Cybercrime

TikTok battles cyberattacks amid national security concerns

TikTok has recently thwarted a cyberattack targeting several high-profile accounts, including CNN and Paris Hilton, though Hilton’s account remained uncompromised. The company is working closely with affected users to restore access and enhance security measures to prevent future breaches.

The number of compromised accounts is minimal, according to TikTok, which is actively assisting those affected. The incident occurred as TikTok’s parent company, ByteDance, faced a legal battle against a US law that demands the app be sold or face a national ban by January.

The US government has raised national security concerns over Chinese ownership of TikTok. Still, the company maintains that it has taken significant steps to safeguard user data and privacy, asserting that it will not share American user information with the Chinese government.

Chinese national behind 911 S5 botnet arrested in Singapore

The US Department of Justice (DOJ) announced the arrest of a Chinese national, Wang Yunhe, in an international operation targeting cybercrime. Wang, aged 35, was apprehended in Singapore on 24 May for allegedly creating and using malware responsible for cyberattacks, large-scale fraud, and child exploitation. This arrest comes on the heels of a similar high-profile sweep last August, involving 10 Chinese citizens charged with laundering over $2 billion through Singapore.

According to the US Treasury Department, the botnet, known as ‘911 S5,’ was used by criminals to compromise personal devices to further conduct identity theft, financial fraud, and child exploitation.

The Treasury’s Office of Foreign Assets Control has now imposed sanctions on three Chinese nationals behind the platform—Yunhe Wang, Jingping Liu, and Yanni Zheng—and on three entities owned or controlled by Yunhe Wang. FBI Director Christopher Wray described the ‘911 S5’ botnet as likely the world’s largest, comprising malware-infected computers in nearly 200 countries.

According to the DOJ, Wang and unnamed accomplices developed and distributed malware that compromised millions of residential Windows computers worldwide. From 2018 to July 2022, Wang accrued $99 million from selling access to hijacked IP addresses, facilitating cybercriminals in bypassing financial fraud detection systems. These criminals committed fraud, resulting in losses exceeding $5.9 billion, including 560,000 fraudulent unemployment insurance claims.

Wang used the illicitly obtained proceeds to acquire assets globally, spanning properties in the USA, Saint Kitts and Nevis, China, Singapore, Thailand, and the UAE. His possessions included luxury sports cars, numerous bank accounts, cryptocurrency wallets, luxury watches, and 21 properties across multiple countries. Matthew S. Axelrod from the US Department of Commerce’s Bureau of Industry and Security described the case as resembling a screenplay, highlighting the extensive criminal enterprise and lavish expenditures financed by nearly $100 million in profits.

The operation is a collaborative effort led by law enforcement agencies from the US, Singapore, Thailand, and Germany. It underscores the international cooperation required to combat cybercrime effectively.

The FBI has published information at fbi.gov/911S5 to help identify and remove 911 S5’s VPN applications from infected devices.

Israeli private investigator questioned by FBI over hack allegations

An Israeli private investigator, Amit Forlit, who is wanted by the US over hack-for-hire allegations, had reportedly been questioned by FBI agents regarding his work for the Washington public affairs firm DCI Group, according to sources familiar with the matter. This revelation sheds light on a broader US probe into cyber-mercenary activities, suggesting a deeper investigation than previously acknowledged.

Forlit was arrested at London’s Heathrow Airport on 30 April on cybercrime and wire fraud charges related to a ‘hack for hire scheme’ allegedly conducted on behalf of various clients. Following a procedural error by British authorities, he was released two days later but was rearrested on the same charges on Thursday. Forlit has since been released on bail, with conditions including surrendering his passport and remaining in the country.

Despite Forlit’s denial of commissioning or paying for hacking, his connection to convicted Israeli private investigator Aviram Azari, who was sentenced last year, raises questions. Forlit allegedly expressed concern about potential arrest by American law enforcement following Azari’s case. Additionally, Forlit is facing a separate lawsuit in New York federal court over allegations of email theft in 2016, although he denies any involvement. Court records suggest Forlit had business ties with DCI Group, further implicating him in the ongoing investigations.

FCC proposes $6 million fine for scammer impersonating US President Biden in robocalls

The FCC has proposed a $6 million fine against a scammer who used voice-cloning technology to impersonate US President Biden in a series of illegal robocalls during the New Hampshire primary election. This incident serves as a stern warning to other potential high-tech scammers about the misuse of generative AI in such schemes. In January, many New Hampshire voters received fraudulent calls mimicking President Biden, urging them not to vote in the primary. The voice-cloning technology, which has become widely accessible, enabled this deception with just a few minutes of Biden’s publicly available speeches.

