
Weekly Axis Of Easy #400
Last Week’s Quote was: “If you want total security, go to prison. There you’re fed, clothed, given medical care and so on. The only thing lacking… is freedom,” was by Dwight D. Eisenhower. Rick guessed it right!
This Week’s Quote: “He who has a why to live can bear almost any how.” By ???
THE RULES: No searching up the answer, must be posted at the bottom of the blog post, in the comments section.
The Prize: First person to post the correct answer gets their next domain or hosting renewal on us.
This is your easyDNS #AxisOfEasy Briefing for the week of May 12th, 2025 our Technology Correspondent Joann L Barnes and easyCEO Mark E. Jeftovic send out a short briefing on the state of the ‘net and how it affects your business, security and privacy.
To Listen/watch this podcast edition with commentary and insight from Joey and Len the Lengend click here.
In this issue:
- North Korean Hackers Infiltrate U.S. Tech Jobs with Fake Identities and Remote Access
- Steam Breach Exposes 89 Million Accounts in Dark Web Data Sale
- Marks and Spencer Cyberattack Exposes Customer Data and Halts Online Orders (update from AoE #397)
- Europol and Global Police Dismantle €3 Million Investment Fraud Network
- Florida Encryption Backdoor Bill Fails After House Withdrawal
Elsewhere Online:
North Korean Hackers Infiltrate U.S. Tech Jobs with Fake Identities and Remote Access
North Korean hackers, indicted by the U.S. Department of Justice on December 12, 2024, used stolen identities to fraudulently secure remote IT jobs at U.S. companies and nonprofits, netting at least \$88 million over six years. Security firm Flashpoint, analyzing data from infected hacker machines, revealed their tradecraft: fake companies like “Baby Box Info,” “Helix US,” and “Cubix Tech US” produced fabricated resumes and job references. One infected machine in Lahore, Pakistan, held credentials tied to these sham firms and was associated with the alias “jsilver617,” likely linked to a fictitious U.S. identity “J.S.” used to apply for tech roles in 2023.
Browser histories showed heavy reliance on Google Translate (English–Korean), exposing language barriers and geographical origin. Translated messages detailed scripts for fake HR verifications and discouraged webcam use during interviews to avoid detection. Internal messages revealed hierarchy, discontent—“It’s proof that you’re a failure”—and logistical coordination for shipping electronics. One message discussed laptops bound for Nigeria; tracking data showed courier use, possibly from Dubai.
Hackers used AnyDesk to access U.S. networks remotely. The DPRK-linked group Nickel Tapestry is identified as a key actor. Flashpoint’s insights, drawn from infostealer logs and compromised credentials, highlight an increasingly professionalized North Korean cyber-fraud apparatus embedded in U.S. tech infrastructure.
Read: https://hackread.com/north-korean-hackers-stole-88m-posing-us-tech-workers/
Steam Breach Exposes 89 Million Accounts in Dark Web Data Sale
Steam – Valve’s ubiquitous online gaming platform – has reportedly suffered a massive data breach affecting a whopping 89 million user accounts. The origin of this security snafu is still a mystery wrapped in an enigma, but what we do know is that sensitive user info like one-time passwords and phone numbers are now being hawked on the dark web for a cool $5,000.
So if you’re one of the 30 million or so concurrent Steam users currently enjoying your favorite digital diversions, it might be prudent to take a quick pause and change your password – stat. While you’re at it, consider enabling two-factor authentication too, since clearly security is not exactly Valve’s strong suit at the moment.
In this era of seemingly weekly data breaches, the best we can do is stay vigilant, use strong unique passwords (ideally generated by a reputable password manager), and keep a keen eye out for any phishing attempts or suspicious activity linked to our accounts. Because apparently entrusting our data to companies is just an extended exercise in “trust, but verify.”
Read: https://www.cnet.com/tech/services-and-software/89-million-steam-accounts-allegedly-compromised-in-a-data-breach-our-advice-change-your-password-now/
Marks and Spencer Cyberattack Exposes Customer Data and Halts Online Orders (update from AoE #397)
Marks & Spencer (M&S), the UK retailer, disclosed that a recent cyberattack compromised customer data including phone numbers, home addresses, and birthdates—though not payment card data or passwords, which it claims aren’t stored on its systems. Initially downplaying it as a “cyber incident” requiring only “minor, temporary changes” to store operations, M&S later paused online orders. On May 13, in a London Stock Exchange update, M&S told customers no action was needed but they’d be prompted to reset passwords at next login, and provided online safety guidance. While M&S stated there’s no evidence the data has been shared, cybersecurity experts urged caution. Dr. Darren Williams, CEO of BlackFog, warned customers to watch for phishing attempts mimicking M&S communications.
