Twitter will strengthen rules rules to prevent sexual harassment and abuse on its platform, the social media company said Monday in an email to the collection of safety advocates, researchers and academics it uses help set its policies. There will also be harsher penalties for misconduct.

The new guidelines include immediately and permanently suspending the accounts of anyone who posts or is the source of non-consensual nudity. Twitter’s definition of non-consensual nudity will be expanded to include photos that are taken covertly.

Third parties will now be able to report unwanted sexual advances from one user to another. Previously, only those directly involved in the matter could do so.

Twitter also promised to publish new rules adding hate symbols and imagery to its definition of sensitive media.

The changes come on the heels of a series of tweets from CEO Jack Dorsey Friday pledging to limit the number of bullies and harassers using Twitter.

The micro-blogging platform faced intense criticism last year after it temporarily banned actress Rose McGowan last year for a tweeting out contact information for person she said was connected with Harvey Weinstein, who has faced accusations of sexual assault from McGowan and others.
…

Facebook is launching the first electronic device to bear its brand, a screen and camera-equipped gadget intended to make video calls easier and more intuitive.

But it’s unclear if people will open their homes to an internet-connected camera sold by a company with a shoddy track record on protecting user privacy.

Facebook is marketing the device, called Portal, as a way for its more than 2 billion users to chat with one another without having to fuss with positioning and other controls. The device features a camera that uses artificial intelligence to automatically pan and zoom as people move around during calls.

The Portal will feature two different screen sizes. It will go on sale in early November for roughly $200 to $350.
…

Facebook is launching the first electronic device to bear its brand, a screen and camera-equipped gadget intended to make video calls easier and more intuitive.

But it’s unclear if people will open their homes to an internet-connected camera sold by a company with a shoddy track record on protecting user privacy.

Facebook is marketing the device, called Portal, as a way for its more than 2 billion users to chat with one another without having to fuss with positioning and other controls. The device features a camera that uses artificial intelligence to automatically pan and zoom as people move around during calls.

The Portal will feature two different screen sizes. It will go on sale in early November for roughly $200 to $350.
…

The massive breach of Facebook and the exposure of the information of an estimated 50 million users last week has highlighted one of the problems with all the data we are putting out into the world. City planners share those concerns, but they’re looking also looking at how “Big Data” may be a big boost in helping their own cities develop. VOA’s Kevin Enochs reports.
…

The U.S. Department of Homeland Security said Saturday it currently had no reason to doubt statements from companies that have denied a Bloomberg report that their supply chains were compromised by malicious computer chips inserted by Chinese intelligence services.

“The Department of Homeland Security is aware of the media reports of a technology supply chain compromise,” DHS said in a statement.

“Like our partners in the UK, the National Cyber Security Centre, at this time we have no reason to doubt the statements from the companies named in the story,” it said.

Bloomberg Businessweek on Thursday cited 17 unidentified intelligence and company sources as saying that Chinese spies had placed computer chips inside equipment used by around 30 companies, as well as multiple U.S. government agencies, which would give Beijing secret access to internal networks.

Apple and Amazon

Britain’s national cyber security agency said Friday it had no reason to doubt the assessments made by Apple Inc and Amazon.com Inc challenging the report.

Apple contested the Bloomberg report Thursday, saying its own internal investigations found no evidence to support the story’s claims and that neither the company, nor its contacts in law enforcement, were aware of any investigation by the FBI on the matter.

Apple’s recently retired general counsel, Bruce Sewell, told Reuters he called the FBI’s then-general counsel, James Baker, last year after being told by Bloomberg of an open investigation of Super Micro Computer Inc, a hardware maker whose products Bloomberg said were implanted with malicious Chinese chips.

“I got on the phone with him personally and said, ‘Do you know anything about this?” Sewell said of his conversation with Baker. “He said, ‘I’ve never heard of this, but give me 24 hours to make sure.’ He called me back 24 hours later and said ‘Nobody here knows what this story is about.” Baker and the FBI declined to comment Friday.
…

The U.S. farm-to-table trend is definitely one of the latest. Americans are hungry for fresh, organic produce in their homes, and in many cases they are willing to pay more for it. But in an urban setting, residents don’t have a farm next door. The company Iron Ox is looking to change that, with the help of robust robotics. VOA’s Kevin Enochs has the story.
…

The Trump administration is moving ahead with plans to revise safety rules that bar fully self-driving cars from the roads without equipment such as steering wheels, pedals and mirrors, according to a document made public on Thursday.

