And in story updates,
A recent report from Google’s Threat Intelligence Group reveals that North Korea’s IT worker scam, which previously targeted U.S. companies, is now spreading across Europe. This expansion comes after U.S. law enforcement efforts disrupted many operations in the States. The report indicates that North Korean operatives are actively seeking jobs in sectors such as defense and government, using fabricated references and identities. One individual reportedly operated at least twelve different personas across Europe and the United States. North Korean IT workers can earn over three hundred thousand dollars annually, with teams potentially generating over three million dollars each year. The scammers are increasingly targeting large organizations, threatening to leak sensitive information if they are discovered. The FBI has confirmed this shift in tactics, stating that more North Koreans are now attempting to extort companies. The report highlights the complex logistical networks established by these operatives, allowing them to appear as if they are working locally while actually operating from countries such as China and Russia.
The Department of Defense has launched an investigation into Secretary of Defense Pete Hegseth’s use of the encrypted messaging app Signal after allegations that classified military information about operations in Yemen was shared in a group chat that included journalist Jeffrey Goldberg. The Senate Armed Services Committee, led by Republican Roger Wicker and Democrat Jack Reed, requested the investigation, raising concerns about the potential security risks associated with discussing sensitive information on unclassified networks. The Pentagon’s guidelines suggest that the detailed operational plans discussed could be classified at least at the “secret” level. The inquiry will assess compliance with DoD policies regarding the use of commercial messaging applications for official business.
Microsoft is implementing new requirements for high-volume email senders, specifically targeting those sending more than five thousand emails per day. These changes aim to enhance email authentication and improve security against spoofing and phishing attacks. Starting in May 2025, non-compliant messages will be directed to the Junk folder, with potential future rejections for continued non-compliance. Senders will be required to adhere to stricter standards, including mandatory Sender Policy Framework, DomainKeys Identified Mail, and Domain-based Message Authentication standards, aka DMARC.
Why do we care?
The expansion of North Korean IT worker scams from the U.S. to Europe is a concerning development. These operatives are targeting high-value sectors like defense and government, leveraging fabricated identities to secure lucrative positions. Be warned.
DMARC is coming for Microsoft’s consumer products, and it’s natural to expect their business offerings next.
I’m simply advancing the story around the Signal issues. If you missed Monday’s episode, I did a deep dive on why you care.