Meet the “Kyles” — North Korea’s secret IT warriors - Click Here

Summary6 min read

Podcast Summary: Click Here Episode - "Meet the ‘Kyles’ — North Korea’s Secret IT Warriors"

Introduction

In the March 4, 2025 episode of Click Here, hosted by Dina Temple-Raston of Recorded Future News, listeners are immersed in a gripping true story that unveils the covert operations of North Korea's secret IT workforce. This episode delves into how North Korean agents infiltrate legitimate companies under false identities to execute cyber schemes that fund the regime's activities. Through detailed storytelling and expert insights, the episode sheds light on the sophisticated methods employed by these operatives and the challenges faced by companies in safeguarding their digital environments.

The Hiring Process: Seeking the Perfect Candidate

The episode begins by highlighting the arduous process of hiring a principal software engineer at KnowBe4, a cybersecurity training company. Brian Jack, the Chief Information Security Officer at KnowBe4, explains the stringent requirements for the role:

Brian Jack [00:48]: "We were hiring for a principal software engineer that was gonna be writing code and applications on our IT team. Someone who was able to have lots of experience in writing full stack code."

The term "full stack code" refers to the ability to handle both frontend user interfaces and backend databases and logic. KnowBe4 sought someone with not only technical prowess but also leadership qualities—a combination often deemed a "unicorn" in the hiring world.

After posting the job, KnowBe4 received thousands of resumes. Among them stood out an applicant named Kyle, whose credentials seemed impeccable:

Dina Temple-Raston [02:14]: "And one stood out from someone named Kyle. He had a degree from the Hong Kong University of Science and Technology. Check. In Atlanta. Address, check. Impeccable coding credentials. Check, check, check."

Kyle seamlessly navigated the HR process, aced interviews, and was promptly hired. However, an unusual request raised initial suspicions:

Dina Temple-Raston [02:48]: "Then he sailed through the HR process, the interviews, smooth phone zoom, no red flags. And then he happily signed the job offer... Kyle asked KnowBe4 to send the laptop to a different state from the one on his employment form. Odd."

Despite this red flag, the company proceeded, embracing the norm of remote work.

Discovery of Malicious Activity: The First Red Flag

The night before Kyle's first day, KnowBe4's security systems detected unusual activity from his newly issued laptop:

Dina Temple-Raston [05:30]: "And when the malware was starting to run on that new laptop, they could see that too. And this malware, it wasn't subtle..."

The malware was actively searching for credentials and sensitive data, indicating a deliberate attempt to infiltrate the company's network. Initially, the team considered that Kyle's laptop might have been compromised before his employment—a concerning but plausible scenario.

Brian Jack recounts the immediate response:

Brian Jack [06:08]: "Our first instinct was to reach out to the individual and ask them what was going on."

An interaction on Slack revealed that Kyle was experiencing technical issues with his router, but his explanations began to fall apart when inconsistencies emerged, such as discrepancies in his marital status:

Dina Temple-Raston [07:22]: "He said his wife was having heart trouble and he needed to take her to the hospital. Only problem was, on all his forms, Kyle had listed himself as single. It was one red flag too many."

Facing mounting evidence, KnowBe4 decided to terminate Kyle's employment and secure the compromised laptop. However, suspicions lingered, prompting the company to seek external expertise.

Investigation and Revelation: Unmasking the North Korean Operative

To uncover the truth behind Kyle's activities, KnowBe4 enlisted the help of Google's Mandiant, a leading cybersecurity firm. The case was assigned to Michael Barnhart, a specialist in tracking North Korean Advanced Persistent Threats (APTs):

Michael Barnhart [09:07]: "I also go by Barney, and I do a lot of the North Korean operations over at Mandiant."

Barnhart's investigation revealed a startling truth: Kyle was not a legitimate software engineer from Atlanta but a North Korean IT agent designed to infiltrate the company. This revelation was part of a broader pattern of North Korean cyber operations aimed at evading global sanctions and funding the regime's activities.