The National Highway Traffic Safety Administration (NHTSA) “intends to reconsider the necessity and appropriateness of its current safety standards” as applied to automated vehicles, the U.S. Department of Transportation said in an 80-page update of its principles dubbed “Automated Vehicles 3.0.”

The department, as reported by Reuters earlier on Thursday, disclosed that the NHTSA wants comment “on proposed changes to particular safety standards to accommodate automated vehicle technologies and the possibility of setting exceptions to certain standards that are relevant only when human drivers are present.”

U.S. Transportation Secretary Elaine Chao released the document at a department event. In the report, Chao said that self-driving cars have the potential to dramatically reduce traffic crashes and road deaths. But she added the “public has legitimate concerns about the safety, security, and privacy of automated technology.”

Automakers must currently meet nearly 75 auto safety standards, many of which were written with the assumption that a licensed driver will be in control of the vehicle.

General Motors Co in January filed a petition seeking an exemption for the current rules to use vehicles without steering wheels and other human controls as part of a ride-sharing fleet it plans to deploy in 2019.

NHTSA has not declared the GM petition complete, a step necessary before it can rule on the merits. NHTSA said it plans to propose modernizing procedures to follow when reviewing exemption petitions.

Alphabet Inc’s Waymo unit plans to launch an autonomous ride-hailing service for the general public with no human driver behind the steering wheel in Arizona later this year. But unlike GM, Waymo’s vehicles will have human controls for the time being.

In March, a self-driving Uber Technologies Inc vehicle struck and killed a pedestrian, while the backup safety driver was watching a video, police said. Uber suspended testing in the aftermath and some safety advocates said the crash showed the system was not safe enough to be tested on public roads.

NHTSA has stepped up its self-driving car focus as legislation in Congress on self-driving cars, which passed the U.S. House of Representatives in 2017, has stalled. It has only a slender chance of being approved in 2018, congressional aides said.

The report said “NHTSA’s current statutory authority to establish motor vehicle safety standards is sufficiently flexible to accommodate the design and performance of different” automated vehicles.

The Center for Auto Safety said NHTSA should require companies to “submit evidence” that their self-driving technology is safe “before involuntarily involving human beings in their testing.”

GM said in a statement on Thursday that “legislation is still urgently needed” to allow “the full deployment of self-driving vehicles.”

Automakers have warned it could take too long for NHTSA to rewrite the rules to allow for the widespread of adoption of self-driving cars without human controls.

The department also said it “no longer recognizes the designations of ten automated vehicle proving grounds” announced in January 2017.

The sites, including a Michigan center that U.S. President Donald Trump visited last year, were named by Congress to be eligible for $60 million in grants “to fund demonstration projects that test the feasibility and safety” of self-driving vehicles.

The Transportation Department also announced it will start studying the workforce impacts of automated vehicles with the Labor, Commerce, and the Health and Human Services departments. 

The report also said the Trump administration will not support calls to end human driving. The department “embraces the freedom of the open road, which includes the freedom for Americans to drive their own vehicles.”
…

The Trump administration is moving ahead with plans to revise safety rules that bar fully self-driving cars from the roads without equipment such as steering wheels, pedals and mirrors, according to a document made public on Thursday.

The National Highway Traffic Safety Administration (NHTSA) “intends to reconsider the necessity and appropriateness of its current safety standards” as applied to automated vehicles, the U.S. Department of Transportation said in an 80-page update of its principles dubbed “Automated Vehicles 3.0.”

The department, as reported by Reuters earlier on Thursday, disclosed that the NHTSA wants comment “on proposed changes to particular safety standards to accommodate automated vehicle technologies and the possibility of setting exceptions to certain standards that are relevant only when human drivers are present.”

U.S. Transportation Secretary Elaine Chao released the document at a department event. In the report, Chao said that self-driving cars have the potential to dramatically reduce traffic crashes and road deaths. But she added the “public has legitimate concerns about the safety, security, and privacy of automated technology.”

Automakers must currently meet nearly 75 auto safety standards, many of which were written with the assumption that a licensed driver will be in control of the vehicle.

General Motors Co in January filed a petition seeking an exemption for the current rules to use vehicles without steering wheels and other human controls as part of a ride-sharing fleet it plans to deploy in 2019.

NHTSA has not declared the GM petition complete, a step necessary before it can rule on the merits. NHTSA said it plans to propose modernizing procedures to follow when reviewing exemption petitions.

