Threat Landscape Update: North Korean IT Workers, OSINT, and Remote Monitoring and Management Abuse

In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by security researchers Caitlin Hopkins, Diana Duvieilh, and Anna Seitz to discuss the latest trends in cybersecurity threats.  

The team explores OSINT observations around Remote Monitoring and Management (RMM) tools like Screen Connect by nation-state actors and reveals how they are used to deploy malware like AsyncRAT, ransomware, and execute phishing scams. They also uncover alarming tactics, such as North Korean IT workers posing as legitimate coders to infiltrate organizations, who steal cryptocurrency and use it to fund their regime. Since 2017 they have contributed to the theft of more than $3 billion. 

In this episode you’ll learn:      

• The role of tech support scam websites in tricking victims into allowing remote access 
• How cybercriminal and nation-state actors are increasingly exploiting remote monitoring 
• Why the financial services sector is a major target for cyberattacks 

Some questions we ask:     

• What is Screen Connect, and why is it attractive to threat actors? 
• How long have RMM tools been used in C2 frameworks? 
• Why are remote management tools being used in command-and-control systems? 

Resources:  

View Caitlin Hopkins on LinkedIn  

View Diana Duvieilh on LinkedIn  

View Anna Seitz on LinkedIn  

View Sherrod DeGrippo on LinkedIn  

Related Microsoft Podcasts:                   

• Afternoon Cyber Tea with Ann Johnson 
• The BlueHat Podcast 
• Uncovering Hidden Risks     

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

Get the latest threat intelligence insights and guidance at Microsoft Security Insider 

The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.