North Korea's Cyber Operations: Strategies and Tactics

Barnhart provides an in-depth analysis of North Korea's covert IT strategies:

Michael Barnhart [13:15]: "You have Cambodia, Laos, even all the way as far out as Africa... They have their 'laptop farms' where individuals manage multiple devices to maximize revenue."

North Korea employs sophisticated methods to disguise their operatives, often using fake identities and leveraging the dark web to acquire necessary documents. They also utilize "laptop farms," where individuals manage numerous devices simultaneously, making it difficult to trace illicit activities back to the regime.

These operatives typically target tech-centric roles such as coders and animators, which can be performed remotely without the need for physical presence in an office. This flexibility allows them to juggle multiple jobs, increasing the flow of funds back to North Korea while minimizing detection risks.

Barnhart also highlights the use of automation and AI:

Michael Barnhart [13:41]: "They’re leaning into scripting, you see them leaning to automation and AI to help... making little tiny bots of themselves to go do work at these other places."

This automation enables operatives to maximize their efficiency and revenue streams without drawing suspicion.

Company's Response and Preventive Measures

In the wake of the Kyle incident, KnowBe4 implemented stringent measures to prevent future infiltrations. Brian Jack explains the new protocols:

Brian Jack [19:02]: "Now you guys have been provided the tools. You know what to look out for. You know, this is a thing. You're all fired if it happens again."

The company now scrutinizes resumes more meticulously, looking for patterns indicative of North Korean operatives, such as unusual email formats and repetitive keywords:

Brian Jack [19:08]: "There's kind of these email addresses that you can tell the format, or they'll use certain keywords like cool or ninja or.dev or then they add some numbers at the end..."

Additionally, KnowBe4 checks metadata and location tags in applicant images to spot signs of manipulation or falsification. This proactive approach has already led to the identification of several suspicious applicants, without proceeding to interviews.

Broader Implications: National Security and Beyond

The episode underscores the national security risks posed by such covert operations. FBI Special Agent Ashley Johnson discusses the broader impact:

Ashley Johnson [18:11]: "It could impact our national security if we have money going back to another government that forms any type of program or funds any type of program that could then be used against us adversarially."

The Kyle incident is emblematic of a larger scheme, where North Korea's cyber activities have led to significant financial losses and threats to national security. The FBI's recent cases involving hundreds of companies and millions of dollars highlight the pervasive nature of this threat.

Conclusion: Vigilance in the Digital Age

The Click Here episode concludes by emphasizing the evolving landscape of cybersecurity and the necessity for companies to remain vigilant. As remote work continues to offer flexibility, it also opens doors for sophisticated cyber infiltrations by state-sponsored actors. Brian Jack and Michael Barnhart advocate for continuous monitoring, advanced security protocols, and informed hiring practices to combat these hidden threats.

Key Takeaways

North Korea employs covert IT operatives to infiltrate companies, leveraging fake identities and automation.
These operatives target remote, tech-centric roles to maximize revenue streams while avoiding detection.
Companies must adopt stringent hiring practices and advanced cybersecurity measures to identify and prevent such infiltrations.
The broader implications of these operations pose significant national security risks, necessitating coordinated efforts between private entities and governmental agencies.

Through a compelling narrative and expert insights, this episode of Click Here highlights the intricate web of modern cyber threats and the imperative for robust defenses in the digital era.