Alphabet Inc’s Waymo unit plans to launch an autonomous ride-hailing service for the general public with no human driver behind the steering wheel in Arizona later this year. But unlike GM, Waymo’s vehicles will have human controls for the time being.

In March, a self-driving Uber Technologies Inc vehicle struck and killed a pedestrian, while the backup safety driver was watching a video, police said. Uber suspended testing in the aftermath and some safety advocates said the crash showed the system was not safe enough to be tested on public roads.

NHTSA has stepped up its self-driving car focus as legislation in Congress on self-driving cars, which passed the U.S. House of Representatives in 2017, has stalled. It has only a slender chance of being approved in 2018, congressional aides said.

The report said “NHTSA’s current statutory authority to establish motor vehicle safety standards is sufficiently flexible to accommodate the design and performance of different” automated vehicles.

The Center for Auto Safety said NHTSA should require companies to “submit evidence” that their self-driving technology is safe “before involuntarily involving human beings in their testing.”

GM said in a statement on Thursday that “legislation is still urgently needed” to allow “the full deployment of self-driving vehicles.”

Automakers have warned it could take too long for NHTSA to rewrite the rules to allow for the widespread of adoption of self-driving cars without human controls.

The department also said it “no longer recognizes the designations of ten automated vehicle proving grounds” announced in January 2017.

The sites, including a Michigan center that U.S. President Donald Trump visited last year, were named by Congress to be eligible for $60 million in grants “to fund demonstration projects that test the feasibility and safety” of self-driving vehicles.

The Transportation Department also announced it will start studying the workforce impacts of automated vehicles with the Labor, Commerce, and the Health and Human Services departments. 

The report also said the Trump administration will not support calls to end human driving. The department “embraces the freedom of the open road, which includes the freedom for Americans to drive their own vehicles.”
…

The U.S. government warned Wednesday that a hacking group widely known as cloudhopper, which Western cybersecurity firms have linked to the Chinese government, has launched attacks on technology service providers in a campaign to steal data from their clients.

The Department of Homeland issued a technical alert for cloudhopper, which it said was engaged in cyber espionage and theft of intellectual property, after experts with two prominent U.S. cybersecurity companies warned earlier this week that Chinese hacking activity has surged amid the escalating trade war between Washington and Beijing.

Chinese authorities have repeatedly denied claims by Western cybersecurity firms that it supports hacking.

Homeland Security

Homeland Security released the information to support U.S. companies in responding to attacks by the group, which is targeting information technology, energy, health care, communications and manufacturing firms.

“These cyber threat actors are still active and we strongly encourage our partners in government and industry to work together to defend against this threat,” DHS official Christopher Krebs said in a statement.

The reported increase in Chinese hacking follows what cybersecurity firms have described as a lull in such attacks prompted by a 2015 agreement between Chinese President Xi Jinping and former U.S. President Barrack Obama to curb cyber-enabled economic theft.

“I can tell you now unfortunately the Chinese are back,” Dmitri Alperovitch, chief technology officer of U.S. cybersecurity firm CrowdStrike, said Tuesday at a security conference in Washington.

“We’ve seen a huge pickup in activity over the past year and a half. Nowadays they are the most predominant threat actors we see threatening institutions all over this country and Western Europe,” he said.

Analysts with FireEye, another U.S. cybersecurity firm, said that some of the Chinese hacking groups it tracks have become more active in recent months.

Advice to US firms

Wednesday’s alert provided advice on how U.S. firms can prevent, identify and remediate attacks by cloudhopper, which is also known as Red Leaves and APT10.

The hacking group has largely targeted firms known as managed service providers, which supply telecommunications, technology and other services to business around the globe.

Managed service providers, or MSPs, are attractive targets because their networks provide routes for hackers to access sensitive systems of their many clients, said Ben Read, a senior intelligence manager with FireEye.

“We’ve seen this group route malware through an MSP network to other targets,” Read said.
…

The U.S. government warned Wednesday that a hacking group widely known as cloudhopper, which Western cybersecurity firms have linked to the Chinese government, has launched attacks on technology service providers in a campaign to steal data from their clients.

The Department of Homeland issued a technical alert for cloudhopper, which it said was engaged in cyber espionage and theft of intellectual property, after experts with two prominent U.S. cybersecurity companies warned earlier this week that Chinese hacking activity has surged amid the escalating trade war between Washington and Beijing.

Chinese authorities have repeatedly denied claims by Western cybersecurity firms that it supports hacking.

