Industry News: ESG5

2025-10-07

TechCrunch: Hackers working for the North Korean government have stolen more than $2 billion in crypto so far this year, according to blockchain analysis firm Elliptic. 

Read more...

2025-07-01

Cointelegraph: Four North Korean nationals were charged in the state of Georgia with wire fraud and money laundering after posing as remote IT workers at US and Serbian blockchain companies and stealing almost $1 million in crypto, prosecutors said.

Read more...

The Target: ​ Western Alliance is a wholly owned subsidiary of Western Alliance Bancorporation, a leading U.S. banking company with over $80 billion in assets.

The Take: An analysis of the stolen files concluded on February 21, 2025, and found they contained customer personal information, including names and Social Security numbers, as well as their dates of birth, financial account numbers, driver's license numbers, tax identification numbers, and/or passport information if it was provided to Western Alliance.

The Vector: The bank first revealed in a February SEC filing that the attackers exploited a zero-day vulnerability in the third-party software (disclosed by the vendor on October 27, 2024) to hack a limited number of Western Alliance systems and exfiltrate files stored on the compromised devices.

This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.

Read more...