FBI has warned about a sophisticated vishing and smishing campaign using AI-generated voice memos to impersonate senior US…

FBI has warned about a sophisticated vishing and smishing campaign using AI-generated voice memos to impersonate senior US officials and target their contacts.

The Federal Bureau of Investigation (FBI) has issued a warning regarding a growing threat where malicious individuals are using artificial intelligence (AI) to mimic the voices of high-ranking United States officials. These AI-generated voice memos, combined with deceptive text messages, are being used in attempts to target current/former government officials, and individuals in their contact lists.

According to the FBI’s announcement, since April 2025, these “malicious actors” have employed techniques known as “smishing” (using SMS or text messages) and “vishing” (using voice messages) to create memos that appear as if they originate from senior US officials. The goal is to build trust and establish a connection with the targeted individuals. The FBI explicitly stated, “If you receive a message claiming to be from a senior US official, do not assume it is authentic.”

****Tactics Used to Gain Access****

According to the FBI, once contact is made, the perpetrators try to access the personal accounts of their targets. One method involves sending malicious links within these messages, which when victims click, will move the conversation to a different, supposedly more secure messaging platform. However, in reality, these links likely lead to malicious websites designed to steal login credentials or install malware.

The FBI warns of a potential cascading effect where one successful compromise could lead to multiple others. These “bad actors” can use compromised accounts to target other US officials or their associates, and the stolen information can be used to craft convincing impersonations or launch further social engineering attacks. The FBI also cautioned that “contact information acquired through social engineering schemes could also be used to impersonate contacts to elicit information or funds.”

****Growing Trend of AI-Powered Deception****

While the FBI did not disclose the specific US officials being impersonated, their announcement indicated that most of the targets are “current or former senior US federal or state government officials and their contacts.” This suggests a widespread campaign targeting individuals with potentially sensitive information or access.

In December 2024, the FBI had concerns about the increasing use of generative AI by criminals to conduct various financial fraud schemes on a larger scale. This technology allows for the creation of realistic text, images, audio, and video, making it easier to deceive unsuspecting victims into sending money or falling prey to other scams. Moreover, experts have noted a significant rise in the use of AI-based voice cloning. According to a report by CrowdStrike, the weaponization of this technology saw a dramatic increase of 442% between the first and second halves of 2024.

Now this latest warning from the FBI highlights the continuous rise in sophisticated AI tools being weaponized for social engineering attacks, posing a significant risk to high-profile individuals and possibly national security. The agency urges vigilance when receiving unsolicited messages, especially those claiming to be from senior officials.

**Max Gannon, Intelligence Manager at Cofense** commented on the latest announcement stating, “While the IC3 alert does say ‘malicious actors typically use software to generate phone numbers that are not attributed to a specific mobile phone or subscriber,’ it is important to note that threat actors can also spoof known phone numbers of trusted organizations or people, adding an extra layer of deception to the attack._“_

“Additionally, phone filtering does not typically detect when the number is being spoofed, giving a false sense of security to users who rely on their phones to tell them when something is a scam call_,”_ Max explained.

FBI Warns of AI Voice Scams Impersonating US Govt Officials

Plus: 12 more people are indicted over a $263 million crypto heist, and a former FBI director is accused of threatening Donald Trump thanks to an Instagram post of seashells.

As analysts and governments around the world continue to call attention to North Korean digital fraud, researchers this week published 1,000 email addresses they claim are linked to North Korean IT worker scams perpetrated against Western companies, along with photos of people allegedly involved in the fraud. Xinbi Guarantee, a marketplace and platform used by Chinese-speaking crypto scammers for money laundering grew into an $8.4 billion hub before a crackdown by Telegram this week. And following a WIRED inquiry, messaging app Telegram banned thousands of accounts used for money laundering in cryptocurrency scams. The takedowns included prominent names like Haowang Guarantee, a black market known for enabling $27 billion in transactions.

The acting director of the Consumer Financial Protection Bureau, Russell Vought, quietly eliminated a plan to more tightly regulate the sale of Americans’ sensitive personal data. CFPB had originally launched the initiative in response to increasingly far reaching and reckless behavior from data brokers. And with the rise of widely available generative AI services—and corresponding fraud—people are increasingly looking for ways to verify and vet their digital interaction online.

