IT Worker Scam Expands to Healthcare, Finance Industries

Cyber Security News by CyberSum.net

Published on October 1, 2025 at 06:04 PM

3 sources

An illicit IT worker scheme aligned with a sanctioned nation-state is expanding beyond the technology sector, now targeting remote jobs in healthcare, finance, and government. Security researchers have tracked fraudulent identities used in thousands of job interviews, revealing that nearly half of the targeted companies are outside of IT. While the primary motive is generating revenue, these operations also pose a risk of data theft, extortion, and ransomware. The campaign shows a growing interest in roles with access to sensitive data, such as AI development, patient records, and financial processing systems. This evolution indicates a mature and widespread threat to any organization hiring for remote positions.

Also Read

Google Gemini Flaws Allowed AI-Powered Data Theft

Researchers have disclosed three now-patched vulnerabilities in Google's Gemini AI assistant that could have enabled data theft and privacy breaches. Dubbed the "Gemini Trifecta," the flaws allowed attackers to use indirect prompt injection to steal sensitive user information, including saved data and location. The vulnerabilities affected Gemini Cloud Assist, its Search Personalization Model, and its Browsing Tool. Attackers could inject malicious instructions into logs or a user's search history, which Gemini would later execute. These commands could then force the AI's browsing tool to exfiltrate the stolen data to an attacker-controlled server, demonstrating how AI systems themselves can become attack vectors.

By Cyber Security News by CyberSum.netOctober 1, 2025 at 06:04 PM