The US Department of Justice has charged North Korean hacker Rim Jong Hyok for his alleged role in a series of ransomware attacks on US hospitals and other organizations. Hyok, believed to be a member of the North Korean government-backed hacking group Andariel, is accused of using ransomware to extort money from victims and fund North Korea’s illicit activities. The indictment alleges that Hyok and his co-conspirators targeted hospitals with ransomware attacks, knowing that these institutions would be particularly vulnerable and likely to pay ransoms to restore access to critical systems and patient data. The attacks disrupted healthcare services and put patients’ lives at risk.

In addition to ransomware attacks, Hyok is accused of participating in a broader cyberespionage campaign aimed at stealing sensitive information from US government agencies, defense contractors, and other organizations. This campaign is believed to have been motivated by North Korea’s desire to advance its military capabilities and support its nuclear weapons program.

This indictment highlights the growing threat posed by North Korean hackers, who have become increasingly sophisticated and brazen in their attacks. It also underscores the importance of strong cybersecurity defenses, particularly for critical infrastructure organizations like hospitals. The US government is offering a $10 million reward for information leading to Hyok’s arrest and conviction.

Multiple critical remote code execution (RCE) vulnerabilities have been identified in ServiceNow, a widely used IT service management platform. These vulnerabilities are being actively exploited by threat actors to steal sensitive information, including login credentials, from compromised organizations. The attacks involve chaining together multiple ServiceNow flaws using publicly available exploits.

The attackers are targeting a range of organizations, including government agencies, data centers, energy providers, and software development firms. The attackers exploit these vulnerabilities to gain unauthorized access to ServiceNow instances, allowing them to steal sensitive data, install backdoors, and potentially disrupt critical IT services.

The widespread use of ServiceNow and the criticality of the services it provides make these vulnerabilities particularly concerning. Organizations using ServiceNow are strongly advised to apply the necessary security patches and implement strong access controls to mitigate their risk.

French authorities have launched a major operation to combat a large-scale cyber espionage campaign believed to be targeting the upcoming Paris Olympics. The campaign, which involves the use of the PlugX malware, has infected thousands of computers in France, including those belonging to government agencies, critical infrastructure operators, and businesses. The attackers are using PlugX to steal sensitive information, conduct surveillance, and potentially disrupt operations during the Olympics.

In response to the campaign, French authorities have taken steps to dismantle the PlugX botnet and clean infected computers. They have also issued warnings to potential targets and are working with international partners to track down the perpetrators. This incident highlights the growing threat of cyberattacks targeting major international events like the Olympics.

As these events attract global attention and involve significant logistical and technological infrastructure, they present attractive targets for cybercriminals and nation-state actors seeking to steal data, disrupt operations, or spread propaganda. The French authorities’ proactive efforts in combating this campaign demonstrate the importance of robust cybersecurity measures and international collaboration in mitigating such threats.