Meanwhile, ahead of Google’s Android 16 launch next week, the company announced expanded capabilities for its Android Scam Detection tool that uses local AI analysis to flag potential scam texts in Google Messages. The company also launched a new, extra-secure mode for Android 16, Advanced Protection, that will allow vulnerable or highly targeted users to lock their devices down and utilize advanced scanning features for catching potentially suspicious activity.

But there's more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

**Coinbase Discloses Costly Data Breach Impacting Less Than 1 Percent of Monthly Users**

The cryptocurrency exchange Coinbase said this week that it suffered a data breach in which attackers stole data including customers’ names, physical and email addresses, phone numbers, government IDs like driver’s licenses and passports, last four digits of Social Security numbers, and other financial information. The company said that “criminals targeted our customer support agents overseas. They used cash offers to convince a small group of insiders to copy data in our customer support tools for less than 1 percent of Coinbase monthly transacting users.” The company said the attackers’ goal was to collect customer data to then contact those Coinbase users, impersonate Coinbase, and trick them into giving away their cryptocurrency. The attackers also contacted the company and attempted to extort the company for $20 million. Coinbase currently has about 9.7 million total users. The company said in an Securities and Exchange Commission breach disclosure notification that it expects that it will cost between $180 million and $400 million to remediate the breach and reimburse customers for stolen funds.

**12 More Indicted Over Crypto Heist Worth $263 Million**

A four-count superseding indictment charged 12 additional people this week in an alleged criminal spree including more than $263 million in cryptocurrency theft, money laundering, and even physical break-ins. Several suspects were arrested this week in California in connection with the case. The indictment accuses the defendants of using stolen cryptocurrency for things like $500,000 nights out at clubs, hundreds of thousands of dollars spent on luxury handbags, watches, and clothes, private jet rentals, and “a fleet of at least 28 exotic cars ranging in value from $100,000 to $3.8 million.” The superseding indictment also alleges that some defendants used shell companies to register their “exotic cars” and “shipped bulk cash through US mail to members of the enterprise hidden in squishmallow stuffed animals.”

**James Comey Investigated for Instagram Post of Seashells**

On Thursday, former FBI director James Comey posted and then deleted an Instagram photo of seashells arranged to spell out the numbers “8647” captioned: “Cool shell formation on my beach walk.” Within hours, Republicans fixated on the post, claiming it was a call to violence against Donald Trump, the United States’ 47th president. Now, the Department of Homeland Security and the Secret Service are investigating.

If you’ve ever worked in a restaurant, you’ve probably heard someone in the kitchen shout that an item is “86’d”—a colloquialism meaning the kitchen is out of a particular menu item, like a cheeseburger. While most people don’t interpret that as a threat of violence against the cheeseburger, that’s apparently not how the president and his allies understood Comey’s post.

On Thursday, Department of Homeland Security secretary Kristi Noem wrote on X that both the DHS and Secret Service were investigating. “Disgraced former FBI Director James Comey just called for the assassination of @POTUS Trump,” she wrote. Later that night on Fox News, Director of National Intelligence Tulsi Gabbard accused Comey of “issuing a hit” on Trump and argued he should be “put behind bars.”

"That meant assassination, and it says it loud and clear," Trump told Fox News in an interview referring to the post, on Friday. Trump survived two assassination attempts last year.

Comey addressed the backlash in a follow-up post on Instagram, writing: “I didn't realize some folks associate those numbers with violence. It never occurred to me, but I oppose violence of any kind, so I took the post down.”

Comey served as FBI director from 2013 until he was fired by President Trump in 2017 during an ongoing investigation into Russian interference in the 2016 election.

Coinbase Will Reimburse Customers Up to $400 Million After Data Breach

Hackers from the Scattered Spider group, known for UK retail attacks, are now targeting US retailers, Google cybersecurity…

Hackers from the Scattered Spider group, known for UK retail attacks, are now targeting US retailers, Google cybersecurity experts have warned.

The notorious cybercriminal group Scattered Spider is now actively targeting retail companies in the United States, following a string of disruptive attacks against similar businesses in the United Kingdom.

This warning comes directly from cybersecurity experts at Google Threat Intelligence Group (GTIG) and Google subsidiary Mandiant, who highlight the group’s effectiveness at bypassing even strong security measures.

“The US retail sector is currently being targeted in ransomware and extortion operations that we suspect are linked to UNC3944, also known as Scattered Spider,” John Hultquist, Google’s cybersecurity analyst, stated. 