The FCC and other law enforcement agencies have made it clear that using fake voices to suppress votes or for other malicious activities is strictly prohibited. Loyaan Egal, the chief of the FCC’s Enforcement Bureau, emphasised their commitment to preventing the misuse of telecommunications networks for such purposes. The primary perpetrator, political consultant Steve Kramer, collaborated with the disreputable Life Corporation and telecom company Lingo, among others, to execute the robocall scheme.

While Kramer faces violations of several rules, there are currently no criminal charges against him or his associates. The FCC’s power is limited to civil penalties, requiring cooperation with local or federal law enforcement for further action. Although the $6 million fine represents a significant penalty, the actual amount paid may be lower due to various factors. Kramer has the opportunity to respond to the allegations, and additional actions are being taken against Lingo, which could lead to further fines or the loss of licenses.

Following this case, the FCC officially declared in February that AI-generated voices are illegal to use in robocalls. This decision underscores the agency’s stance on generative AI and its potential for abuse, aiming to prevent future incidents of voter suppression and other fraudulent activities.

North Korea’s alleged $147.5 million crypto laundering revealed by UN

According to confidential findings by UN sanctions monitors, North Korea utilised the virtual currency platform Tornado Cash to launder $147.5 million in March, following its theft from a cryptocurrency exchange last year. The monitors revealed to a UN Security Council sanctions committee that they had been investigating 97 suspected cyberattacks by North Korea on cryptocurrency companies between 2017 and 2024, totalling approximately $3.6 billion.

As can be seen in these confidential findings, one notable incident involved the theft of $147.5 million from the HTX cryptocurrency exchange late last year, which was then laundered in March. The monitors cited information from crypto analytics firm PeckShield and blockchain research firm Elliptic. In 2024 alone, they investigated 11 cryptocurrency thefts valued at $54.7 million, suggesting possible involvement by North Korean IT workers hired by small crypto-related companies.

North Korea, officially known as the Democratic People’s Republic of Korea (DPRK), has faced UN sanctions since 2006, aimed at curbing funding for its ballistic missile and nuclear programs. The US has previously sanctioned Tornado Cash over alleged support for North Korea, with two co-founders charged with facilitating money laundering. Virtual currency ‘mixer’ platforms like Tornado Cash blend cryptocurrencies to obscure their source and ownership.

Additionally, the monitors highlighted ongoing concerns about illicit arms trade between North Korea and Russia, with suspected shipments between North Korea’s Rajin port and Russian ports. There were also reports of North Korean cargo ships offloading coal in Chinese waters, potentially evading sanctions. Both China and Russia declined to comment on the monitors’ findings.

Hack exposes Indian police facial recognition data amid growing surveillance concerns

In India, a breach of the Tamil Nadu Police Facial Recognition Portal by the hacker group ‘Valerie’ exposed data on over 50,000 people, including police officers and First Information Reports (FIRs). The stolen information is now being sold on the dark web and could be exploited for scams, as reported by The New Indian Express.

Deployed in 2021, the Tamil Nadu police’s facial recognition system uses software from the Centre for Development of Advanced Computing (CDAC) Kolkata. It was intended for officers to verify suspects on patrol but has been criticised for its broad criteria in identifying potential suspects.

Despite the risks, India continues to expand its use of facial recognition since Meghalaya is deploying 300 cameras in Shillong, Jammu, and Kashmir using AI facial recognition on highways. Telangana police are upgrading to a more comprehensive biometric system under the new Criminal Procedure (Identification) Act, 2022.

Why does it matter?

As India advances its digital transformation with major projects like Aadhaar and Digi Yatra, biometric monitoring has become common, and much of the technology powering these initiatives comes from Japan. According to a report from The Wire, Japanese tech firms, particularly NEC, supply many of India’s police forces with biometric tools. Although NEC has a human rights policy, domestic misuse remains a concern.

Cybercriminals exploit Facebook ads for fake AI tools and malware

Cybersecurity researchers from Bitdefender have uncovered a disturbing trend where cybercriminals exploit Facebook’s advertising platform to promote counterfeit versions of popular generative AI tools, including OpenAI’s Sora, DALL-E, ChatGPT 5, and Midjourney. These fraudulent Facebook ads are designed to trick unsuspecting users into downloading malware-infected software, leading to the theft of sensitive personal information.

The hackers hijack legitimate Facebook pages of well-known AI tools like Midjourney to impersonate these services, making false claims about exclusive access to new features. The malicious ads direct users to join related Facebook communities, where they are prompted to download supposed ‘desktop versions’ of the AI tools. However, these downloads contain Windows executables packed with harmful viruses like Rilide, Nova, Vidar, and IceRAT, which can steal stored credentials, cryptocurrency wallet data, and credit card details for illicit use.