Loading summary

Transcript86 lines

[00:03]
Dina Temple Raston
From Recorded Future News and prx, this is. Click here. Finding the right employee can be like searching for a needle in a haystack. You craft the perfect job description. You brace yourself for the flood of resumes, some sparkling with promise, others maybe not so much.
[00:30]
Michael Barnhart
And.
[00:30]
Dina Temple Raston
And then begins the painstaking process of interviews, follow ups, gut checks. Even at the best of times, it can be exhausting. And Brian Jack went through all that last summer. He's the chief Information security officer at KnowBe4. It's a cybersecurity training company.
[00:48]
Brian Jack
We were hiring for a principal software engineer that was gonna be writing code and applications on our IT team. Someone who was able to have lots of experience in writing full stack code.
[01:04]
Dina Temple Raston
Full stack code? Basically that means being able to write both the part of the application that a user sees or interacts with and the backend, the database and the logic that underpins it.
[01:16]
Brian Jack
So we needed someone who was familiar with infrastructure as code, CI, cd, pipelines, good software engineering practices, and they could mentor other software engineers.
[01:31]
Dina Temple Raston
So someone with technical expertise and leadership. It's a tough combination. Some might call it a unicorn. But here's the thing about unicorns. They don't exist. Or do they?
[01:47]
Brian Jack
It was a pretty senior role. It paid really well.
[01:52]
Dina Temple Raston
Not just someone senior, someone rare.
[01:55]
Brian Jack
Right? It's not that you can find someone with the level of skill set in every resume.
[02:02]
Dina Temple Raston
So they posted the job and then thousands of resumes came in.
[02:07]
Brian Jack
We get a couple thousands of resumes per job posting.
[02:14]
Dina Temple Raston
And one stood out from someone named Kyle. He had a degree from the Hong Kong University of Science and Technology. Check. In Atlanta. Address, check. Impeccable coding credentials. Check, check, check.
[02:28]
Brian Jack
We are thinking that this guy was going to make a really great employee, a great fit.
[02:33]
Dina Temple Raston
And he sailed through the HR process, the interviews, smooth phone zoom, no red flags. And then he happily signed the job offer, filled out all the paperwork, and the team from know before was well excited. Then they shipped him out a laptop. Though when they shipped it out, there was this one small thing. Kyle asked know before to send the laptop to a different state from the one on his employment form. Odd. But then again, remote work is nomadic, so all systems go. Yay. And then the night before Kyle's first day, around 9pm, an alert sounds on the KnowBe4 network. Something weird was coming into the system from what looked like Kyle's computer. Someone was trying to run code on that new laptop. And it wasn't just any code. It was malicious code. All of a sudden, what started as a routine hire was anything I'm Dena Temple Rastin, and this is Click Here, a podcast about all things cyber and intelligence. We tell true stories about the people making and breaking our digital world. And today, an employment story, but not the usual kind. These candidates ace the interviews. They land the jobs, they log in like everyone else. But they're not just here to work. They have another boss, and he runs North Korea. Stay with us. Click Here is brought to you by Progressive Insurance. Do you ever find yourself playing the budgeting game? Well, with the name your price tool from Progressive, you can find options that fit your budget and potentially lower your bills. Try it@progressive.com Progressive Casualty Insurance Company and affiliates Price and coverage match limited by state law. Not available in all states. This is Click Here. Brian Jack says knowbefore is pretty careful about the computers they ship to employees.
[05:10]
Brian Jack
When we send our laptops out, they come with our full security software package installed.
[05:19]
Dina Temple Raston
So from the moment the computer arrives at its destination and boots up, the folks at KnowBe4 can see what the computer is up to.
[05:27]
Brian Jack
Our security software is already monitoring what is going on.
[05:30]
Dina Temple Raston
So when Kyle logged on, they could see that. And when the malware was starting to run on that new laptop, they could see that, too. And this malware, it wasn't subtle. They could see it searching, scanning for credentials, users, passwords, looking for the kinds of things that hackers look for when they're trying to pry open a company's network.
[05:52]
Brian Jack
