Oracle has paid $23 million to the US Securities and Exchange Commission to settle corruption charges that subsidiaries in Turkey, United Arab Emirates and India used "slush funds" to bribe foreign officials to win business. The Register reports: The SEC said on Tuesday that Big Red violated provisions of the Foreign Corrupt Practices Act (FCPA) during a three-year period between 2016 and 2019. The cash that was apparently surreptitiously set aside was also spent on paying for foreign officials to attend technology conferences, which breaks Oracle's own internal policies and procedures. And the SEC said that in some instances, it found Oracle staff at the Turkish subsidiary had spent the funds on taking officials' families with them on International conferences or side trips to California.

"The creation of off-books slush funds inherently gives rise to the risk those funds will be used improperly, which is exactly what happened here at Oracle's Turkey, UAE, and India subsidiaries," said Charles Cain, FCPA unit chief at the SEC. "This matter highlights the critical need for effective internal accounting controls throughout the entirety of a company's operations," he added. Oracle, without admitting or denying the findings of the SEC's investigation, has agreed to "cease and desist from committing violations" of the anti-bribery, books and records, and internal accounting controls of the FCPA, said the Commission.

A group of more than a dozen companies launched an organization to advocate for less-restrictive software licensing rules, targeting cloud providers like Microsoft, whose contract policies have been under fire from rivals, customers and lawmakers. From a report: The Coalition for Fair Software Licensing argues that software agreements need to be more flexible and predictable for customers, including allowing the use of cloud services and programs from different providers. "Cloud customers around the world have long been subjected to repeated financial harm as a result of legacy providers' restrictive software licensing practices," said Ryan Triplette, executive director of the new association, which was announced on Tuesday. The group's member companies, coming from industries including health care, financial services and technology, are remaining anonymous for now due to fear of retaliation, she said in an interview. Microsoft, Oracle and other software giants have been criticized by competitors and clients for limiting the interoperability of products and services, sometimes making it more expensive to use them with rival offerings or prohibiting it entirely.

A new privacy class action claim (PDF) in the U.S. alleges Oracle's "worldwide surveillance machine" has amassed detailed dossiers on some five billion people, "accusing the company and its adtech and advertising subsidiaries of violating the privacy of the majority of the people on Earth," reports TechCrunch. From the report: The suit has three class representatives: Dr Johnny Ryan, senior fellow of the Irish Council for Civil Liberties (ICCL); Michael Katz-Lacabe, director of research at The Center for Human Rights and Privacy; and Dr Jennifer Golbeck, a professor of computer science at the University of Maryland -- who say they are "acting on behalf of worldwide Internet users who have been subject to Oracle's privacy violations." The litigants are represented by the San Francisco-headquartered law firm, Lieff Cabraser, which they note has run significant privacy cases against Big Tech. The key point here is there is no comprehensive federal privacy law in the U.S. -- so the litigation is certainly facing a hostile environment to make a privacy case -- hence the complaint references multiple federal, constitutional, tort and state laws, alleging violations of the Federal Electronic Communications Privacy Act, the Constitution of the State of California, the California Invasion of Privacy Act, as well as competition law, and the common law.

It remains to be seen whether this "patchwork" approach to a tricky legal environment will prevail -- for an expert snap analysis of the complaint and some key challenges this whole thread is highly recommended. But the substance of the complaint hinges on allegations that Oracle collects vast amounts of data from unwitting Internet users, i.e. without their consent, and uses this surveillance intelligence to profile individuals, further enriching profiles via its data marketplace and threatening people's privacy on a vast scale -- including, per the allegations, by the use of proxies for sensitive data to circumvent privacy controls.

Cisco Systems CEO Chuck Robbins told managers earlier this month that the networking hardware pioneer would increase its operating expenses $1 billion over the next 12 months, in part to raise employee pay to stem a rise in departures, The Information reported Friday, citing a person with direct knowledge of the situation. From a report: Robbins made the surprising comment after the company's revenue growth flatlined in the quarter that ended in July and following a 12-month period in which Cisco shrank its operating expenses as its free cash flow fell. The company didn't discuss Robbins' plan in its quarterly earnings report or conference call on Wednesday.

Cisco's move may seem unusual, given the belt-tightening happening almost everywhere else in the tech sector. Most major technology companies, including Google, Meta Platforms and Oracle, are freezing hiring, laying off employees or cutting contractors and extraneous projects as their growth slows. At the same time, these companies face enormous pressure to retain employees in a tight labor market after some workers have expressed concerns about their pay amid rising inflation. Earlier in the year, before macroeconomic conditions deteriorated further, managers' concerns about employee turnover prompted Microsoft and Amazon to announce broad pay increases.

