North Korea is secretly sending thousands of IT workers abroad to earn money for its government, often using fake identities to get remote tech jobs with Western firms. This strange reality came to light when “Jin-su,” a former North Korean IT worker, was interviewed by BBC. He revealed he once juggled several IT jobs in the US and Europe at once, earning at least $5,000 a month. But almost all of his wages, up to 85%, had to be sent back home to North Korea. “We know it’s like robbery, but we just accept it as our fate,” Jin-su said. “It’s still much better than when we were in North Korea.” Experts estimate that these undercover IT workers are making North Korea between $250 million and $600 million every year. The scheme grew during the pandemic, as remote jobs became more common and harder to trace. North Korean workers manage everything from coding to customer support, often without ever showing their real faces. They get away with it by “borrowing” real identities from people in countries like Hungary, Turkey, and the UK, a trick that lets them look like normal job candidates on freelancing platforms. Some of these workers even get involved in fraud or hacking, stealing company data or demanding ransom. US authorities are worried. Last year, the US government indicted 14 North Koreans accused of stealing $88 million from American companies, and more were caught this year for working at US crypto startups with fake IDs. “We weren’t allowed to go out and had to stay indoors all the time,” Jin-su recalled of his time working in China for the regime. But he used the internet to watch Western media and eventually decided to escape, though he says most North Korean workers never consider defecting. The risks are just too high: if caught, they could be sent back home for harsh punishment, and their families might suffer too. Hiring managers around the world say they’re seeing more suspected North Korean applicants. Some have started doing video calls just to confirm who’s real. One US tech recruiter said, “It started out almost like a game, can you spot the North Korean? but it quickly became a real headache.” Today, even though Jin-su earns less than before, he can actually keep what he makes. “Now I work hard and earn the money I deserve” This secret network isn’t just about clever online scams, it is a big source of money supporting the North Korean government according to Jin-su, helping it dodge international sanctions, and raising serious cyber-security worries for companies everywhere.
Over 150,000 Nigerians hit by data breaches in early 2025, study reveals
More than 150,000 Nigerians had their online accounts compromised in the first half of 2025, according to a new report from cybersecurity company Surfshark. The report, released this week, shows that while data breaches sharply dropped in Nigeria between the first and second quarters, falling from 120,000 to about 31,800 incidents, the country still faces a major threat to digital privacy. Surfshark’s product manager, Sarunas Sereika, warned, “Today’s digital age requires all of us to share more and more personal information to carry out daily tasks. In the wrong hands, this data can be used to commit identity theft, for targeted scams, or sold on the dark web.” Nigeria now ranks as the third most affected country in Sub-Saharan Africa, with a total of 23.3 million accounts breached since 2004. According to Surfshark, about 13 million of these accounts included leaked passwords, exposing users to risks like account takeover and identity theft, while another 7.3 million unique Nigerian email addresses have appeared in leaks. The data means 10 out of every 100 Nigerians have been affected by a breach at some point, stressing urgent need for better online safeguards. Globally, the situation isn’t much better. The number of leaked accounts worldwide jumped by 34% in the second quarter, reaching 94 million cases. The United States saw the most breaches, followed by France, India, Germany, and Israel. Security experts at Surfshark advise Nigerians to update passwords frequently and use two-factor authentication whenever possible. They collected their findings by analyzing 29,000 public databases, making sure to anonymize all personal details before review. Securing personal data today remains a challenge, as digital services become a bigger part of everyday life. The recent decline in Nigerian breaches is welcome development, but cybersecurity remains a pressing issue, one that requires constant attention from users, businesses, and government.
EFCC raises alarm as 12,000 Nigerian youths sell personal data for N5,000
The Economic and Financial Crimes Commission (EFCC) has revealed that around 12,000 young Nigerians are selling private information like Bank Verification Numbers (BVN) and National Identification Numbers (NIN) to fintech companies for as little as ₦5,000. According to a statement released by the EFCC on Friday, these youths, known as “Account Suppliers” or “KYC Group”, are paying victims between ₦1,500 and ₦2,000 to hand over their personal identification details. They then sell this data to some fintech organisations, which use it to open accounts for scams and other fraudulent activities. The Commission described this as a growing fraud trend, especially worrying because many of the youths are targeting unsuspecting Nigerians nationwide. The information they collect is used to set up accounts with fintech firms, which in turn become tools for investment scams and laundering money, often by moving it into cryptocurrency. The EFCC also stated a recent case where scammers ran a fake promo, promising a 50% discount on a popular airline’s tickets. Victims were told to pay ₦500 for charity and install an airline app. This gave fraudsters access to their bank details, allowing them to move victims’ money to accounts in a microfinance bank. Some arrests have been made, and the Commission is working to recover stolen money. The EFCC warned the public to avoid becoming “Account Donors”, stressing that selling such details is dangerous, illegal, and poses a threat to national security. “We are committed to protecting Nigeria’s financial system in the interest of every citizen,” the EFCC stated, urging everyone to stay alert and not fall for suspicious offers or promos.