It is worth noting that Scattered Spider (aka UNC3944) is the primary suspect in the recent attacks on UK retain giants Harrods, Co-op, and M&S, but UK’s National Cyber Security Centre (NCSC), Mandiant and Google have not formally attributed them to any specific actor as yet. However, GTIG researchers suggest that the hackers targeting US retailers share similar techniques and procedures as the culprits behind the British incidents.

Researchers noted a _possible_ link between DragonForce ransomware operators and Scattered Spider. The former took responsibility for attempted recent attacks on several UK retailers, using tactics similar to Scattered Spider. Moreover, both were associated with the now\-defunct RaaS platform RansomHub.

However, GTIG could not confirm the link between UNC3944/DragonForce and rising retail data leaks. Still, the increasing presence of retail victims on data leak sites (11% in 2025, up from previous years) suggests that threat actors find this sector attractive due to large PII/financial data holdings and their willingness to pay ransom to maintain transaction processing.

As per Hackread.com’s past reporting, Scattered Spider is a financially motivated threat actor known for using social engineering techniques. They gained notoriety for hacking casino giants MGM Resorts International and Caesars Entertainment in 2023. They initially targeted telecommunications companies for SIM swapping and later started deploying ransomware to extort victims.

They are also known for phishing attempts and MFA bombing, where they bombard targets with multi-factor authentication requests. Typically, UNC3944 goes after established enterprises, specifically organizations with large help desks and outsourced IT departments, as these are more vulnerable to their sophisticated social engineering techniques.

GTIG’s analysis reveals that since early 2023 UNC3944 has targeted a diverse range of sectors, including Technology, Telecommunications, Financial Services, Business Process Outsourcing (BPO), Gaming, Hospitality, Retail, and Media & Entertainment organizations. Geographically, their primary targets have been even more diverse, including the US, Canada, the UK, Australia, Singapore and India.

Image: Google

The Retail & Hospitality ISAC, an information-sharing group that includes major players like Albertsons, Costco, McDonald’s, and Lowe’s, has acknowledged the threat and is working with Google to provide its members with detailed briefings and guidance on how to strengthen their defences against this evolving threat. The warning from Google serves as a clear signal for US retailers to be on high alert and to review their security protocols.

Chad Cragle, CISO at Deepwatch, a San Francisco, Calif.-based AI+Human Cyber Resilience Platform:

_“_Scattered Spider (UNC3944) uses sophisticated social engineering to infiltrate and deploy ransomware. To defend against this group, secure privileged accounts, implement phishing-resistant MFA, and verify every help-desk identity request._“_

_“_Retailers are particularly vulnerable, as they handle large amounts of payment data, manage intricate supply chains, and operate under significant uptime pressure that often encourages ransom payments,_“_ Chad warned. _“_However, organizations with valuable data and critical availability needs are equally at risk._“_

Hackers Now Targeting US Retailers After UK Attacks, Google

Researchers at ETH Zürich have discovered yet another security flaw that they say impacts all modern Intel CPUs and causes them to leak sensitive data from memory, showing that the vulnerability known as Spectre continues to haunt computer systems after more than seven years.
The vulnerability, referred to as Branch Privilege Injection (BPI), "can be exploited to misuse the prediction

Researchers Expose New Intel CPU Flaws Enabling Memory Leaks and Spectre v2 Attacks

Austrian privacy non-profit noyb (none of your business) has sent Meta's Irish headquarters a cease-and-desist letter, threatening the company with a class action lawsuit if it proceeds with its plans to train users' data for training its artificial intelligence (AI) models without an explicit opt-in.
The move comes weeks after the social media behemoth announced its plans to train its AI models

Meta to Train AI on E.U. User Data From May 27 Without Consent; Noyb Threatens Lawsuit

Over the years, many different technologies have transitioned to Cloud-based solutions, including ERP systems and email management platforms.…

Over the years, many different technologies have transitioned to Cloud-based solutions, including ERP systems and email management platforms. Phone systems are no different, leveraging VoIP (Voice over Internet Protocol) technology instead of the traditional copper wires. These Cloud solutions are not just an alternative – they offer several amazing advantages, making them the future of business.

****Cost-effectiveness****

Traditional phone lines often demand significant upfront investment for on-premise hardware, installation, dedicated phone lines, and so on. Cloud phone systems eliminate all of those costs. Instead, acquiring a modern phone line is as simple as creating an account with your chosen provider. The set-up can be done in minutes, with no need for complex installations. Not just that, you can use these systems from any device, be it your mobile phone, computer, tablet or IP desk phone. 