Oracle has begun vetting TikTok's algorithms and content moderation models to ensure they aren't manipulated by Chinese authorities, Axios reported Tuesday. From the report: The effort is meant to provide further assurance to lawmakers that TikTok's U.S. platform operates independently from influence by the Chinese Communist Party. TikTok is owned by Chinese tech giant ByteDance. ByteDance bought the U.S. lip-syncing app Musical.ly in 2017 and merged it with its version of a similar app called TikTok. The app has since skyrocketed in popularity in the U.S.

After layoffs at Oracle, Business Insider spoke to current and former employees, learning that some marketing teams reportedly saw their headcount "slashed by anywhere from 30% to 50%."

One former marketing employee complained that "It's just a horrible environment left. It's complete chaos...." "The common verb to describe Oracle's Advertising and Customer Experience team is that they were obliterated," said a person who works at Oracle. Insider was unable to determine exactly how many ACX employees were cut, but one person familiar said it may have reached 80% of the division... "There's no marketing anymore," a senior marketing leader who was laid off on Monday told Insider. "We're not even supposed to say we're in marketing because there is no marketing division...." One recently laid off marketing leader told Insider that their team was cut in half, and no successor has been appointed to take their place. "My team is texting me; they still have no idea who they work for," the person said. "No one told them I was gone, so they're just floating in the wind...."

While the company is known for cutting workers every year, some employees said they were shocked by how many senior, experienced, and high-performing staffers were let go on Monday. For example, Oracle's code base is so complicated that it can take years before engineers are fully up to speed with how everything works, and workers with over a decade of experience were cut, some employees said.

Other employees who were laid off in recent months have said they're furious they were cut before their restricted stock units were scheduled to vest, costing them tens of thousands of dollars in expected compensation. "It's just deplorable," said a recently-laid off marketing leader whose primary compensation package included stock. "I know there were people on medical leave laid off. I know people on parental leave that were laid off."
The article points out that in June Oracle also reported $191 million on restructuring costs for the previous fiscal year — and another $431 million for the year before. ("Oracle did not respond to requests for comment from Insider at the time of publication.")

A recently laid-off marketing employee told the site that "We've been kind of working like zombies the last couple of weeks because there's just this sense of 'What am I doing here?"

Thanks to long-time Slashdot reader SpzToid for sharing the article.

Oracle has started to lay off employees in the United States, The Information said on Monday, citing a person with direct knowledge of the matter. Reuters reports: The publication in July reported that Oracle was considering cutting thousands of jobs in its global workforce after targeting cost cuts of up to $1 billion. The company had about 143,000 full-time employees as of May 31, according to its latest annual report. The layoffs at Oracle will affect employees at its offices in the San Francisco Bay Area, Monday's report said, but it did not mention the number of employees affected. The report also said layoffs in Canada, India and parts of Europe were expected in the coming weeks and months.

Microsoft is rallying other big-name cloud-computing providers such as Alphabet's Google and Oracle to press the U.S. government into spreading its spending on such services more widely, taking aim at Amazon's dominance in such contracts. From a report: The software giant has issued talking points to other cloud companies aimed at jointly lobbying Washington to require major government projects to use more than one cloud service, according to people familiar with the effort and a document viewed by The Wall Street Journal. Microsoft also approached VMware, Dell, IBM and HP said the people familiar with the effort. It hasn't yet asked Amazon to join the loose alliance, the people said.

Amazon dominates the cloud-infrastructure industry with a 39% share of the 2021 global market ahead of Microsoft at No. 2 with a 21% share, according to research firm Gartner Inc. Amazon looms even larger in the business of selling cloud services to governments. Amazon's cloud had a 47% share of the 2021 U.S. and Canada public-sector market orders, ahead of 28% for Microsoft, according to Gartner. The National Security Agency last year picked Amazon as the sole vendor for a cloud contract that could be worth potentially as much as $10 billion over the next decade, renewing an existing business relationship.

Cloud services and servers hosted by Google and Oracle in the UK have dropped offline due to cooling issues as the nation experiences a record-breaking heatwave. From a report: When the mercury hit 40.3C (104.5F) in eastern England, the highest ever registered by a country not used to these conditions, datacenters couldn't take the heat. Selected machines were powered off to avoid long-term damage, causing some resources, services, and virtual machines to became unavailable, taking down unlucky websites and the like.