The cybercrime scheme goes beyond fake ads and hijacked pages; it involves setting up multiple websites to avoid suspicion and using platforms like GoFile to distribute malware through fake Midjourney landing pages. Bitdefender’s analysis highlighted that hackers particularly targeted European Facebook users, with a prominent fake Midjourney page amassing 1.2 million followers before being shut down on 8 March 2024. The reach of these scams extended across countries like Sweden, Romania, Belgium, Germany, and others, with ads primarily targeting European males aged 25-55.

Bitdefender’s report also exposed the cybercriminals’ comprehensive distribution network for malware, known as Malware-as-a-Service (MaaS), enabling anyone to conduct sophisticated attacks. These include data theft, online account compromise, ransom demands after encrypting data, and fraudulent activities.

The case mirrors previous incidents, such as Google’s lawsuit against scammers in 2023 for using fake ads to spread malware. In that case, scammers posed as official Google channels to entice users into downloading purported AI products, highlighting a broader trend of exploiting trusted platforms for illicit gains.

Google sues alleged scammers for distributing fraudulent crypto apps on Play Store

Google has initiated legal action against two alleged crypto scammers for distributing fraudulent cryptocurrency trading apps through its Play Store, deceiving users and extracting money from them. Based in China and Hong Kong, the accused developers uploaded 87 deceptive apps that reportedly conned over 100,000 individuals. According to Google, users suffered losses ranging from $100 to tens of thousands per person due to these schemes, which have been operational since at least 2019.

The lawsuit marks Google’s proactive stance against such scams since Google swiftly removed the fraudulent apps from its Play Store. The company’s general counsel, Halimah DeLaine Prado, emphasised that holding these bad actors accountable is crucial to safeguarding users and maintaining the integrity of the app store. The company claims it incurred over $75,000 in economic damages while investigating this fraud.

The scam reportedly enticed users through romance messages and YouTube videos, urging them to download fake cryptocurrency apps. The scammers allegedly misled users into believing they could profit by becoming affiliates of the platforms. Once users invested money, the apps displayed false investment returns and balances, preventing users from withdrawing funds or imposing additional fees, ultimately leading to more financial losses.

Google’s legal action accuses the developers of violating its terms of service and the Racketeer Influenced and Corrupt Organizations Act. The company seeks to block further fraudulent activities by the defendants and aims to recover unspecified damages. The legal move represents Google’s commitment to combating app-based scams and protecting users from deceptive practices on its platform.

Microsoft faulted for preventable Chinese hack

A report released by the US Cyber Safety Review Board on Tuesday blamed Microsoft for a targeted Chinese hack on top government officials’ emails, deeming it ‘preventable’ due to cybersecurity lapses and lack of transparency. The breach, orchestrated by the Storm-0558 hacking group affiliated with China, originated from the compromise of a Microsoft engineer’s corporate account. Microsoft highlighted ongoing efforts to bolster security infrastructure and processes, pledging to review the report for further recommendations.

The board’s report outlined decisions by Microsoft that diminished enterprise security, risk management, and customer trust, prompting recommendations for comprehensive security reforms across all Microsoft products. Last year, the intrusion affected senior officials at the US State and Commerce departments, including Commerce Secretary Gina Raimondo and US Ambassador to China Nicholas Burns, raising concerns about the theft of sensitive emails from prominent American figures.

Despite acknowledging the inevitability of cyberattacks from well-resourced adversaries, Microsoft emphasised its commitment to enhancing system defences and implementing robust security measures. The company highlighted ongoing efforts to fortify systems against cyber threats and enhance detection capabilities to fend off adversarial attacks. The incident underscores the persistent challenges posed by cyber threats and the imperative for technology companies to prioritise cybersecurity measures to safeguard sensitive data and operations against evolving threats.

China’s top prosecutor warns cybercriminals are exploiting blockchain and metaverse projects

China’s Supreme People’s Procuratorate (SPP) is ramping up efforts to combat cybercrime by targeting criminals who use blockchain and metaverse projects for illegal activities. The SPP is alarmed by the recent surge in online fraud, cyber violence, and personal information infringement. Notably, the SPP has observed a significant rise in cybercrimes committed on blockchains and within the metaverse, with criminals increasingly relying on cryptocurrencies for money laundering, making it challenging to trace their illicit wealth.

Ge Xiaoyan, the Deputy Prosecutor-General of the SPP, highlights a 64% year-on-year increase in charges related to cybercrime-related telecom fraud, while charges linked to internet theft have risen nearly 23%, and those related to online counterfeiting and sales of inferior goods have surged by almost 86%. Procuratorates have pressed charges against 280,000 individuals involved in cybercrime cases between January and November, reflecting a 36% year-on-year increase and constituting 19% of all criminal offenses.

The People’s Bank of China (PBoC) acknowledges the importance of regulating cryptocurrency and decentralized finance in its latest financial stability report. The PBoC emphasizes the necessity of international cooperation in regulating the industry.

Despite the ban on most crypto transactions and cryptocurrency mining, mainland China remains a significant hub for crypto-mining activities.