What’s more, a Cloud VoIP can help reduce operational costs thanks to its subscription-based models. Businesses benefit from more affordable call rates, with the plans often including unlimited calls to numerous different destinations. Budgeting for these outgoings is easy since there is a fixed cost each month, which does not vary based on the amount of calls you’ve made.

****Higher flexibility****

Cloud phone systems completely dismantle geographical barriers. Employees can make and receive calls from anywhere in the world, as long as they have a stable internet connection. Such inherent flexibility is crucial in modern work models, including remote teams, hybrid employees, and freelance staff.

This helps ensure consistent and professional communication, regardless of location or time zone. For instance, if a primary office location becomes inaccessible, calls can be intelligently rerouted, ensuring operations continue uninterrupted and productive.

Furthermore, the flexibility in VoIP pricing is a huge advantage when it comes to business scalability. Companies can effortlessly add or remove phone lines and features in response to evolving needs, without having to make any big changes to their infrastructure.

All they have to do is upgrade their plan or purchase another user, which can be done in minutes. Beyond convenience, this future-proofs business operations, ensuring that the phone system can grow together with your company and its needs. 

****Improved productivity and customer satisfaction****

Modern Cloud phone systems offer far more than basic dial-tone services. They come packed full of sophisticated features, all designed to enhance productivity and elevate customer interactions. 

For instance, an intelligent Interactive Voice Response (IVR) system professionally greets callers and routes them swiftly to the appropriate department or individual. Alongside this, robust call management tools, such as call queuing, handle peak periods effectively. Call recording offers fantastic opportunities for quality assurance and staff training, while features like call forwarding and voicemail-to-email ensure no important call is missed.

Detailed analytics and reporting provide crucial insights into call volumes, duration, and peak times, enabling better resource allocation. Smart integrations with other business tools, like CRM platforms, help centralise all data and streamline workflows between departments. The list goes on…

All of these features work together to improve your business communication practices significantly, from the moment the customer picks up their phone to receiving a timely follow-up email afterwards. It truly is a game-changer for improving customer satisfaction rates. 

Combining all of the above benefits, Cloud VoIP systems are no longer some niche alternative to traditional phone lines. It’s a foundational technology that is incredibly beneficial for any modern, agile, competitive, and growth-seeking business.

Why Cloud Phone Systems are The Future of Business Communication

Police in Europe have shut down a fake online trading platform that scammed hundreds of victims out of…

Police in Europe have shut down a fake online trading platform that scammed hundreds of victims out of €3 million in a coordinated global operation involving five countries.

A fake online trading platform that defrauded victims of more than €3 million (around $3,000,000 has been shut down following a coordinated international operation involving five countries.

Authorities from Germany, Cyprus, Albania, the UK, and Israel worked together, supported by Europol and Eurojust, to dismantle the criminal network and arrest a key suspect in Cyprus. They also managed to seize “crucial evidence.”

The scam, which targeted more than 100 known victims and likely many more, lured people in with the promise of quick, high returns through **online investments**. Victims were first convinced to transfer small amounts of money, reassured by fake charts showing fictional profits.

As trust grew, so did the pressure. Fake brokers used psychological tactics to push victims into making larger transfers. None of the money was ever invested, it went straight to the cybercrime group.

****Two-Year Investigation Traces Global Fraud****

According to Europol’s **press release**, the investigation began in Germany after a married couple reported that their savings had been stolen. Investigators traced the account where the funds were sent and quickly identified a broader criminal structure. That first lead sparked a deep international inquiry.

On 6 September 2022, during the first coordinated operation, authorities raided locations in Belgium and Latvia, arrested two individuals, and collected critical evidence. That evidence led to the identification of seven more members of the fraud network, including the operators behind the call centres that manipulated victims into handing over money.

The second wave of action happened on 13 May 2025. Eight searches were carried out across Albania, Cyprus, and Israel. One suspect was arrested in Cyprus and is now expected to be either extradited or surrendered to German authorities. Investigators also recovered electronic devices, documents, and cash, which will support the next phase of the inquiry.

****Global Cooperation****

The fraud operation spanned multiple countries, and its victims are spread across the globe. Eurojust’s **press release** reveals coordinated judicial efforts from its base in The Hague and facilitated international legal support, including extradition processes. Europol provided live operational help, set up a virtual command post for real-time intelligence sharing, and deployed field support in Israel, Albania, and the UK.