The National Cyber Security Centre (NCSC), the UK’s top cyber agency, confirmed it’s tracking related attacks on retailers Co-Op and Harrods. The DragonForce ransomware gang—emerging in 2023 as a ransomware-as-a-service (RaaS) outfit—claimed responsibility for all three.
Read: https://www.darkreading.com/threat-intelligence/marks-spencer-confirms-customer-data-stolen
Europol and Global Police Dismantle €3 Million Investment Fraud Network
A transnational investment fraud ring has been “dismantled,” per Europol, after a three-year investigation involving law enforcement from Germany, the UK, Israel, Cyprus, Albania, Latvia, and Belgium, coordinated by Europol and Eurojust. The case began in Germany when a married couple reported being defrauded. The network lured over 100 victims with high-return promises, extracting more than €3 million ($3.4 million) through fake schemes. Victims were often persuaded via call centers, managed by identified suspects, and pressured by agents posing as brokers. After small deposits, victims were shown fabricated profit dashboards to prompt further investment. There was no actual investment; all funds went to the criminals.
The first “action day” on September 6, 2022, led to two arrests in Belgium and Latvia and critical evidence seizures, which revealed seven more suspects. A second coordinated action on May 13, 2025, led to eight searches in Albania, Cyprus, and Israel, the arrest of a suspect in Cyprus, and the seizure of electronic devices, documents, and cash.
The scam’s mechanisms resembled “pig butchering,” where victims are groomed, typically online, then duped into investing. The FBI reported investment fraud as 2024’s top-grossing cybercrime, with nearly 48,000 complaints and $6.5 billion in losses, surpassing business email compromise ($2.8 billion), underscoring the scale of this ecosystem.
Read: https://www.europol.europa.eu/media-press/newsroom/news/international-crackdown-dismantles-multimillion-euro-investment-scam
Florida Encryption Backdoor Bill Fails After House Withdrawal
Florida’s Social Media Use by Minors bill, which passed the Senate but was withdrawn from the House, would have required platforms to build decryption backdoors for police access to private messages via subpoena, typically issued without judicial oversight. The Electronic Frontier Foundation called the bill “dangerous and dumb,” echoing longstanding security expert warnings that no backdoor is safe from abuse. The bill’s failure halts efforts to weaken end-to-end encryption under the guise of child protection. While no specific lawmakers or platforms were named, the bill’s defeat highlights ongoing tension between privacy rights, legislative overreach, and law enforcement’s push for expanded surveillance tools.
Read: https://techcrunch.com/2025/05/09/florida-bill-requiring-encryption-backdoors-for-social-media-accounts-has-failed/
Elsewhere online:
USA Bill Seeks to Redefine Obscenity and Expand Federal Power over Online Content
Read: https://reclaimthenet.org/interstate-obscenity-definition-act-ioda
Limited Attacks Leverage Ivanti EPMM Authentication Bypass and RCE Flaws
Read: https://thehackernews.com/2025/05/ivanti-patches-epmm-vulnerabilities.html
Government Employee Credentials Exposed in Info-Stealer Malware Leaks
Read: https://arstechnica.com/security/2025/05/doge-software-engineers-computer-infected-by-info-stealing-malware/
LockBit’s Internal Data and Bitcoin Wallets Exposed in Dark Web Hack
Read: https://hackread.com/lockbits-dark-web-domains-hacked/
Fortinet Addresses Actively Exploited Flaw Affecting Multiple Products
Read: https://www.securityweek.com/fortinet-patches-zero-day-exploited-against-fortivoice-appliances/
If you missed the previous issues, they can be read online here:
-
-
-
-
-
- May 9th, 2025: Hackers Break Into Government Messaging App And Steal Sensitive Data
- May 2nd, 2025: Texas Bill Could Jail People For Sharing Political Memes Without Disclaimers
- April 25th, 2025: Marks & Spencer Hit by Easter Cyberattack Disrupting In-Store Services
- April 18th, 2025: Google Got Your Health Info Without You Knowing, And Here’s What Happened
- April 11th, 2025: Leaked Shopify Memo: Use AI Or Else
-
-
-
-
THe originator of this weeks quote was Victor Frankl