We don't like to jump to conclusions because you'll end up going down a rabbit hole.
[05:58]
Dina Temple Raston
So they began by giving Kyle the benefit of the doubt. Maybe the poor guy's laptop was compromised before he even started. Not exactly the welcome gift you'd want from a new employer.
[06:09]
Brian Jack
So our first instinct was to reach out to the individual and ask them what was going on. So we opened up Slack, and the lead of the security operations center reached out to that user and asked them what was going on.
[06:27]
Dina Temple Raston
Yeah, sorry, Kyle replied. Just trying to troubleshoot this router. The security team gathered on Slack.
[06:34]
Brian Jack
We have an investigations war room that we can fire up when we have an incident.
[06:41]
Dina Temple Raston
And they began spitballing a bunch of possible explanations for what they were seeing. And minutes go by. Sorry for the confusion. Kyle writes in Slack. I'm not sure what's going on, so know before's IT guys do what IT guys do best. The thing we love about IT guys, they offered to take a look.
[07:02]
Brian Jack
Well, let us help you, you know, what is your router? What are you trying to configure? What's going on at this point? If you were, you know, not a spy or a fraud, you would have, of course, accepted this help with open arms. But in this case, this is where he started to shut down.
[07:23]
Dina Temple Raston
Kyle said that he was following the router guide. Maybe the link was just bad.
[07:28]
Brian Jack
And when we asked him to provide us the link or provide the guide to be helpful or to hop on a quick voice chat or video chat to help them, that's when we stopped getting responses.
[07:41]
Dina Temple Raston
He did finally reply later that night with an apologetic message. He couldn't onboard the next day as planned. He said his wife was having heart trouble and he needed to take her to the hospital. Only problem was, on all his forms, Kyle had listed himself as single. It was one red flag too many.
[08:01]
Brian Jack
And I said, lock the machine.
[08:03]
Dina Temple Raston
Lock the machine. As Brian's team dug deeper, the pieces started falling into place. The malicious code wasn't coming from outside the company.
[08:16]
Brian Jack
It.
[08:17]
Dina Temple Raston
It was coming from Kyle's machine. Which meant this wasn't an external attack. Kyle, whoever he was, was the attack. The next morning, HR sent Kyle a notice. They said he was fired. And they also asked for his company laptop back. And they kind of assumed that was gone. After all, it was evidence. But then Kyle surprised them again.
[08:40]
Brian Jack
He didn't argue, and they said, no problem. Where should we send it?
[08:45]
Dina Temple Raston
For all the trouble Kyle had caused, he clearly didn't want to add theft of corporate property to the list.
[08:51]
Brian Jack
These laptops aren't cheap. Two, three thousand dollars. That's grand theft.
[08:55]
Dina Temple Raston
But Brian didn't leave it there. He wanted backup to figure out what really was going on. So they called in some experts, Google's Mandiant. And the case landed on the desk of a guy named Michael Barnhart.
[09:08]
Michael Barnhart
I also go by Barney, and I do a lot of the North Korean operations over at Mandiant.
[09:13]
Dina Temple Raston
Michael's job is hunting the world's most elusive hackers, like North Korea's apts. APT Advanced Persistent Threat. It's a fancy way of saying nation state hacker. And Michael had a unique way of keeping track of them all. He tattoos their names on his body. Specifically, his foot.
[09:34]
Michael Barnhart
I got a tattoo of the Apt 43. I got that on my foot with our unit name on it. And I'll keep doing it on my. This one foot is dedicated to North Korean pts, apparently.
[09:47]
Dina Temple Raston
Okay. Nothing like an ankle of justice, I always say. Michael and his angle of justice took a deep dive into Kyle's laptop, analyzed the malware, and came back with a bombshell. Kyle wasn't A coder from Atlanta.
[10:03]
Brian Jack
He told Brian, you guys, you actually hired a guy from North Korea. Everybody's mind was blown.
[10:13]
Dina Temple Raston
They guessed that Kyle was up to something fishy, but they hadn't even begun to imagine that he might be North Korean. This was just the beginning of their questions. Then who exactly was Kyle? He didn't appear to be North Korean in their interviews. And why would their relatively small company be targeted for something like this? It turned out they weren't alone.
[10:37]
Brian Jack
A US Citizen in North Carolina is accused of working with North Korea.
[10:41]
Michael Barnhart
Nashville, Maine is accused of trying to help North Korea.
[10:44]
Dina Temple Raston
