October 8, 2025 • 8 mins
North Korean Hackers Target Crypto Wealth, LinkedIn Fights Data Scraping, and AI Tools Leak Corporate Data
In this episode of Cybersecurity Today, host Jim Love covers the latest cybersecurity headlines including North Korean hackers targeting wealthy crypto investors, LinkedIn suing a firm for creating fake accounts to scrape user data, a massive ransomware campaign by the CIOp gang targeting Oracle’s E-Business Suite, and new research highlighting AI tools as the top channel for corporate data leaks. Listen in for insights and key takeaways to protect your digital assets and corporate data.
00:00 North Korean Hackers Target Wealthy Crypto Holders
02:09 LinkedIn Sues Over 1 Million Fake Accounts
03:46 Ransomware Attack on Oracle's E-Business Suite
05:42 AI Tools: The New Channel for Corporate Data Leaks
07:53 Conclusion and Contact Information
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:02):
North Korean hackers shift tacticstargeting wealthy crypto holders.
LinkedIn sues a Singapore firmfor creating 1 million fake
accounts to scrape user data.
The CIOp ransomware gang demandsup to 50 million per victim in
a coordinated Oracle breach.
And new research says AI toolshave become the number one
(00:23):
channel for corporate data leaks.
This is cybersecurity today,and I'm your host, Jim Love.
North Korean hackers have found anew way to fund their regime by going
after wealthy individual investors.
Blockchain analysis firm ellipticreports that hackers tied to
Pyongyang have stolen more than 2billion US dollars so far this year.
(00:48):
That's roughly 13% of the country'sGDP Western security agencies say.
Much of that money helps pay for NorthKorea's nuclear and missile programs.
Groups such as Lazarus Groupare now focusing on crypto rich
individuals who lack the layereddefenses of the big exchanges.
(01:09):
They use spearfishing fake investment appsand malware infected trading platforms
to drain personal wallets, attacks thatare hard to trace and rarely disclosed.
At the same time, investigators say NorthKorean operatives are still posing as
remote software deveCIOpers to infiltratelegitimate tech firms and move stolen
(01:33):
crypto through corporate channels.
A scheme that's helped themevade sanctions for years.
Elliptics chief scientist TomRobinson, warns that many of these
thefts are under-reported, so thereal totals could be even higher.
The message is clear.
If you hold digital wealth, you'renow part of the threat landscape.
(01:54):
Protect it with hardware, wallets, coldstorage, and multifactor authentication,
And if you're a company, continueto exercise vigilance in the
use of any remote workers.
LinkedIn is taking a new approachin its fight against data scraping.
This time it's targeting fake accounts.
(02:17):
The company has filed a lawsuit inCalifornia against a Singapore based firm
called Pro API, accusing it of creatingmore than 1 million fake profiles to
collect personal and professional data.
From real users, but proAPI isn't acting alone.
LinkedIn is also naming a Pakistanbased technical enabler called Nets
(02:40):
swt, as co-defendants alleging they helpbuild and operate the scraping network.
The suit claims the group usedautomation and fake identities to
mimic human behavior, bypassingLinkedIn security systems to harvest
massive amounts of user data.
(03:01):
The move marks a shift for LinkedIn.
After losing an earlier court battlewith High Q Labs over scraping
public data, it's now focusing onthe use of fraudulent accounts.
An area where it feels thecourts might be more sympathetic.
LinkedIn says that the operationundermines trust and open users to
(03:21):
scams, spam, and possible identity theft,
But despite the lawsuit, ProAPI'swebsite still advertises its data
access services as live and available.
It's a reminder that the scrapingindustry isn't slowing down and the
legal system may not be catching up.
(03:46):
A coordinated ransomware campaigntargeting Oracle's E-Business
Suite is hitting some of theworld's biggest companies, and
the ransom demands are staggering.
The attackers linked to the CIOpransomware gang have reportedly
infiltrated multiple organizationsrunning the on-premise version
(04:06):
of Oracle's Enterprise Software.
Executives began receiving ransomdemands on September 29th with some
reaching as high as $50 million us.
That's per victim accordingto cybersecurity firm Halcyon,
which is helping to investigate.
Investigators believe the hackersabused, compromised corporate email
(04:30):
accounts and exploited the passwordreset process to gain valid credentials
for Oracle's e-Business Suite portals.