The agencies involved included Germany’s cybercrime prosecutors, police in Cyprus and Israel, Albania’s special corruption unit, and the UK’s National Crime Agency.

This operation was part of **EMPACT**, the European Union’s coordinated initiative to fight serious organised crime. Fraud and financial crime are key targets in its current cycle running through 2025.

Authorities continue to investigate and expect more victims to come forward. If you believe you’ve been affected by a similar scam, report it to your local cybercrime unit or fraud authority immediately.

Police Shut Down Fake Trading Platform That Scammed Hundreds

Russell Vought, acting director of the Consumer Financial Protection Bureau, has canceled plans to more tightly regulate the sale of Americans’ sensitive personal data.

The Consumer Financial Protection Bureau (CFPB) has canceled plans to introduce new rules designed to limit the ability of US data brokers to sell sensitive information about Americans, including financial data, credit history, and Social Security numbers.

The CFPB proposed the new rule in early December under former director Rohit Chopra, who said the changes were necessary to combat commercial surveillance practices that “threaten our personal safety and undermine America’s national security.”

The agency quietly withdrew the proposal on Tuesday morning, publishing a notice in the Federal Register declaring the rule no longer “necessary or appropriate.”

The CFPB received more than 600 comments from the public this year concerning the proposal, titled Protecting Americans from Harmful Data Broker Practices. The rule was crafted to ensure that data brokers obtain Americans’ consent before selling or sharing sensitive personal information, including financial data such as income. US credit agencies are already required to abide by such regulations under the Fair Credit Reporting Act, one of the nation’s oldest privacy laws.

In its notice, the CFPB’s acting director, Russell Vought, wrote that he was withdrawing the proposal “in light of updates to Bureau policies,” and that it did not align with the agency’s “current interpretation of the FCRA,” which he added the CFPB is “in the process of revising.”

The CFPB did not immediately respond to a request for comment.

Data brokers operate within a multibillion-dollar industry built on the collection and sale of detailed personal information—often without individuals’ knowledge or consent. These companies create extensive profiles on nearly every American, including highly sensitive data such as precise location history, political affiliations, and religious beliefs. This information is frequently resold for purposes ranging from marketing to law enforcement surveillance.

Many people are unaware that data brokers even exist, let alone that their personal information is being traded. In January, the Texas Attorney General’s Office, led by attorney general Ken Paxton, accused Arity—a data broker owned by Allstate—of unlawfully collecting, using, and selling driving data from over 45 million Americans to insurance companies without their consent.

The harms from data brokers can be severe–even violent. The Safety Net Project, part of the National Network to End Domestic Violence, warns that people-search websites, which compile information from data brokers, can serve as tools for abusers to track down information about their victims.

Last year, Gravy Analytics—which processes billions of location signals daily—suffered a data breach that may have exposed the movements of millions of individuals, including politicians and military personnel.

“Russell Vought is undoing years of painstaking, bipartisan work in order to prop up data brokers’ predatory, and profitable, surveillance of Americans,” says Sean Vitka, executive director of Demand Progress, a nonprofit that supported the rule. Added Vitka: “By withdrawing the CFPB’s data broker rulemaking, the Trump administration is ensuring that Americans will continue to be bombarded by scam texts, calls and emails, and that military members and their families can be targeted by spies and blackmailers.”

Vought, who also serves as director of the White House Office of Management and Budget, received a letter on Monday from the Financial Technology Association (FTA) calling for the rule to be withdrawn, claiming the rules exceed the agency’s statutory mandate and would be “harmful to financial institutions’ efforts to detect and prevent fraud.” The FTA is a US-based trade organization that represents the interests of fintech companies and their executives.

Privacy advocates have long pressed regulators to use the Fair Credit Reporting Act to crack down on the data broker industry. Common Defense, a veteran-led nonprofit, urged the CFPB to take action in November, blaming data brokers for recklessly exposing sensitive information about US service members that placed them at “substantial risk” of being blackmailed, scammed, or targeted by hostile foreign actors.

A 2023 study cited by the group—funded by the US Military Academy at West Point—concluded that the current data broker ecosystem is a threat to US national security, permitting the sale of sensitive personal data that can be used not only to identify service members and “other politically sensitive targets,” but also to offer details about medical conditions, financial problems, and political and religious beliefs. “Foreign and malign actors with access to these datasets could uncover information about high-level targets, such as military service members, that could be used for coercion, reputational damage, and blackmail,” the authors report.