Homeland Security

Homeland Security released the information to support U.S. companies in responding to attacks by the group, which is targeting information technology, energy, health care, communications and manufacturing firms.

“These cyber threat actors are still active and we strongly encourage our partners in government and industry to work together to defend against this threat,” DHS official Christopher Krebs said in a statement.

The reported increase in Chinese hacking follows what cybersecurity firms have described as a lull in such attacks prompted by a 2015 agreement between Chinese President Xi Jinping and former U.S. President Barrack Obama to curb cyber-enabled economic theft.

“I can tell you now unfortunately the Chinese are back,” Dmitri Alperovitch, chief technology officer of U.S. cybersecurity firm CrowdStrike, said Tuesday at a security conference in Washington.

“We’ve seen a huge pickup in activity over the past year and a half. Nowadays they are the most predominant threat actors we see threatening institutions all over this country and Western Europe,” he said.

Analysts with FireEye, another U.S. cybersecurity firm, said that some of the Chinese hacking groups it tracks have become more active in recent months.

Advice to US firms

Wednesday’s alert provided advice on how U.S. firms can prevent, identify and remediate attacks by cloudhopper, which is also known as Red Leaves and APT10.

The hacking group has largely targeted firms known as managed service providers, which supply telecommunications, technology and other services to business around the globe.

Managed service providers, or MSPs, are attractive targets because their networks provide routes for hackers to access sensitive systems of their many clients, said Ben Read, a senior intelligence manager with FireEye.

“We’ve seen this group route malware through an MSP network to other targets,” Read said.
…

North Korea’s nuclear and missile tests have stopped, but its hacking operations to gather intelligence and raise funds for the sanction-strapped government in Pyongyang may be gathering steam.

U.S. security firm FireEye raised the alarm Wednesday over a North Korean group that it says has stolen hundreds of millions of dollars by infiltrating the computer systems of banks around the world since 2014 through highly sophisticated and destructive attacks that have spanned at least 11 countries. It says the group is still operating and poses “an active global threat.”

It is part of a wider pattern of malicious state-backed cyber activity that has led the Trump administration to identify North Korea — along with Russia, Iran and China — as one of the main online threats facing the United States. Last month, the Justice Department charged a North Korean hacker said to have conspired in devastating cyberattacks, including an $81 million heist of Bangladesh’s central bank and the WannaCry virus that crippled parts of Britain’s National Health Service.

DHS offers warning

On Tuesday, the U.S. Department of Homeland Security warned of the use of malware by Hidden Cobra, the U.S. government’s byword for North Korea hackers, in fraudulent ATM cash withdrawals from banks in Asia and Africa. It said that Hidden Cobra was behind the theft of tens of millions of dollars from teller machines in the past two years. In one incident this year, cash had been simultaneously withdrawn from ATMs in 23 different countries, it said.

North Korea, which prohibits access to the world wide web for virtually all of its people, has previously denied involvement in cyberattacks, and attribution for such attacks is rarely made with absolute certainty. It is typically based on technical indicators such as the Internet Protocol, or IP, addresses that identify computers and characteristics of the coding used in malware, which is the software a hacker may use to damage or disable computers.

But other cybersecurity experts tell The Associated Press that they also see continued signs that North Korea’s authoritarian government, which has a long track record of criminality to raise cash, is conducting malign activity online. That activity includes targeting of financial institutions and crypto-currency-related organizations, as well as spying on its adversaries, despite the easing of tensions between Pyongyang and Washington.

“The reality is they are starved for cash and are continuing to try and generate revenue, at least until sanctions are diminished,” said Adam Meyers, vice president of intelligence at CrowdStrike. “At the same time, they won’t abate in intelligence collection operations, as they continue to negotiate and test the international community’s resolve and test what the boundaries are.”

North Korea attacks continue

CrowdStrike says it has detected continuing North Korean cyber intrusions in the past two months, including the use of a known malware against a potentially broad set of targets in South Korea, and a new variant of malware against users of mobile devices that use a Linux-based operating system.

This activity has been taking place against the backdrop of a dramatic diplomatic shift as Kim Jong Un has opened up to the world. He has held summits with South Korean President Moon Jae-in and with President Donald Trump, who hopes to persuade Kim to relinquish the nuclear weapons that pose a potential threat to the U.S. homeland. Tensions on the divided Korean Peninsula have dropped and fears of war with the U.S. have ebbed. Trump this weekend will dispatch his top diplomat, Mike Pompeo, to Pyongyang for the fourth time this year to make progress on denuclearization.

