Threat Landscape Update: North Korean IT Workers, OSINT, and Remote Monitoring and Management Abuse

In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by security researchers Caitlin Hopkins, Diana Duvieilh, and Anna Seitz to discuss the latest trends in cybersecurity threats.   The team explores OSINT observations around Remote Monitoring and Management (RMM) tools like Screen Connect by nation-state actors and reveals how they are used to deploy malware like AsyncRAT, ransomware, and execute phishing scams. They also uncover alarming tactics, such as North Korean IT workers posing as legitimate coders to infiltrate organizations, who steal cryptocurrency and use it to fund their regime. Since 2017 they have contributed to the theft of more than $3 billion.  In this episode you’ll learn:       The role of tech support scam websites in tricking victims into allowing remote access  How cybercriminal and nation-state actors are increasingly exploiting remote monitoring  Why the financial services sector is a major target for cyberattacks    Some questions we ask:         What is Screen Connect, and why is it attractive to threat actors?  How long have RMM tools been used in C2 frameworks?  Why are remote management tools being used in command-and-control systems?    Resources:   View Caitlin Hopkins on LinkedIn   View Diana Duvieilh on LinkedIn   View Anna Seitz on LinkedIn   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider      The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.