An Arizona woman has been indicted in.
[10:46]
Michael Barnhart
A series of complex identity theft cases, generating money for the North Korean government.
[10:53]
Dina Temple Raston
It's a whole program dreamed up by Pyongyang to get around sanctions and funnel money and stolen data back to the regime. And the sanctions aren't just a US Thing. Even the United nations bans member states from hiring North Korean workers because the Security Council says the government uses these workers to raise money for North Korean Kim Jong Un's weapons program. When we come back, we'll explain how this scam works. Stay with us.
[11:28]
Brian Jack
You come to the New Yorker Radio Hour for conversations that go deeper with people you really want to hear from, whether it's Bruce Springsteen or Questlove or Olivia Rodrigo, Liz Cheney or the godfather of artificial intelligence, Geoffrey Hinton, or some of my extraordinarily well informed colleagues at the New Yorker. So join us every week on the New Yorker Radio Hour wherever you listen.
[11:51]
Dina Temple Raston
To podcasts from recorded future news. This is Click here. I'm Dina Temple. Rest. While being on the receiving end of a North Korean hacking scheme seems surreal to Brian and his team@KnowBe4. To Michael Barnhart at Mandiant, it all made perfect sense. North Korea has been strangled by global sanctions for years, so they've devised all these workarounds, including running a whole secret undercover IT workforce post Covid. There are still lots of people working remotely, which is great if you know your employees and have met him, but leaves companies vulnerable to fraudsters or North Koreans who might not be so honest.
[12:49]
Michael Barnhart
You can find on these leak sites on dark web. You know, all these different passports, all these different driver's license, you know, they go there and then they'll start altering those. This is a criminal enterprise, so you got to think of it like a mob movie at times. You know, you have the guy, you got the getaway driver, and you've got the English speaker and you've got the resume builder. It's everyone has these different parts to play.
[13:16]
Dina Temple Raston
Sometimes they get help from a real human outside of North Korea, a Westerner who's willing to act like they're applying for a job in exchange for a kickback. Once the North Koreans land the work, Michael says the North Koreans tend to go for tech gigs, things like animators or coders, because you don't need to be in an office to do them. And you can juggle multiple jobs and no one's the wiser.
[13:42]
Michael Barnhart
We see guys with up to five, six, seven jobs, and they're holding all at once. And you see them lean into scripting, you see them leaning to automation and AI to help. You know they're making little tiny bots of themselves to go do work at these other places.
[13:57]
Dina Temple Raston
Yes, little AI assistants, little digital minions helping them scale up and collect more paychecks. It's a numbers game. The more jobs you land, the more money flows back to North Korea and the happier you make the Supreme Leader. If you've ever wondered how a country that can't even feed its own people can afford such a sophisticated missile program, it's partly because of schemes like this. Kim uses money from their many kyles to pay for it all. As a general matter, there are two ways these North Korean IT warriors get hired. Sometimes they apply directly with fake names and stolen identities, like we talked about before. Mandiant reviewed some of their resumes, and they do look like they belong to someone you'd want to hire, which, of course, is the point. There are glowing testimonials from CEOs who never wrote them, images swiped from unsuspecting LinkedIn profiles, lengthy lists of hard to find skills. And then there's this second approach. Find an American, maybe somebody struggling to find a job, and turn them into a kind of Trojan IT guide that makes it look like these North Korean workers are actually working from someplace local, like North Carolina or Georgia.
[15:17]
Michael Barnhart
It definitely needs to look like it's coming from where I said I lived. I'm gonna purchase a person. I'm gonna recruit them on xyz, you know, job platform. Say, hey, I'll give you a couple thousand bucks. I need you to sit in on meetings randomly.
[15:30]
Dina Temple Raston
This isn't a tough job. Basically, it just requires this facilitator to keep a laptop running. Lots of laptops, actually. They even have a name for this. It's called a laptop farm.
[15:42]
Michael Barnhart
A guy can sit there and plug in 10, 12, 90 laptops, in some cases, into his house. And then for every laptop, you know, you get $500.
[15:51]