Common Defense political director Naveed Shah, an Iraq War veteran, condemned the move to spike the proposed changes, accusing Vought of putting the profits of data brokers before the safety of millions of service members. "For the sake of military families and our national security, the administration must reverse course and ensure that these critical privacy protections are enacted," Shah says.

Investigations by WIRED have shown that data brokers have collected and made cheaply available information that can be used to reliably track the locations of American military and intelligence personnel overseas, including in and around sensitive installations where US nuclear weapons are reportedly stored.

WIRED reported in February that US data brokers were using Google's ad-tech tools to sell access to information about devices linked to military service members and national security decisionmakers, as well as federal contractors that manufacture and export classified defense-related technologies. Experts say it proves trivial for foreign adversaries to de-anonymize the data.

"Data brokers inflict severe harm on individuals by degrading privacy, threatening national security, enabling scams and fraud, endangering public officials and survivors of domestic violence, and putting immigrant populations at risk,” says Caroline Kraczon, law fellow at the Electronic Privacy Information Center focused on consumer protection.

“The CFPB had a critical opportunity to address these harms by clarifying that data brokers must follow the Fair Credit Reporting Act,” adds Kraczon. “This withdrawal is deeply disappointing and another attack in the administration’s war against consumers on behalf of corporate interests."

Last month, more than 1,400 CFPB employees had their positions at the agency terminated, leaving the agency with a staff of around 300 people. Elon Musk, whose so-called Department of Government Efficiency (DOGE) has spearheaded the White House's efforts to radically restructure the federal government by slashing the size of its workforce, last November called on President Donald Trump to “delete” the CFPB, whose job includes shielding Americans from predatory lending practices.

_Update 10 am ET, May 15, 2025: Clarified the types of companies represented by the Financial Technology Association._

CFPB Quietly Kills Rule to Shield Americans From Data Brokers

Flashpoint uncovers how North Korean hackers used fake identities to secure remote IT jobs in the US, siphoning…

Flashpoint uncovers how North Korean hackers used fake identities to secure remote IT jobs in the US, siphoning $88 million. Find out how they used fake identities and technology to commit the fraud.

North Korean hackers used stolen identities to get remote IT jobs at US companies and non-profits, raking in at least $88 million over six years. The US Department of Justice indicted fourteen North Korean nationals on December 12, 2024, for their involvement. Security firm Flashpoint conducted a unique investigation, analysing data from the hackers’ own infected computers to uncover their tactics and exclusive details on this scheme.

Flashpoint’s investigation revealed the use of fake companies named in the indictment, including “Baby Box Info,” “Helix US,” and “Cubix Tech US,” to create believable resumes and provide fraudulent references. Researchers tracked infected computers, notably one in Lahore, Pakistan, which held login credentials for email addresses associated with these fake entities. The username “jsilver617,” potentially tied to a fake US identity “J.S.,” was found on one of these machines, which was used to apply for numerous tech jobs in 2023.

A critical piece of evidence was the extensive use of Google Translate between English and Korean, found in the browser history of an infected computer, which hinted at the hackers’ origins. Translated messages exposed their methods for creating fake job references, even including fabricated contact information for individuals at the sham companies. One translated message, posing as an HR manager from “Cubix,” provided false employment verification details.

Further communications hinted at a hierarchical structure within the operation and discussed “tradecraft,” such as strategies to avoid using webcams during online meetings. Frustration with a remote worker’s poor performance was also evident in a translated message stating, “It’s proof that you’re a failure.”

The investigation also uncovered discussions about shipping electronic devices, likely laptops and phones for their remote work setups. This aligns with Hackread.com’s recent reporting of Laptop Farms where US-based collaborators received devices for remote access by North Korean workers, with prominent North Korean group Nickel Tapestry identified as the key perpetrator.

In this case, one translated message inquired about the delivery of laptops to Nigeria. Browser history revealed tracking numbers for international courier services, including a shipment possibly originating from Dubai.

