” The reaction in Washington following the speech was encouraging, but also realistic that US privacy legislation coming soon could be too much of a political minefield to overcome. Meanwhile, legal experts told WIRED this week that the US Fair Credit Act should already limit the information about Americans that data brokers can collect and sell. A new letter to the Consumer Financial Protection Bureau calls for the agency to begin prosecuting violations.

We looked at how Moscow’s vast smart city initiative, launched with the promise of lowering crime rates, is increasingly being used to draconian AI-powered city surveillance amid Vladimir Putin’s war in Ukraine. And if you were hoping to delete your private messages on Twitter via GDPR erasure requests, the company doesn’t seem to have any compliance plans.

In addition, there are more. Every week we collect stories that we ourselves have not covered in detail. Click on the headings to read all stories. And stay safe there.

North Korea’s state-sponsored elite hackers are among the most ruthless in the world, stealing millions of cryptocurrencies every year to avoid sanctions and fund the hermit. national nuclear programs. New security warning from officials in the US and South Korea this week shows how ruthless the country’s actors can be. State-supported hackers used dozens of types of malware and ransomware according to the US National Security Agency (NSA), the FBI, and the Cybersecurity and Infrastructure Security Agency (CISA), to attack hospitals and healthcare systems in South Korea and the United States.

John Hultquist, lead intelligence analyst at security firm Mandiant, says the attacks are connected the Andariel group and that several hospitals “had to suffer severe disruption” due to the attacks. In some of their operations, the government bulletin says, attackers will try to “obfuscate” their involvement, use VPNs or virtual private servers to mask their location, and exploit common vulnerabilities to gain access to networks. The attackers used their own privately developed malware as well as strains of ransomware belonging to other groups such as LockBit.

Pro-China bot accounts on Twitter and Facebook are circulating news videos denouncing the lack of action against gun violence in the US and promoting China’s global politics. Messaging isn’t exactly new, but it’s there fall into propaganda: The news anchors in the videos, male and female, are not real. These are AI-created characters commonly known as deepfakes. The videos were discovered last year disinformation research company Graphika, which states that “this is the first time we’ve seen this in the wild.” The company says it believes the videos were created using commercial AI video software and were generally of poor quality. None of the videos got more than 300 views.

Researchers from universities in the UK and Ireland found that the leading Android phones in China collection of people’s personal data. The pre-installed operating systems on Xiaomi, OnePlus and Oppo Realme devices collect people’s location information, call history and profile information before sending it to third parties. study by scientists at the University of Edinburgh and Trinity College Dublin. The researchers conducted a study of phones purchased in China and measured the network traffic generated by these devices. In many cases, they write, people are not notified of the data being collected and have no option to opt out. The study again highlights how different China’s privacy practices are compared to many other parts of the world, as well as the many ways people can be tracked. “The data shared by the global firmware version is mostly limited to device-specific information,” the researchers conclude.

Reddit reported on Thursday that hackers gained access to its source code after a successful phishing attack compromised an employee’s system credentials. The incident also exposed the contract information of hundreds of current and former employees and Reddit contacts. Reddit, owned by parent company WIRED Advance Publications, said the incident did not affect user passwords or production systems, but suggested that users reset their passwords and ensure two-factor authentication was enabled for their accounts. The company also said the lessons it learned from the data breach five years ago were both protective and helpful in dealing with the recent incident.