Dina Temple Raston
It's easy to imagine. Someone just has to set up these laptops that companies like know before send their new remote kyles for work, and then they get software that makes it look like the mouse is always moving so it looks like someone is working around the clock. And Bob's your uncle. And that's probably how it happened. At know before, an IT guy calling himself Kyle applied. Maybe he was in the U.S. maybe he wasn't. But chances are he had help. An American facilitator, someone running one of those laptop farms. And here's the kicker. These people who are running these laptop farms might not even know they're working for North Korea. To them, it's just easy money.
[16:34]
Michael Barnhart
There's a predetermined agreement saying, hey, you get this much. So anytime a paycheck came in for $1,200, he's like, all right, I'm gonna take 120 out of that, and then the rest of it will magically disappear. It's been funneled back.
[16:45]
Dina Temple Raston
But it's not just about cash. These IT hires often get access to sensitive company information, data that can be sold on the dark web or used by North Korean hackers to extort money from these unsuspecting companies. And these workers, they're not always sitting in North Korea.
[17:03]
Michael Barnhart
And it's not just Russia and China. You have Cambodia, Laos, even all the way as far out as Africa.
[17:09]
Dina Temple Raston
Sanctions make it harder for North Korea to move money, so they typically route it through places with fewer restrictions, places with better Internet, more layers to hide the trail. And sometimes these workers aren't even willing participants to. All of this they're forced to do.
[17:27]
Michael Barnhart
Really is kind of a, you know, a modern day indentured servant type of situation that they have. Because these guys, I mean, they're not happy. They don't seem like they're having a very good life. A lot of them, it seems very, very stressful. They're working all hours of the night. It's kind of sad.
[17:46]
Dina Temple Raston
Know before is just one of many companies unwittingly caught up in this North Korean program. One case brought by the FBI last year involved 300 companies and 60 stolen identities. It all happened over six years, and some $90 million was rerouted to North Korea. FBI Special Agent Ashley Johnson said it isn't just a hacking operation.
[18:12]
Brian Jack
It could impact our national security if we have money going back to another government that forms any type of program or funds any type of program that could then be used against us adversarially.
[18:23]
Dina Temple Raston
This is Agent Johnson speaking at a news conference announcing the indictments. And she says that any company that hires remote IT workers should be concerned.
[18:33]
Brian Jack
More likely than not, you have hired or at least interviewed a North Korean national working behalf of the North Korean government.
[18:44]
Dina Temple Raston
Nine months after know before's brush with Kyle, Brian says there's been a bit of a crackdown.
[18:50]
Brian Jack
So our CEO told the hiring team, listen, now you guys have been provided the tools. You know what to look out for. You know, this is a thing. You're all fired if it happens again.
[19:02]
Dina Temple Raston
And Brian says now he knows what to look for. The telltale signs of a North Korean on the make.
[19:09]
Brian Jack
There's kind of these email addresses that you can tell the format, or they'll use certain keywords like cool or ninja or.dev or then they add some numbers at the end, like they will add either a date, like 1957. It's just you'll start to see that there's a pattern where those terms are used more frequently in North Korean IT workers.
[19:34]
Dina Temple Raston
And if the applicants include images, he checks the metadata, location tags, little telltale signs of Photoshop. And using this new approach, he actually just spotted a suspicious applicant a few weeks ago. He decided to interview the guy just to see what he could learn. And he shared the recording of the interview with us.
[19:55]
Brian Jack
I feel true alignment with what your team is doing. Yeah. And I also operate sharing the company's culture.
[20:04]
Dina Temple Raston
I have strong alignment with your team. I appreciate the company culture. Charming, if a bit robotic. Then Brian asks them how they feel about using AI for security. And the answer, as I can say.
[20:17]
Brian Jack
I can say I'm a big fan of OpenAI.
[20:20]
Dina Temple Raston
I'm a big fan of OpenAI. Brian is still getting those suspicious resumes.
[20:28]
Brian Jack