Translation provided by Flashpoint:

    We need to make the Abdul's voices heard for a week. After that we can turn off the camera. They are very sensitive to voices. They might not ask Abdul to turn on the video if they don't think there is a difference in thg voices.&op=translate
    
    ---
    
    and you know that was same some that we have already summitted your profile, at that time they told that your rate is high and gave offer to another person , but that offer is backout and now they have backfill of it. please let me know if we can submit your profile at $65/hr on C2C/1099. this time prime vendor is different, but client is same.&op=translate
    
    ---
    
    I didn't complain when you didn't get the assignment for two months. But this is a different matter. It's proof that you're a failure and if you're like this, you won't be able to handle this job well.&op=translate

The investigation also revealed the use of AnyDesk remote desktop software on the infected machines, suggesting the North Korean operatives accessed the US company systems remotely. This detail highlights the direct access they gained to sensitive company networks.

“Ever since its discovery, Fortune 500 companies, technology and cryptocurrency industries have been reporting even more secret DPRK agents siphoning funds, intellectual property, and information,” Flashpoint’s investigation, shared with Hackread.com, revealed.

Flashpoint’s inside look at this operation, achieved by analyzing compromised credentials and infostealer logs, provides a detailed understanding of North Korea’s sophisticated and profitable cyber fraud targeting US organizations.

North Korean Hackers Stole $88M by Posing as US Tech Workers

Did Siri record you? Apple is paying $95 million over Siri snooping allegations. Find out if you’re eligible…

Did Siri record you? Apple is paying $95 million over Siri snooping allegations. Find out if you’re eligible and how to claim your share by July 2, 2025.

Apple has settled a class-action lawsuit (PDF) that accused the tech giant of using its voice assistant, Siri, to record users’ private conversations without their permission. Reportedly, Apple has agreed to pay out $95 million to settle this lawsuit, so, if you owned certain Apple devices between September 2014 and December 2024 in the US, you could be eligible for a pay-out.

****Who Can Claim?****

The lawsuit initially filed in 2019 and led by consumers like Fumiko Lopez, claimed that Siri sometimes activated unintentionally and recorded private discussions. These recordings were then reportedly shared with outside companies, leading to targeted advertising within Apple’s search results and Safari web browser.

While Apple denies any wrongdoing or illegal activity, they decided to settle the case earlier this year. Now, a notice approved by a US District Court in California is being sent out to people who might be eligible for a portion of this settlement.

This means, that if you owned a Siri-enabled Apple device in the United States between September 17, 2014, and December 31, 2024, and experienced Siri activating and recording private conversations unintentionally, you might be able to file a claim. Eligible devices include iPhones, iPads, Apple Watches, MacBooks, iMacs, HomePods, iPod Touches, and Apple TVs.

****Filing Your Claim****

Some eligible users have already received emails titled “Lopez Voice Assistant Class Action Settlement” with a claim ID and confirmation code. These individuals can directly submit a claim on the settlement website using this information by July 2, 2025.

> _“Apple will pay $95,000,000 to create a non-reversionary common fund that will cover all approved settlement claims, notice and settlement administration costs (including any taxes owed by the Settlement Fund), any Court-approved service awards, and any Court-approved attorneys’ fees and expenses. The Gross Settlement Amount reverts to Apple only if the Settlement Agreement is voided, canceled, or terminated.”_
> 
> _“The Net Settlement Amount will be distributed on a pro rata basis according to the number of Siri devices that experienced an unintended Siri activation. If Settlement Class Members do not claim their payments within 120 days after issuance, the remaining funds will be used to cover any unexpected settlement administration costs and then distributed to one or more cy pres recipients, as agreed upon by the parties and approved by the Court.”_
> 
> US Dist. Ct., N.D. Cal., Oakland Div.

A snippet from the court documents

If you qualify but didn’t receive a notification, you can still file a “New Claim” on the same website, providing details and proof of purchase or the device’s serial number and model. When submitting, you will choose your preferred payment method, such as physical check, e-check, or direct deposit. The final approval hearing for the settlement is on August 1, 2025, and payments will be processed after that, potentially later this year.

It is worth noting that filing a claim means you cannot sue Apple separately for this issue. However, there is an option to opt out of the settlement if someone wishes to pursue individual legal action against Apple.

Interestingly, Apple is currently facing other lawsuits related to Siri, specifically regarding alleged false advertising of its Apple Intelligence features and the delayed launch of an upgraded version of Siri.

Moreover, the amount each person receives will depend on how many valid claims are submitted. However, the settlement website indicates that the payout is capped at $20 per Siri-enabled device, with a maximum of five devices per claimant, totalling up to $100.

Tag

#intel