South Korean IT Firm Conspired With North Korean Hackers, Stole $2.5M Via Ransomware
Read also: Nigeria dismantles cybercrime recruiting and mentoring hub, two Russians charged over JFK taxi dispatch hack, and more.
Thursday, November 2, 2023
5 employees of an IT firm that stole $2.5M via ransomware detained in South Korea
South Korean authorities detained five employees of an IT company (including its CEO) that provided data recovery services suspected of collaborating with the North Korean state-sponsored hacker group Lazarus. All the suspects were charged with aiding and abetting extortion.
The police said that over four years, the firm collected 3.4 billion won (~$2.5 million) in recovery costs from more than 700 companies that had their systems infected with ransomware distributed by the North Korean hackers.
During the searches, the police found evidence indicating that the company’s employees conspired with Lazarus through Telegram and email messages and received a manual on how to recover the encrypted data from the hackers.
The company shared proceeds from the ransomware data recovery with the Lazarus hackers. The investigation found that some of the cryptocurrency wallets to which the firm sent cryptocurrency belonged to Lazarus. The total amount of funds transferred to the hacker group is being investigated.
Request your free demo now and talk to our experts.
Nigeria dismantles cybercrime recruiting and mentoring hub
The Nigerian Police Force (NPF) announced the takedown of a cybercrime training and operational center run by a sophisticated cybercriminal ring involved in illegal activities, including Business Email Compromise (BEC) schemes, romance scams, investment fraud and other crimes.
The authorities arrested six suspects in connection to the case who admitted their involvement in various crimes, including identity theft, hacking and trading of breached Facebook accounts, romance scams, computer-related forgery and other computer-related offences.
The suspects will be charged once the investigation is complete, the police said. The authorities are still tracking other members of the organization who are currently remaining at large.
Two Russians charged over JFK taxi dispatch hack
The US authorities have charged two Russian nationals, Aleksandr Derebenetc aka ‘Sasha Novgorod’ and Kirill Shipulin aka ‘Kirill Russia’ over their involvement in a hacking scheme that compromised the digital taxi dispatch system at John F. Kennedy International Airport (“JFK”), which allowed them to earn money by charging taxi drivers for queue-jumping to obtain fares.
Both Derebenetc and Shipulin were charged with two counts of conspiracy to commit computer intrusions. Two other co-conspirators in the scheme, Daniel Abayev and Peter Layman, both US citizens, were charged with similar offenses. Both men pled guilty on October 30, and October 4, 2023, respectively.
According to the authorities, between November 2019 and November 2020, the four defendants breached JFK’s electronic dispatch system and moved specific taxis to the front of the line, charging $10 for their services. The illegal scheme allowed around 1,000 taxi drivers to skip the queue per day.
Derebenetc and Shipulin (both remain at large) could face a maximum sentence of 10 years in prison if found guilty, while Abayev and Layman could get up to five years in prison.
SIM swapper gets 30 months in prison for a $1M crypto theft
Jordan Dave Persad, a 20-year-old Florida resident, has been given a 30-month prison sentence plus three years of supervised release for his role in a SIM-swapping scheme that saw around $1 million stolen from dozens of victims.
Persad and his unnamed accomplices compromised victims’ email accounts, hijacked their cell phone numbers, and gained access to their cryptocurrency wallets.
The stolen assets were divided between co-conspirators, with Persad receiving up to $475,000. Some of these funds were recovered during police searches at Persad’s home.
In addition to the prison sentence, the SIM swapper was ordered to pay nearly $1 million in restitution.
An illegal IPTV network that generated millions of euros shut down in Austria
Austrian police dismantled a large pirate IPTV network that distributed copyright-protected content to thousands of customers.
An investigation into the network was launched in Germany in 2022, after a company filed a copyright infringement claim, and led to Austria where one of the suspects linked to the network resided.
The pirate ring, which has been in operation since 2016, consisted of suppliers who decrypted copyrighted and encrypted TV signals and resellers who bought the illegal TV access for a price ranging between 20-40 euros per year and re-sold it to thousands of customers for a much higher price.
The criminal network consisted exclusively of Turkish citizens, the police said. The authorities arrested 20 perpetrators across Austria, including three key members of the enterprise, and seized 1.6 million euros, computer equipment, mobile phones, and vehicles.
What’s next:
- Join our upcoming webinars
- Follow ImmuniWeb on Twitter, LinkedIn and Telegram
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Key Dutch has been working in information technology and cybersecurity for over 20 years, starting his first job with Windows 95 and dial-up modems. As the Editor-in-Chief of our Cybercrime Prosecution Weekly blog series, he compiles the most interesting news about police operations against cybercrime, as well as about regulatory actions enforcing data protection and privacy law. 