They have brought two or three to me in the last couple of months and said, we're not going to interview this person. But just so you know, I think this resume that I just looked at is North Korean IT worker. And I'll go and I'll look at it and I'll confirm it and I'll be like, you guys, you got it. Like you're dialed in now. This is excellent.
[20:49]
Dina Temple Raston
Hiring used to just be about finding the right candidate. Now it's also about spotting the ones who aren't really candidates at all. This is Click here.
[21:12]
Zach Hirsch
If you're looking for a daily guide to cybersecurity news and policy, sign up for the Cyber Daily from Recorded Future News. It serves up today's most interesting and important cyber stories from our sister publication the Record, and then aggregates all of the big cyber stories you might have missed from news outlets around the world. Just go to the Record Media and click on Cyber Daily to get all you need to know about the world of cybersecurity right in your inbox.
[21:41]
Dina Temple Raston
Today is Tuesday, March 4th, and here are some of the top cyber and intelligence stories of the past week. Secretary of Defense Pete Hegseth has ordered US Cyber Command to stop all cyber operational planning against Russia. That was first reported by Martin Matoshak at our sister publication the Record. For years now, Russia has been launching cyber operations against the US and its longtime allies. The new order from Hegseth to stand down comes as President Donald Trump appears to be changing US Policy toward Russia and re establishing ties with Russian President Vladimir Putin. The order came before the fiery back and forth between Trump Vice President J.D. vance and Ukrainian President Volodymyr Zelensky.
[22:30]
Brian Jack
You got to be more thankful because let me tell you, you don't have the cards. With us you have the cards, but without us you don't have any cards.
[22:39]
Dina Temple Raston
It's unclear if NSA operators have to stop their collection on Russia, too.
[22:45]
Brian Jack
Crypto exchange Bybit says that it fully.
[22:47]
Dina Temple Raston
Recovered after falling victim to the largest crypto heist on record. Last week, the cryptocurrency exchange Bybit revealed that hackers had managed to to steal some $1.4 billion worth of Ethereum based assets, a heist that may make the theft the largest in crypto history. The FBI has said that North Korean hackers are behind it and managed to plant malware that allowed them to steal the money. The crypto tracing firm TRM Labs said last week that some $400 million in those funds may have already been successfully laundered and liquidated. A suspected Belarusian state backed hacking group is behind a cyber espionage campaign targeting Ukrainian military and government officials. That's according to a new report. Researchers from the cybersecurity firm Sentinel One say they've linked the operation to the Ghost Rider hacking group, the report published on Tuesday. It doesn't specify the goal of the campaign, but ghostrider is primarily known for cyber espionage and is closely tied to the Belarusian intelligence agency. In the past, it has targeted government, military and civilian entities in Ukraine and Europe. And finally, the end of an era. After 14 years of that familiar ring, Microsoft has decided to pull the plug on Skype. Before there was FaceTime and Zoom and WhatsApp calls, Skype allowed the world to make voice and video calls over the Internet and it changed the way the world communicated because it was connecting people around the world when international calls were still really expensive. Skype will shut down in May and will be replaced by Microsoft Teams. Skype users will be able to seamlessly roll their contacts into teams when it actually happens. Bye Skype. We'll miss you.
[25:02]
Karen Duffin
Today's episode was produced by Zach Hirsch, Megan Dietre, Erica Gaeda, Sean Powers, and Dina Temple Raston. It was edited by Karen Duffin, Fact Checked by Darren Ankrum, and contains original music by Ben Levingston with some other music from Blue Dot Sessions. Our staff writer is Lucas Riley and our illustrator is Megan Gough. Martin Peralta is our sound designer and engineer. Click Here is a production of Recorded Future News and prx. Tune in on Friday for Mic Drop, which features our favorite interview of the week. We'll have a new episode of Click Here on Tuesday. We'll see you then.
[25:58]
Zach Hirsch
Looking for more of the cybersecurity and intelligence coverage you get on Click Here? Then check out our sister publication the Record from Recorded Future News. You'll get breaking cyber news from reporters in New York, Washington, London and Kyiv, among others. And you'll see for yourself why it attracts hundreds of thousands of page views every month. Just go to the Record Media.