Multiple Oracle Cloud Infrastructure resources are offline, including networking, storage, and compute provided by its servers in the south of UK. Cooling systems were blamed, and techies switched off equipment in a bid to prevent hardware burning out, according to a status update from Team Oracle. "As a result of unseasonal temperatures in the region, a subset of cooling infrastructure within the UK South (London) Data Centre has experienced an issue," Oracle said on Tuesday at 1638 UTC. "As a result some customers may be unable to access or use Oracle Cloud Infrastructure resources hosted in the region.

"A growing number of cities and towns all over the U.S. are handing out cash grants and other perks aimed at drawing skilled employees of faraway companies to live there and work remotely," reports the Wall Street Journal: A handful of such programs have existed for years, but they have started gaining traction during the pandemic — and have really taken off in just the past year or so. Back in October there were at least 24 such programs in the U.S. Today there are 71, according to the Indianapolis-based company MakeMyMove, which is contracted by cities and towns to set up such programs.

Because these programs specifically target remote workers who have high wages, a disproportionate share of those who are taking advantage of them work in tech — and especially for big tech companies. Companies whose employees have participated in one remote worker incentive program in Tulsa, Oklahoma, include Adobe, Airbnb, Amazon, Apple, Dell, Facebook parent Meta Platforms, Google, IBM, Microsoft, Lyft, Netflix, Oracle and Siemens, according to a spokeswoman for the organization.

Local governments are offering people willing to move up to $12,000 in cash, along with subsidized gym memberships, free babysitting and office space....

A skeptic might ask why local economic development programs are spending funds to subsidize the lives of people who work for some of the most valuable companies in the world. On the other hand, because these remote workers aren't coming to town seeking local jobs, an argument can be made that they constitute a novel kind of stimulus program for parts of the country that have been left out of the tech boom — courtesy of big tech companies... Every remote worker these places successfully attract and retain is like gaining a fraction of a new factory or corporate office, with much less expenditure and risk, argues Mark Muro, who studies cities and labor at the Brookings Institution.
The reporter interviewed an Amazon engineer who moved to Greensburg, Indiana (population: 12,193), and Meta worker David Gora, who moved to Tulsa, Oklahoma and praises its relocation program's sense of mission, possibility, and community. "Even with the pay cuts that Meta has imposed on workers who relocate to areas with a lower cost of living, Mr. Gora is saving a lot more money and has a much higher quality of life than before, he adds."

Tulsa's program is unique in that it's funded by a philanthropic organization rather than a local economic-development budget, the article points out. But it adds that "a study conducted by the Economic Innovation Group and commissioned by Tulsa Remote concluded that for every two people the program brings to the city, one new job is created." By contrast, when an office moves to a town, every new high-wage tech job creates an estimated five more jobs in sectors including healthcare, education and service, according to research by economist Enrico Moretti. That's because those deals involve not only people but the money that goes into building and maintaining facilities, paying commercial property taxes and more.

Still, for towns that don't have the budget to attract a whole office or factory, the modest impact of bringing in a handful of remote tech workers can be balanced by the much smaller investment required to attract them.

Speaking of TikTok moving US users' data to Oracle, a new report says that ByteDance staff in China accessed US TikTok users' data between September 2021 and January 2022. From the report: For years, TikTok has responded to data privacy concerns by promising that information gathered about users in the United States is stored in the United States, rather than China, where ByteDance, the video platform's parent company, is located. But according to leaked audio from more than 80 internal TikTok meetings, China-based employees of ByteDance have repeatedly accessed nonpublic data about US TikTok users -- exactly the type of behavior that inspired former president Donald Trump to threaten to ban the app in the United States.

The recordings, which were reviewed by BuzzFeed News, contain 14 statements from nine different TikTok employees indicating that engineers in China had access to US data between September 2021 and January 2022, at the very least. Despite a TikTok executive's sworn testimony in an October 2021 Senate hearing that a "world-renowned, US-based security team" decides who gets access to this data, nine statements by eight different employees describe situations where US employees had to turn to their colleagues in China to determine how US user data was flowing. US staff did not have permission or knowledge of how to access the data on their own, according to the tapes.

"Everything is seen in China," said a member of TikTok's Trust and Safety department in a September 2021 meeting. In another September meeting, a director referred to one Beijing-based engineer as a "Master Admin" who "has access to everything." (While many employees introduced themselves by name and title in the recordings, BuzzFeed News is not naming anyone to protect their privacy.) The recordings range from small-group meetings with company leaders and consultants to policy all-hands presentations and are corroborated by screenshots and other documents, providing a vast amount of evidence to corroborate prior reports of China-based employees accessing US user data.