That's simple, but effective tacticmay explain how so many installations
were compromised so quickly.
But it also raises some questionsabout whether a shared vulnerability
(04:51):
exists that connects these cases.
Oracle says its cloud infrastructurewasn't affected since the e-business
suite runs on customer managed services.
Still the scope and size ofthese ransom demands make this
one of the most significantextortion campaigns of the year.
(05:11):
CSA has urged organizations to step upbasic security hygiene, take inventory
of all assets and data, distinguishbetween authorized and unauthorized
traffic monitor network ports, installsoftware updates promptly, and grant
system administrator privilegesonly when absolutely necessary
(05:33):
because as this campaign shows.
When credentials fail, the falloutcan reach the tens of millions.
Finally, new research says thatthe biggest leak in most companies
isn't email or file sharing anymore.
It's AI tools.
A study by LayerX, reported by theHacker News finds that generative AI
(05:58):
apps have become the number one channelfor corporate data exfiltration.
And it isn't sophisticatedmalware doing the damage.
It's ordinary use.
45% of employees are using Gen ai, mostlychat GPT, and two thirds of that activity
happens on unmanaged personal accountswhere security teams have zero visibility.
(06:24):
The leak paths includeboth files and text.
77% of employees paste informationinto AI prompts directly, often copying
from documents or emails, text-basedentries, uploads, and even paraphrased
content, expose regulated data.
(06:44):
In fact, the report found thatabout 40% of those uploads contain
personally identifiable informationor PII or payment card information.
PCI data that's legallyprotected in most jurisdictions.
And There's another blind spot.
Authentication.
(07:04):
The vast majority of AI users are usinglogins that aren't federated, meaning
employees are using personal credentialsthat corporate IT can't monitor.
If those AI and business accountswere federated tied to the company's
identity system, security teamscould at least see what's being
accessed and flag risky behaviorbefore data left the organization.
(07:30):
and that's why experts warnagainst becoming Doctor.
No, when it comes to AI If employeesdon't get safe approved ways to use
these tools, they'll just find theirown, and that's often the greater risk
because the reality is the data isn'tleaving through attachments or malware.
(07:53):
It's being walked outthrough the keyboard,
and that's our show for today.
You can reach me with tips, comments, oreven constructive criticism if you like,
you can reach me@technewsday.com or.ca.
Use the contact us form.
If you're watching this on YouTube,just drop me a note under the video.
(08:14):
I read them all.
I'm your host, Jim Love.
Thanks for listening.
North Korean hackers shift tacticstargeting wealthy crypto holders.
LinkedIn sues a Singapore firmfor creating 1 million fake
accounts to scrape user data.
The CIOp ransomware gang demandsup to 50 million per victim in
a coordinated Oracle breach.
And new research says AI toolshave become the number one
(00:23):
channel for corporate data leaks.
This is cybersecurity today,and I'm your host, Jim Love.
North Korean hackers have found anew way to fund their regime by going
after wealthy individual investors.
Blockchain analysis firm ellipticreports that hackers tied to
Pyongyang have stolen more than 2billion US dollars so far this year.
(00:48):
That's roughly 13% of the country'sGDP Western security agencies say.
Much of that money helps pay for NorthKorea's nuclear and missile programs.
Groups such as Lazarus Groupare now focusing on crypto rich
individuals who lack the layereddefenses of the big exchanges.
(01:09):
They use spearfishing fake investment appsand malware infected trading platforms
to drain personal wallets, attacks thatare hard to trace and rarely disclosed.
At the same time, investigators say NorthKorean operatives are still posing as
remote software deveCIOpers to infiltratelegitimate tech firms and move stolen
(01:33):
crypto through corporate channels.
A scheme that's helped themevade sanctions for years.
Elliptics chief scientist TomRobinson, warns that many of these
thefts are under-reported, so thereal totals could be even higher.
The message is clear.
If you hold digital wealth, you'renow part of the threat landscape.
(01:54):
Protect it with hardware, wallets, coldstorage, and multifactor authentication,
And if you're a company, continueto exercise vigilance in the
use of any remote workers.
LinkedIn is taking a new approachin its fight against data scraping.
This time it's targeting fake accounts.
