US conducts sweeping crackdown on Southeast Asian cyberscam operations as part of what officials say is a “new theater of war”.

The post US Launches Sweeping Crackdown on Southeast Asia Cyberscams and Sanctions Cambodian Senator appeared first on SecurityWeek.

The sprawling cybercrime operation abuses major providers to prevent takedowns and distance itself from sanctions.

The post Triad Nexus Evades Sanctions to Fuel Cybercrime appeared first on SecurityWeek.

Law enforcement in the US, UK and Canada identified more than $45 million in cryptocurrency and froze $12 million.

The post International Operation Targets Multimillion-Dollar Crypto Theft Schemes appeared first on SecurityWeek.

The document provides a behavior-based model of the tactics and techniques employed by fraudsters.

The post MITRE Releases Fight Fraud Framework appeared first on SecurityWeek.

PUBLIC DEFENDER By Brian Livingston Most of the “smart” devices in your home or office are constantly uploading personal information about you to data brokers who sell your profile to all comers — but there are ways to prevent this leakage of your life to people who clearly don’t have your best interests at heart. […]

A Ukrainian national who ran multiple operations to aid the North Korean government’s expansive scheme to  hire remote IT workers at U.S. companies was sentenced to five years in prison, the Justice Department said Thursday.

Oleksandr Didenko stole U.S. citizens’ identities and created more than 2,500 fraudulent accounts on freelance IT job forums, money service transmitters, email services, and social media platforms to sell the proxy identities to North Korean workers. The 29-year-old pleaded guilty to multiple crimes related to the six-year scheme in November 2025.

Didenko ran a site, upworksell.com, to sell the stolen identities and paid co-conspirators to receive and host laptop farms in Virginia, Tennessee and California, according to court records. He managed up to 871 identities through the laptop farms and helped North Korean technical workers gain employment at 40 U.S. companies. 

Didenko funneled money from Americans and U.S. businesses into the coffers of North Korea’s hostile regime, Jeanine Pirro, U.S. attorney for the District of Columbia, said in a statement. 

“Today, North Korea is not only a threat to the homeland from afar, it is an enemy within. By using stolen and fraudulent identities, North Korean actors are infiltrating American companies, stealing information, licensing, and data that is harmful to any business,” she added. 

Officials said Didenko’s North Korean clients were paid hundreds of thousands of dollars for their work, much of which was falsely reported in the names of U.S. citizens whose identities were stolen.

“Money paid to these so-called employees goes directly to munitions programs in North Korea,” Pirro said. “This is not just a financial crime; it is a crime against national security.” 

In late 2023, following a request from one of his customers, Didenko sent a computer to a laptop farm run by Christina Chapman in Arizona, officials said. Chapman was arrested in May 2024 and sentenced to 102 months in prison for participating in the scheme.

Didenko’s site was seized following Chapman’s arrest. He was arrested by Polish police in late 2024, and later extradited to the United States. 

Didenko pleaded guilty to wire fraud conspiracy and aggravated identity theft, and agreed to forfeit more than $1.4 million as part of his sentencing. He was also ordered to pay almost $47,000 in restitution.

U.S. law enforcement has racked up some wins by seizing stolen cryptocurrency and targeting U.S.-based facilitators who provide forged or stolen identities for North Korean operatives. 

Yet, the regime’s scheme runs deep. North Korean nationals have infiltrated many top global companies, and researchers continue to uncover evidence of new tactics and techniques operatives have used to evade detection.

You can read the full indictment below.

The post Ukrainian sentenced to 5 years in prison for facilitating North Korean remote worker scheme appeared first on CyberScoop.

In today’s digital landscape, protecting your identity from real-time threats is more critical than ever. As a cybersecurity expert, I’ve seen an evolving spectrum of threats that go far beyond traditional identity theft. From classic dark web doxing to the advent of fullz—full identity kits sold for a few dollars—threat actors are leveraging these methods for a new breed of real-time scams, amplified by cutting-edge technology.

Recently, a project by Anh Phu Nguyen  and Caine Ardayfio demonstrated the capability to integrate facial recognition technology with Meta’s smart glasses, allowing instant identification of strangers. This development marks a significant leap from the traditional static forms of identity theft into real-time exploitation, where personal information is weaponized in the moment.

Classic Doxing and Fullz on the Dark Web

For decades, doxing and the sale of fullz (complete identity kits) have been staple methods of cybercriminals on the dark web. Doxing involves collecting and publicizing personal information such as home addresses, phone numbers, and social media profiles, often with the intent to embarrass, harass, or intimidate. OSINT tools (Open-Source Intelligence) allow attackers to scrape social media profiles, public databases, and breached datasets to compile detailed profiles on their victims. Once exposed, this data is used for targeted harassment or extortion.

