The FBI has warned that more cybercriminals have been leveraging deepfakes and stolen personally identifiable information to apply for remote jobs in the tech industry, BleepingComputer reports.
Some positions targeted by threat actors include those involving information technology, computer programming, and software, which would enable customer PII, corporate IT database, and financial data access, according to the FBI.
The FBI noted that complaints involving deepfake use showed a disconnect between the person on the video's actions and lip movement and the audio used in the video. Meanwhile, stolen PII was reported by victims to have been used by attackers for remote employment opportunities that involved pre-employment background checks.
Individuals and companies that may have been impacted have been urged to report the malicious activity to the FBI's Internet Crime Complaint Center. The new alert comes more than a year after the FBI warned about the increasing sophistication of deepfakes, which are poised to reach greater adoption among threat actors.
Ukrainian hacktivist operation IT Army has taken responsibility for a significant distributed denial-of-service attack against Russian local airline booking system Leonardo, which is used by over 50 Russian carriers, according to The Record, a news site by cybersecurity firm Recorded Future.
New attacks with the updated SysUpdate toolkit have been deployed by Chinese advanced persistent threat operation Budworm, also known as APT27, Emissary Panda, Bronze Union, Lucky Mouse, Iron Tiger, and Red Phoenix, against an Asian government and a Middle East-based telecommunications provider, reports The Hacker News.
Forty-five malicious NPM and PyPI packages have been deployed by threat actors to facilitate extensive data theft operations as part of a campaign that commenced on Sept. 12, according to BleepingComputer.