TikTok has completed migrating its U.S. users' information to servers at Oracle, in a move that could address U.S. regulatory concerns over data integrity on the popular video app, the company confirmed to Reuters. From a report: The move comes nearly two years after a U.S. national security panel ordered ByteDance to divest TikTok because of fears that U.S. user data could be passed on to China's government.

Shutterfly recently moved its photo libraries to Amazon's cloud division — and became one of the companies that stopped using Oracle for it database management, Bloomberg reports: Businesses are opting to align with newer providers such as MongoDB Inc., Databricks Inc. and Snowflake Inc. instead of Oracle, the sector stalwart, as a result of changes across the enterprise technology landscape.

The move to the cloud is challenging the systems of the past. Newer providers are also making it much easier to adopt their technology directly, alleviating the need for corporate purchasers to negotiate large contracts with salespeople and allowing end users to more easily pick their own tools. Offerings from the newer software makers can also be deployed without large teams of database administrators that are typically needed to support Oracle's products, a cost-saver for organizations that would otherwise have to fight against other businesses for these in-demand engineers. The evidence of the shift is widespread. JPMorgan Chase & Co. chose Cockroach Labs Inc. as the database vendor to support its new retail banking application in Europe. Nasdaq Inc. is working with closely held Databricks and Amazon.com Inc.'s Amazon Web Services, among others, in its quest to upgrade from on-premises Oracle data repositories. Alongside AWS, database products from rival cloud vendors Microsoft Corp. and Alphabet Inc.'s Google Cloud are also growing quickly. And many businesses, like JetBlue Airways Corp. and Automatic Data Processing Inc., are tapping Snowflake to help store and analyze corporate data to power sales dashboards, among other uses....

Collectively, the initiatives are just a small fragment of the estimated $155 billion database market. But it's evidence of a tectonic shift happening within the industry, one that is threatening the leadership status Oracle cultivated over the past 43 years, ever since co-founder Larry Ellison and his team brought to market the first relational database, or one in which information was organized in tables that could be more easily accessed, manipulated and analyzed.... Oracle doesn't disclose financial results specifically for its database business. Much of that revenue comes from providing support and maintenance for existing customers versus new sales. But Oracle's influence is slowly fading. While it owned an estimated 27% of the database market in 2019, that fell to 24% in 2020, per Gartner. In the same time frame, Amazon went from 17% market share to almost 21%.

Oracle declined to comment for this story. Rivals are growing quickly. At MongoDB, for example, sales rose 57% to $285 million in the most recent quarter. Those results, analysts and company executives say, indicate businesses are using MongoDB for increasingly larger projects.... Oracle makes a significant portion of its revenue on existing customers. Every few years, when companies have to renew their contracts, Oracle can raise prices for maintenance and support — a business with margins hovering around 95%, according to Craig Guarente, a 16-year veteran of Oracle who is now CEO and co-founder of consulting firm Palisade Compliance.

"The entire profit of the company comes from Oracle database maintenance," he said. With each contract negotiation, "you go from paying $20 million a year, to $30 million a year, to paying $50 million a year."

The Record reports that the decentralized money market Venus Protocol "announced on Thursday evening about $11 million had been lost due to people exploiting the historic collapse of the Luna cryptocurrency and its sister stablecoin UST." Venus Protocol and several other platforms use Chainlink to provide its users with real-time price estimations of the tokens on its platform that are available for lending and borrowing. But the tool began having issues with Luna on Thursday as the price continued to fall precipitously. "As a result, it was possible to deposit UST and LUNA as collateral and borrow other tokens, with an underpriced collateral valuation...." decentralized finance researcher Vali Dyor explained.
Venus Protocol says they became "aware of errant price behavior for LUNA," and "Upon investigation, it was learned that the price feed had been paused by Chainlink due to extreme market conditions." "The price on Venus was last listed at about $0.107 while the market price was $0.01. In order to de-risk this situation, the protocol was paused using PauseGuardian via multisig. Upon this desyncing event, it was discovered that 2 accounts had suspiciously deposited a sum of 230,000,000 LUNA valued at over $24,000,000. Assets were borrowed totalling around $13,500,000."
Venus Protocol has a "Risk Fund" that will be used to cover the shortfall, the Record reports. But they added that Venus Protocol wasn't the only one having problems: As the price of Luna cratered overnight, exchanges and markets were forced to make difficult choices on how to approach the cryptocurrency. Binance stopped all trading of Luna and UST on its platform but the moves have done little to stop all cryptocurrency values from being depressed across the board.