Meanwhile, fullz provide a more comprehensive set of personal details, typically including social security numbers, financial data, and other sensitive information that can be exploited for identity theft. The sale of fullz on dark web marketplaces has enabled identity theft and financial fraud on a massive scale. For a relatively small fee, threat actors can purchase a victim’s entire identity, making it easy to perform account takeovers, create fake profiles, or apply for credit in the victim’s name.

In the past, these methods were effective but static. Attackers could steal and use personal data long after it was exposed. Today, however, advancements in technology have transformed these identity theft techniques into dynamic, real-time threats.

Real-Time Identity Exploitation: The New Era of Scams

The rise of facial recognition technology combined with wearable devices, like Meta’s smart glasses, introduces a new dimension to identity theft. By pairing this real-time data collection with pre-existing fullz or other doxing techniques, threat actors can instantly exploit an individual’s identity on the fly.

In this I-XRAY demonstration, Meta’s smart glasses were modified to scan faces in public, instantly cross-referencing them with public social media data and possibly with compromised identity information. Imagine walking down the street, unaware that someone can identify you, access your data, and target you with personalized scams—all in real time. This shift turns identity theft into a real-time, hyper-targeted activity.

Here’s how this modern version of doxing and scamming might unfold:

• Real-time recognition: A malicious actor equipped with facial recognition on smart glasses could walk through crowded public spaces and instantly identify individuals based on a match with their leaked photos from social media or other sources. This is no longer hypothetical; the proof-of-concept has already been demonstrated.

• Instant exploitation: Once an individual is identified, scammers could access their leaked fullz from the dark web, providing them with a detailed set of personal information. They could then approach the target in real-time, pretending to know them, creating a social engineering scenario where the victim believes the scammer is a legitimate acquaintance or authority figure.

• On-the-spot phishing: Imagine being approached by someone who knows your full name, email, address, and the last few digits of your social security number. When they ask you to verify some information the victim could easily fall into the trap of handing over even more sensitive information—like bank account details—without realizing they’ve been scammed until it’s too late.

The Role of AI in Amplifying Real-Time Threats

AI plays an integral role in the future of identity scams. It allows for the rapid analysis and deployment of identity data, enabling new, sophisticated scams that were previously unimaginable. Here are several ways AI can enhance these real-time threats:

• AI-Powered Deepfakes: Threat actors can combine AI-generated deepfakes with real-time data to impersonate individuals in both video and audio formats. By using AI to craft believable but fake messages or phone calls, scammers can extort or deceive people more convincingly than ever before.
• Automated Identity Theft at Scale: AI tools can automate the collection and correlation of personal data across multiple sources—social media, leaked data, and public records—faster than any human could. This allows threat actors to assemble profiles on victims quickly, accelerating identity fraud.
• Behavioral Analysis and Predictive Attacks: AI can analyze online behaviors to predict the types of scams most likely to succeed on a given target. For example, someone frequently searching for job opportunities could be targeted with a fake job offer, exploiting the victim’s immediate needs.

Insights from Experts: Combating Modern Threats

As highlighted previously, cybersecurity in the age of AI and real-time technologies requires an updated approach. The reliance on static data protection strategies, such as password managers or even two-factor authentication, is no longer sufficient. We need to implement dynamic identity monitoring, where AI-driven systems track unusual behavior related to your digital presence in real-time.

How Constella is Protecting Your Identity

At Constella, we are dedicated to staying ahead of evolving threats by leveraging cutting-edge AI technologies and continuous monitoring to provide comprehensive identity protection. Our unique approach not only covers traditional dark web monitoring but also focuses on a broader range of sources across the surface web, ensuring a proactive stance against emerging scams and data leaks. Here’s how we’re tackling the future of identity theft:

1. Real-Time Identity Alerts: Our system is designed to provide real-time alerts when personal information is exposed across both the surface web, data brokers, and the dark web. Unlike traditional solutions that focus solely on the dark web, Constella offers a multi-source approach. This comprehensive coverage allows us to detect threats before they escalate, offering early warnings on a broader scale than any single-source monitoring service.

• Advanced Dark Web Monitoring: We continuously scan the dark web to detect any exposure of your personal information, whether it has been compromised by infostealers or exposed through data breaches. Our unique approach involves not just scraping the dark web but correlating this data with surface web activities, giving you a more holistic view of your identity exposure. This enables a faster response to potential threats before they result in fraud or exploitation.

• AI-Driven ScamGPT: Leveraging our proprietary AI technology, ScamGPT simulates potential scams that you may be targeted by using your own exposed personal information. This proactive approach allows us to train you before threat actors attempt a real attack, helping you recognize and avoid personalized phishing schemes, social engineering attempts, and other forms of exploitation. By generating potential scam scenarios based on your specific data profile, we ensure you are better prepared for what’s coming, long before the attackers strike.

