Threat Briefing: January 17, 2025

At the start of the year, the U.S. government took steps to disrupt the operations of cyber threat actors.

Several Russian nationals were indicted for running a cryptocurrency laundering service used by cybercriminals, while entities in North Korea, China, and Laos were sanctioned for their role in North Korea’s IT worker scheme. These actions help combat malicious cyber activity at a strategic level, complementing the efforts of cybersecurity teams that rely on indicators of compromise and security tools to detect and respond to threats.

• U.S. Government Indicts Three Russian Nationals for Operating Cryptocurrency Laundering Service Used by Ransomware Actors – Two Russian individuals were arrested in December 2024, following the disruption of part of their infrastructure in 2023. They operated two cryptocurrency mixers used by cybercriminals and nation-state actors, both of which were sanctioned by the U.S. government for supporting North Korean cyber operations. U.S. Department of Justice
• United Kingdom Government Proposes Ban on Ransomware Payments by Critical Infrastructure and Public Sector Organizations – In the U.K., new regulations propose banning public sector organizations, including schools, from making ransomware payments. Critical infrastructure organizations could face criminal charges for paying ransoms, while other businesses would be required to report ransomware incidents to the government. TechCrunch
• Malicious Links for Pirated Software Tricks Victims into Downloading Information Stealing Malware – A recent cyber campaign has spread various information stealers—including Lumma Stealer, Amadey, and Vidar—via links in YouTube comments and pirated software search results. The malware-laden files use large file sizes to evade sandbox detection and enhance defensive evasion tactics. TrendMicro
• U.S. Government Announces New Export Controls for Computer Chips Utilized for Artificial Intelligence (AI) and Large Language Models (LLM) – The U.S. imposed new export controls on advanced graphics processing units used for AI training. While certain countries face no new restrictions, around 120 nations will have limits on chip imports, and China, Russia, and Iran are completely banned from acquiring the technology. CNBC
• Companies Supporting North Korean IT-Worker Scheme Sanctioned by U.S. Government – The U.S. government sanctioned two North Korean individuals, along with companies in Laos and China that facilitated North Korea’s IT operations. One firm employed North Korean IT workers, while another supplied computers and networking equipment to the North Korean government. A department within North Korea’s military, linked to front companies dealing in IT equipment, was also sanctioned. The Record