FINCast Ep. 19 - The DPRK Sanctions Program
Last month, Paul Hastings sponsored the Cybersecurity Law Workshop at the Spring Privacy & Security Forum held at George Washington University in Washington, D.C. The Cybersecurity Law Workshop featured three panels of...more
Businesses should be aware of growing security risks from North Korean IT workers targeting freelance contracts from businesses in the U.S. and other countries. Typically, these workers fraudulently claim they are from the US...more
A threat actor group with ties to the Democratic People’s Republic of Korea (“North Korea”) called Contagious Interview is using front companies to spread malware through fake job interviews. This group has a history of...more
On April 8, 2025, a sweeping rule issued by the US Department of Justice (DOJ) will take effect. The rule imposes restrictions—and in some cases, outright prohibitions—on US companies in connection with certain types of data...more
The Federal Bureau of Investigation (FBI) recently warned employers of increasing security risks from North Korean workers infiltrating U.S. companies by obtaining remote jobs to steal proprietary information and extort money...more
On February 21, 2025, Bybit, one of the world’s largest cryptocurrency exchanges, suffered a cyberattack resulting in the theft of approximately $1.5 billion in Ethereum tokens. This attack marked a new pinnacle in the...more
North Korean IT operatives are infiltrating U.S. and Western companies using stolen or fabricated identities, VPNs, and U.S.-based co-conspirators to gain unauthorized access to corporate systems. These insider threats pose...more
The Google Threat Intelligence Group (GTIG) recently published a new report “Adversarial Misuse of Generative AI,” which is well worth the read. The report shares findings on how government-backed threat actors use and misuse...more
Remote worker fraud is expected to continue to proliferate in 2025. Fully remote hiring and work, particularly in the technology sector, continues to pose unique business and legal risks for companies. Just in December 2024,...more
Major U.S. companies targeted by North Korean threat actors disguised as remote IT workers. Multiple individuals responsible for stealing millions of dollars have already been apprehended by U.S. authorities....more
In today's fast-paced digital world, businesses often seek to access a global pool of skilled professionals by turning to remote talent to fill gaps in their IT needs. Although this practice has many advantages, it also...more
In a significant development, the Department of Justice (DOJ) indicted 14 North Korean nationals on December 11, 2024 for their involvement in a sophisticated scheme to defraud U.S. companies and violate international...more
ComplexDiscovery Editor’s Note: Sandra Joyce’s keynote at the Tallinn Digital Summit 2024 offers a vital look into the shifting dynamics of the cyber threat landscape. As an annual gathering of leaders from the digitally...more
Unit 42 recently reported that it has identified “Jumpy Pisces, a North Korean state-sponsored threat group associated with the Reconnaissance General Bureau of the Korean People’s Army, as a key player in a recent ransomware...more
On June 1, the FBI, the U.S. Department of State and the National Security Agency, together with the Republic of Korea’s (ROK) National Intelligence Service, National Police Agency and Ministry of Foreign Affairs, issued a...more
While there have been major developments in areas such as data security, cloud computing, and artificial intelligence over the past year, threat actors are becoming increasingly aggressive, sophisticated, and in some cases,...more
Big Boosts to Cybersecurity and Tech Funding in $1.7T Omnibus Bill Signed by Biden - “The bipartisan fiscal 2023 omnibus spending agreement includes $2.9 billion for the Cybersecurity and Infrastructure Security Agency, a...more
Executive Summary - The North Korean threat to the crypto ecosystem is the highest form of immediate risk to the crypto-economy driven by a regime that seeks to profit from its misuse to reinforce its regime and fuel all its...more
An inherent aspect of any new technology is that it doesn’t take long for bad actors to figure out how it can be weaponized for nefarious purposes. Cyber-related technologies represent an increasingly dangerous area of risk...more
Editor’s Note: On July 27, 2022, HaystackID shared an educational webcast on the topic of Committee on Foreign Investment in the United States (CFIUS) compliance. CFIUS is a U.S. government interagency committee with the...more
On July 7, 2022, three federal agencies – the Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency, and the Department of the Treasury – issued a joint alert regarding Maui Ransomware, which...more
ACI’s Annual Flagship Conference on Economic Sanctions Enforcement and Compliance is widely regarded as the premier conference designed for those working in global sanctions compliance, internal audits and investigations,...more
The Treasury Department’s Office of Foreign Assets Control (OFAC) issued an advisory on October 1, 2020, warning companies that engage with the victims of ransomware attacks that they run the risk of violating U.S. sanctions...more
This quarter, the U.S. announced new sanctions and trade restrictions on China in response to its recent encroachments on Hong Kong and its reported mistreatment of ethnic minorities. OFAC continued to target shipping...more
In the past, sanctioned jurisdictions like Venezuela have embraced virtual currency as a way to bypass channels that involve U.S. dollars, blunting the impact of U.S. economic sanctions policies aimed at isolating those...more