• Surface of Attack Mapping: Constella’s unique AI technology creates a detailed view of your real surface of attack, analyzing how your compromised information could be used against you. Using algorithms developed in collaboration with law enforcement agencies (LEAs), we connect the dots in the same way threat actors do, identifying all possible avenues they could exploit to target you. This approach allows you to see your vulnerabilities from the perspective of an attacker, enabling you to take targeted actions to secure those areas before they become active threats.

By integrating these advanced tools and methodologies, Constella provides a comprehensive identity protection solution designed to stay one step ahead of modern identity theft techniques. Our AI-driven insights ensure that you are equipped to defend against both current and future threats, safeguarding your personal information in an ever-changing cyber landscape.

Increase in Cryptocurrency Leaks After Trump Supports Bitcoin

Recently, Constella Intelligence has observed an increase in attacks and data breaches resulting in cryptocurrency leaks. This surge could be partly attributed to comments made by former President Donald Trump in support of Bitcoin, which may have heightened hackers’ interest in these sites.

Former President Donald Trump has recently positioned himself as a pro-crypto presidential candidate. During his keynote speech at the Bitcoin 2024 conference in Nashville, Tennessee, held from July 25-27, 2024, Trump emphasized the transformative potential of cryptocurrencies. He pledged to make the United States a leader in Bitcoin mining and digital asset management.

These comments could have caused crypto-related sites to increase in value, making them more attractive targets for cybercriminals. As Bitcoin prices surge, the incentive for attacks on these platforms grows, highlighting the need for robust security measures.

Crypto Leaks Overview

In the first half of 2024, over 250 possible breaches or leaks related to cryptocurrencies, NFTs, and Bitcoin have been reported. These potential breaches could have affected users of various cryptocurrency platforms, including Bitcointalk, Crypto.com, Binance, eToro, and others.

Below are examples of how threat actors are offering information about these crypto-related sites on the Dark Web

Zuelacoin Data Leak:

This information was published on March 31, 2024. According to the threat actor the data includes:

• Emails
• Names
• Social media profiles (Twitter, Facebook, Telegram)

Binance Cryptocurrency Leak:

The post was made on May 27, 2024. The exposed information includes:

• Emails
• Full names
• Phones
• Countries

Mobile Apps like CashCoin, Coinbase, and KuCoin:

The threat actor “whix” published this on March 26, 2024. The exposed information includes:

• Emails
• Usernames
• Passwords
• Countries
• IP Addresses
• Payment methods

eToro Cryptocurrency Leak:

The same threat actor also reported this on March 25, 202, where the following information could be found:

• Full names
• Emails
• Countries
• IP Addresses
• Amounts
• Payment methods

Bitcointalk Cryptocurrency Leak:

According to the threat actor on March 25, 2024, a database exposing the following information was published:

• Emails
• Usernames
• Ethereum Addresses

These platforms are integral to the crypto ecosystem, providing services such as trading, wallet management, and social interaction for crypto enthusiasts.

Extent of Infostealer Exposures

Constella Intelligence has checked if the information published could have been produced as the effect of infostealer infections. This check resulted in nearly 4 million users of these cryptocurrency companies being exposed to infostealer data. Most exposures have impacted major cryptocurrency exchange platforms:

1. Binance: More than 2M users exposed.
2. EToro: More than 500k users exposed.
3. Crypto.com: More than 300k users exposed.
4. Localbitcoins: More than 200k users exposed.

Digging into the infostealer exposures, Constella Intelligence also identified what seems to be infostealer infections of potential employees of some of those companies, including Binance.com, eToro.com, Crypto.com, and Localbitcoins.com, among others.

Implications of Crypto-Related Breaches

The exposure of such extensive and sensitive information has significant and far-reaching implications as it endangers the financial security and privacy of millions of users. The compromised data can be exploited for various malicious activities:

1. Identity Theft: Personal information such as full names, addresses, and birthdays can be used to steal identities.
2. Financial Fraud: Payment methods and transaction histories can be exploited to conduct unauthorized transactions.
3. Phishing Attacks: Email addresses and social media profiles can be used to create convincing phishing scams.

Recommendations for Users

To mitigate the risks associated with the recent breaches, users should adopt the following security practices:

1. Use Strong, Unique Passwords: Ensure that each cryptocurrency account has a strong, unique password. Consider using a password manager to generate and store complex passwords securely.
2. Enable Two-Factor Authentication (2FA): Adding an extra layer of security through 2FA can significantly reduce the risk of unauthorized access to accounts.
3. Monitor Crypto Transactions Regularly: Keep a close watch on your cryptocurrency transactions and wallet activity to detect any unauthorized activities. Early detection can help prevent significant financial losses.
4. Be Wary of Phishing Attempts: Be cautious with emails and messages requesting personal information or directing you to log in to your accounts. Verify the authenticity of such requests through official channels.
5. Update Security Settings on Crypto Platforms: Regularly review and update your security settings on cryptocurrency exchanges and wallets. Ensure that all recovery options are up-to-date and secure.