(02:17):
The company has filed a lawsuit inCalifornia against a Singapore based firm
called Pro API, accusing it of creatingmore than 1 million fake profiles to
collect personal and professional data.
From real users, but proAPI isn't acting alone.
LinkedIn is also naming a Pakistanbased technical enabler called Nets
(02:40):
swt, as co-defendants alleging they helpbuild and operate the scraping network.
The suit claims the group usedautomation and fake identities to
mimic human behavior, bypassingLinkedIn security systems to harvest
massive amounts of user data.
(03:01):
The move marks a shift for LinkedIn.
After losing an earlier court battlewith High Q Labs over scraping
public data, it's now focusing onthe use of fraudulent accounts.
An area where it feels thecourts might be more sympathetic.
LinkedIn says that the operationundermines trust and open users to
(03:21):
scams, spam, and possible identity theft,
But despite the lawsuit, ProAPI'swebsite still advertises its data
access services as live and available.
It's a reminder that the scrapingindustry isn't slowing down and the
legal system may not be catching up.
(03:46):
A coordinated ransomware campaigntargeting Oracle's E-Business
Suite is hitting some of theworld's biggest companies, and
the ransom demands are staggering.
The attackers linked to the CIOpransomware gang have reportedly
infiltrated multiple organizationsrunning the on-premise version
(04:06):
of Oracle's Enterprise Software.
Executives began receiving ransomdemands on September 29th with some
reaching as high as $50 million us.
That's per victim accordingto cybersecurity firm Halcyon,
which is helping to investigate.
Investigators believe the hackersabused, compromised corporate email
(04:30):
accounts and exploited the passwordreset process to gain valid credentials
for Oracle's e-Business Suite portals.
That's simple, but effective tacticmay explain how so many installations
were compromised so quickly.
But it also raises some questionsabout whether a shared vulnerability
(04:51):
exists that connects these cases.
Oracle says its cloud infrastructurewasn't affected since the e-business
suite runs on customer managed services.
Still the scope and size ofthese ransom demands make this
one of the most significantextortion campaigns of the year.
(05:11):
CSA has urged organizations to step upbasic security hygiene, take inventory
of all assets and data, distinguishbetween authorized and unauthorized
traffic monitor network ports, installsoftware updates promptly, and grant
system administrator privilegesonly when absolutely necessary
(05:33):
because as this campaign shows.
When credentials fail, the falloutcan reach the tens of millions.
Finally, new research says thatthe biggest leak in most companies
isn't email or file sharing anymore.
It's AI tools.
A study by LayerX, reported by theHacker News finds that generative AI
(05:58):
apps have become the number one channelfor corporate data exfiltration.
And it isn't sophisticatedmalware doing the damage.
It's ordinary use.
45% of employees are using Gen ai, mostlychat GPT, and two thirds of that activity
happens on unmanaged personal accountswhere security teams have zero visibility.
(06:24):
The leak paths includeboth files and text.
77% of employees paste informationinto AI prompts directly, often copying
from documents or emails, text-basedentries, uploads, and even paraphrased
content, expose regulated data.
(06:44):
In fact, the report found thatabout 40% of those uploads contain
personally identifiable informationor PII or payment card information.
PCI data that's legallyprotected in most jurisdictions.
And There's another blind spot.
Authentication.
(07:04):
The vast majority of AI users are usinglogins that aren't federated, meaning
employees are using personal credentialsthat corporate IT can't monitor.
If those AI and business accountswere federated tied to the company's
identity system, security teamscould at least see what's being
accessed and flag risky behaviorbefore data left the organization.
(07:30):
and that's why experts warnagainst becoming Doctor.
No, when it comes to AI If employeesdon't get safe approved ways to use
these tools, they'll just find theirown, and that's often the greater risk
because the reality is the data isn'tleaving through attachments or malware.
(07:53):
It's being walked outthrough the keyboard,
and that's our show for today.
You can reach me with tips, comments, oreven constructive criticism if you like,
you can reach me@technewsday.com or.ca.
Use the contact us form.
If you're watching this on YouTube,just drop me a note under the video.
(08:14):
I read them all.
I'm your host, Jim Love.
Thanks for listening.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
The Breakfast Club
The World's Most Dangerous Morning Show, The Breakfast Club, With DJ Envy, Jess Hilarious, And Charlamagne Tha God!