But North Korea has yet to take concrete steps to give up its nuclear arsenal, so there’s been no let-up in sanctions that have been imposed to deprive it of fuel and revenue for its weapons programs, and to block it from bulk cash transfers and accessing to the international banking system.

FireEye says APT38, the name it gives to the hacking group dedicated to bank theft, has emerged and stepped up its operations since February 2014 as the economic vise on North Korea has tightened in response to its nuclear and missile tests. Initial operations targeted financial institutions in Southeast Asia, where North Korea had experience in money laundering, but then expanded into other regions such as Latin America and Africa, and then extended to Europe and North America.

In all, FireEye says APT38 has attempted to steal $1.1 billion, and based on the data it can confirm, has gotten away with hundreds of millions in dollars. It has used malware to insert fraudulent transactions in the Society for Worldwide Interbank Financial Telecommunication or SWIFT system that is used to transfer money between banks. Its biggest heist to date was $81 million stolen from the central bank of Bangladesh in February 2016. The funds were wired to bank accounts established with fake identities in the Philippines. After the funds were withdrawn they were suspected to have been laundered in casinos.

Cyber attacks an alternative 

The Foundation for Defense of Democracies, a Washington think tank, said in a report Wednesday that North Korea’s cyber capabilities provide an alternative means for challenging its adversaries. While Kim’s hereditary regime appears to prioritize currency generation, attacks using the SWIFT system raise concerns that North Korean hackers “may become more proficient at manipulating the data and systems that undergird the global financial system,” it says.

Sandra Joyce, FireEye’s head of global intelligence, said that while APT38 is a criminal operation, it leverages the skills and technology of a state-backed espionage campaign, allowing it to infiltrate multiple banks at once and figure how to extract funds. On average, it dwells in a bank’s computer network for 155 days to learn about its systems before it tries to steal anything. And when it finally pounces, it uses aggressive malware to wreak havoc and cover its tracks.

“We see this as a consistent effort, before, during and after any diplomatic efforts by the United States and the international community,” said Joyce, describing North Korea as being “undeterred” and urging the U.S. government to provide more specific threat information to financial institutions about APT38’s modus operandi. APT stands for Advanced Persistent Threat.

Large Chile bank hacked

The Silicon Valley-based company says it is aware of continuing, suspected APT38 operations against other banks. The most recent attack it is publicly attributing to APT38 was against of Chile’s biggest commercial banks, Banco de Chile, in May this year. The bank has said a hacking operation robbed it of $10 million.

FireEye, which is staffed with a roster of former military and law-enforcement cyberexperts, conducted malware analysis for a criminal indictment by the Justice Department last month against Park Jin Hyok, the first time a hacker said to be from North Korea has faced U.S. criminal charges. He’s accused of conspiring in a number of devastating cyberattacks: the Bangladesh heist and other attempts to steal more than $1 billion from financial institutions around the world; the 2014 breach of Sony Pictures Entertainment; and the WannaCry ransomware virus that in 2017 infected computers in 150 countries. 
…

North Korea’s nuclear and missile tests have stopped, but its hacking operations to gather intelligence and raise funds for the sanction-strapped government in Pyongyang may be gathering steam.

U.S. security firm FireEye raised the alarm Wednesday over a North Korean group that it says has stolen hundreds of millions of dollars by infiltrating the computer systems of banks around the world since 2014 through highly sophisticated and destructive attacks that have spanned at least 11 countries. It says the group is still operating and poses “an active global threat.”

It is part of a wider pattern of malicious state-backed cyber activity that has led the Trump administration to identify North Korea — along with Russia, Iran and China — as one of the main online threats facing the United States. Last month, the Justice Department charged a North Korean hacker said to have conspired in devastating cyberattacks, including an $81 million heist of Bangladesh’s central bank and the WannaCry virus that crippled parts of Britain’s National Health Service.

DHS offers warning

On Tuesday, the U.S. Department of Homeland Security warned of the use of malware by Hidden Cobra, the U.S. government’s byword for North Korea hackers, in fraudulent ATM cash withdrawals from banks in Asia and Africa. It said that Hidden Cobra was behind the theft of tens of millions of dollars from teller machines in the past two years. In one incident this year, cash had been simultaneously withdrawn from ATMs in 23 different countries, it said.

North Korea, which prohibits access to the world wide web for virtually all of its people, has previously denied involvement in cyberattacks, and attribution for such attacks is rarely made with absolute certainty. It is typically based on technical indicators such as the Internet Protocol, or IP, addresses that identify computers and characteristics of the coding used in malware, which is the software a hacker may use to damage or disable computers.