Microsoft warns of active Chinese hacker attacks exploiting SharePoint flaw
Microsoft has warned that hackers linked to the Chinese government are exploiting a serious security flaw in its SharePoint software to launch a global cyberattack. The vulnerability, known as CVE-2025-53770, allows attackers to gain control over corporate networks by stealing security keys and installing malware on self-hosted SharePoint servers. Microsoft revealed that since early July, at least three Chinese-backed hacking groups named Linen Typhoon, Violet Typhoon, and Storm-2603 have been targeting unpatched SharePoint systems. These groups aim to steal intellectual property, conduct espionage, and access sensitive data across organizations worldwide. The company urged all SharePoint users to immediately apply the latest security updates it has released, which fix this critical flaw and prevent further attacks. Microsoft also recommended that affected organizations assume their systems may have been compromised and carry out thorough forensic investigations. This attack raises concerns for businesses and governments relying on SharePoint for document management, as hackers can remotely execute malicious code and access internal files if systems remain unprotected. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) confirmed the risk, stating that there are potentials for large-scale data breaches. This is not the first instance of China-linked cyber groups exploiting Microsoft products. Similar attacks on Microsoft Exchange servers in 2021 compromised thousands of organizations globally. As the situation develops, users should monitor official updates from Microsoft and cybersecurity authorities. Prompt action can prevent data theft and protect critical networks.
Microsoft, Google, and Apple lead list of most-targeted brands in Q2 2025 phishing attacks – Check Point Research
A surge in phishing scams has put some of the world’s biggest tech brands, including Microsoft, Google, and Apple, at the top of criminals’ hit list, according to a fresh report from Check Point Research. The new findings show that between April and June 2025, Microsoft was impersonated in 25% of phishing attempts globally, making it the most targeted brand for cybercriminals. Google followed in second place with 11%, while Apple was third at 9%. Spotify, which hadn’t appeared among the top 10 since 2019, made a striking comeback with 6% of attacks, as scammers shifted their focus toward entertainment and subscription services. Other brands caught in the web included Adobe, LinkedIn, Amazon, Booking.com, WhatsApp, and Facebook. Phishing is a type of cyberattack where fraudsters disguise themselves as trustworthy organisations to trick people into sharing confidential details like passwords and bank information. Attackers send fake emails or create bogus websites that look nearly identical to real login or payment pages. According to Check Point, technology companies are the most impersonated industry sector. Nigerians who work or study using Microsoft 365, Google Workspace, or similar platforms face increased risk. Attackers target these brands because so many people rely on them daily, making it easier to fool victims into clicking suspicious links or entering sensitive information. Spotify’s return to the top 10 highlights a growing trend. More people are using digital entertainment, so attackers are following where the users are. In one campaign, criminals set up a fake Spotify login page. When users entered their details, they were redirected to a counterfeit payment page that tried to collect their credit card data. Phishing scams related to travel also spiked in the last quarter, with Booking.com-themed domains seeing a sharp increase, over 700 such domains were created, often mimicking real communications by including users’ actual names and booking details. These personalized ploys heightened urgency and made the scams more convincing, showing just how sophisticated phishing attacks have become. “Cybercriminals continue to exploit the trust users place in well-known brands. The resurgence of Spotify and the surge in travel-related scams, especially during the Northern Hemisphere’s holiday season, show how phishing attacks are adapting to user behaviour and seasonal trends” – Omer Dembinsky (Data Research Manager at Check Point Software). Experts recommend that organisations should boost their email security, train their staff, and use multi-factor authentication. Individuals should think twice before clicking links or entering passwords, especially if the message seems urgent or unfamiliar. Phishing attacks are evolving. The more we depend on digital brands, the more we need to stay aware and protect ourselves.
Court grants bail to CBEX promoters amid billion-dollar crypto scam allegations
Two senior figures linked to the collapsed Crypto Bridge Exchange (CBEX) have been granted bail by the Federal High Court in Abuja, following charges of large-scale crypto investment fraud. Avwerosuo Otorudo and Chukwuebuka Ehirim, both described as promoters of CBEX, received bail at N10million each, with strict conditions. Each must provide two sureties of the same amount, whose property must be verified within the court’s jurisdiction. The duo faces a three-count amended charge from the Economic and Financial Crimes Commission (EFCC). Authorities say they ran illegal operations and promised investors returns as high as 88% without proper approval from financial regulators. EFCC described the charges as “unauthorized investment activities and collecting public funds on false pretenses.” The court has set October 13 as the starting date for the trial. The CBEX scandal has rocked Nigeria’s crypto space. Investigators found that the firm allegedly lured investors by promising rapid profits, sometimes up to 100%. Recall on the 16th of April, 2025, Daily Tech Nigeria reported that victims of CBEX scam lost access to over $1billion in cryptocurrencies after depositing digital assets, mainly USDT stablecoins, into CBEX wallets. Many said they were locked out of the platform and could not withdraw their funds. The EFCC revealed that ST Technologies International Limited, believed to be linked to CBEX, was only registered with the Corporate Affairs Commission (CAC) and did not have operating licenses from either the Central Bank of Nigeria or the Securities and Exchange Commission. This, according to the authorities, made the investment operations illegal. EFCC officials stated, “Our cybercrimes unit found a prima facie case of investment fraud using a crypto front.” Six CBEX promoters, including Otorudo and Ehirim, were earlier arrested by court order. In a related case, Adefowora Abiodun, the Managing Director of ST Technologies, is also seeking bail. He has pleaded not guilty to an eight-count amended charge, insisting that he surrendered himself to the EFCC and requires urgent eye surgery. His lawyer, Babatunde Busari, argued for bail, noting, “He’s been in detention for over 80 days.” The EFCC has opposed his bail, because of the potential risk of Abiodun fleeing justice, especially because a conviction could bring up to seven years in prison. The court will decide on his bail plea by July 25. The CBEX case is seen as one of Nigeria’s largest crypto fraud scandals to date. The upcoming trial could bring more details to light, while regulators have increased warnings about high-risk online investments and platforms without valid licenses.