But other cybersecurity experts tell The Associated Press that they also see continued signs that North Korea’s authoritarian government, which has a long track record of criminality to raise cash, is conducting malign activity online. That activity includes targeting of financial institutions and crypto-currency-related organizations, as well as spying on its adversaries, despite the easing of tensions between Pyongyang and Washington.

“The reality is they are starved for cash and are continuing to try and generate revenue, at least until sanctions are diminished,” said Adam Meyers, vice president of intelligence at CrowdStrike. “At the same time, they won’t abate in intelligence collection operations, as they continue to negotiate and test the international community’s resolve and test what the boundaries are.”

North Korea attacks continue

CrowdStrike says it has detected continuing North Korean cyber intrusions in the past two months, including the use of a known malware against a potentially broad set of targets in South Korea, and a new variant of malware against users of mobile devices that use a Linux-based operating system.

This activity has been taking place against the backdrop of a dramatic diplomatic shift as Kim Jong Un has opened up to the world. He has held summits with South Korean President Moon Jae-in and with President Donald Trump, who hopes to persuade Kim to relinquish the nuclear weapons that pose a potential threat to the U.S. homeland. Tensions on the divided Korean Peninsula have dropped and fears of war with the U.S. have ebbed. Trump this weekend will dispatch his top diplomat, Mike Pompeo, to Pyongyang for the fourth time this year to make progress on denuclearization.

But North Korea has yet to take concrete steps to give up its nuclear arsenal, so there’s been no let-up in sanctions that have been imposed to deprive it of fuel and revenue for its weapons programs, and to block it from bulk cash transfers and accessing to the international banking system.

FireEye says APT38, the name it gives to the hacking group dedicated to bank theft, has emerged and stepped up its operations since February 2014 as the economic vise on North Korea has tightened in response to its nuclear and missile tests. Initial operations targeted financial institutions in Southeast Asia, where North Korea had experience in money laundering, but then expanded into other regions such as Latin America and Africa, and then extended to Europe and North America.

In all, FireEye says APT38 has attempted to steal $1.1 billion, and based on the data it can confirm, has gotten away with hundreds of millions in dollars. It has used malware to insert fraudulent transactions in the Society for Worldwide Interbank Financial Telecommunication or SWIFT system that is used to transfer money between banks. Its biggest heist to date was $81 million stolen from the central bank of Bangladesh in February 2016. The funds were wired to bank accounts established with fake identities in the Philippines. After the funds were withdrawn they were suspected to have been laundered in casinos.

Cyber attacks an alternative 

The Foundation for Defense of Democracies, a Washington think tank, said in a report Wednesday that North Korea’s cyber capabilities provide an alternative means for challenging its adversaries. While Kim’s hereditary regime appears to prioritize currency generation, attacks using the SWIFT system raise concerns that North Korean hackers “may become more proficient at manipulating the data and systems that undergird the global financial system,” it says.

Sandra Joyce, FireEye’s head of global intelligence, said that while APT38 is a criminal operation, it leverages the skills and technology of a state-backed espionage campaign, allowing it to infiltrate multiple banks at once and figure how to extract funds. On average, it dwells in a bank’s computer network for 155 days to learn about its systems before it tries to steal anything. And when it finally pounces, it uses aggressive malware to wreak havoc and cover its tracks.

“We see this as a consistent effort, before, during and after any diplomatic efforts by the United States and the international community,” said Joyce, describing North Korea as being “undeterred” and urging the U.S. government to provide more specific threat information to financial institutions about APT38’s modus operandi. APT stands for Advanced Persistent Threat.

Large Chile bank hacked

The Silicon Valley-based company says it is aware of continuing, suspected APT38 operations against other banks. The most recent attack it is publicly attributing to APT38 was against of Chile’s biggest commercial banks, Banco de Chile, in May this year. The bank has said a hacking operation robbed it of $10 million.

FireEye, which is staffed with a roster of former military and law-enforcement cyberexperts, conducted malware analysis for a criminal indictment by the Justice Department last month against Park Jin Hyok, the first time a hacker said to be from North Korea has faced U.S. criminal charges. He’s accused of conspiring in a number of devastating cyberattacks: the Bangladesh heist and other attempts to steal more than $1 billion from financial institutions around the world; the 2014 breach of Sony Pictures Entertainment; and the WannaCry ransomware virus that in 2017 infected computers in 150 countries. 
…