DeFi platform Blizz Finance announced that it was attacked in the same way Venus Protocol was, but they did not release an estimate on the losses incurred. But they said the protocol was "drained" before it could stop the process.
And then Blizz Finance posted a post-mortem early Sunday morning: Large amounts of LUNA were deposited and used to drain all available lendable assets... Prior to the incident the Chainlink team did attempt to notify us that the oracle would pause, however we did not receive the message in time. We were unaware of Chainlink's minimum price circuit breaker. This behaviour is not mentioned anywhere within Chainlink's documentation...

Blizz has no treasury or development fund and a significant portion of the stolen assets belonged to our team. As such we regret to announce the protocol has been paused and we do not intend to resume operations. We will be shutting down the front-end and closing official communication channels in the coming days....

We are very sorry for the losses incurred by our users. We thank the community for their support on this journey and deeply regret that this is how it came to an end.
They posted one additional detail on Twitter. "We are reaching out to a Chinese community who is believed to have doxxed individuals who participated in the attacks."

An anonymous reader quotes a report from TechCrunch: Google today announced the launch of AlloyDB, a new fully-managed PostgreSQL-compatible database service that the company claims to be twice as fast for transactional workloads as AWS's comparable Aurora PostgreSQL (and four times faster than standard PostgreSQL for the same workloads and up to 100 times faster for analytical queries). [...] AlloyDB is the standard PostgreSQL database at its core, though the team did modify the kernel to allow it to use Google's infrastructure to its fullest, all while allowing the team to stay up to date with new versions as they launch.

Andi Gutmans, who joined Google as its GM and VP of Engineering for its database products in 2020 after a long stint at AWS, told me that one of the reasons the company is launching this new product is that while Google has done well in helping enterprise customers move their MySQL and PostgreSQL servers to the cloud with the help of services like CloudSQL, the company didn't necessarily have the right offerings for those customers who wanted to move their legacy databases (Gutmans didn't explicitly say so, but I think you can safely insert 'Oracle' here) to an open-source service.

"There are different reasons for that," he told me. "First, they are actually using more than one cloud provider, so they want to have the flexibility to run everywhere. There are a lot of unfriendly licensing gimmicks, traditionally. Customers really, really hate that and, I would say, whereas probably two to three years ago, customers were just complaining about it, what I notice now is customers are really willing to invest resources to just get off these legacy databases. They are sick of being strapped and locked in." Add to that Postgres' rise to becoming somewhat of a de facto standard for relational open-source databases (and MySQL's decline) and it becomes clear why Google decided that it wanted to be able to offer a dedicated high-performance PostgreSQL service. The report also says Google spent a lot of effort on making Postgres perform better for customers that want to use their relational database for analytics use cases.

"The changes the team made to the Postgres kernel, for example, now allow it to scale the system linearly to over 64 virtual cores while on the analytical side, the team built a custom machine learning-based caching service to learn a customer's access patterns and then convert Postgres' row format into an in-memory columnar format that can be analyzed significantly faster."

InfoWorld reports that "While still the industry's leading Java distribution, Oracle Java's popularity is half what it was just two years ago, according to a report from application monitoring company New Relic." (With the usual caveat that data from New Relic's report "was drawn entirely from applications reporting to New Relic in January 2022 and does not provide a global picture of Java usage,") The finding was included the company's 2022 State of the Java Ecosystem report, released April 26, which is based on data culled from millions of applications providing performance data to New Relic. Among Java Development Kit (JDK) distributions, Oracle had roughly 75% of the market in 2020, but just 34.48% in 2022, New Relic reported. Not far behind was Amazon, at 22.04%, up from 2.18% in 2020.

New Relic said its numbers show movement away from Oracle binaries after the company's "more restrictive licensing" of its JDK 11 distribution before returning to a more open stance with JDK 17, released in September 2021. Behind Oracle and Amazon were Eclipse Adoptium (11.48%), Azul Systems (8.17%), Red Hat (6.05%), IcedTea (5.38%), Ubuntu (2.91%), and BellSoft (2.5%).

Long-time Slashdot reader slack_justyb writes: IBM announces IBM i (some you of you may know it under the old name of AS/400) 7.5 the first new release in three years since the 7.4 release. One of the big headlines with the IBM i 7.5 announcement is Merlin which stands for the Modernization Engine for Lifecycle Integration....

With the Db2 product, IBM i is now receiving Boolean data types with support for this new type in RPG and JSON environments. Larger Indexes, the previous limit was 1.6TB indexes, that has now been increased to 16TB. And Db2 is now fully compliant with SQL:2016 the most recent publication of the SQL standard, beating Oracle to the punch on full support of the standard. And finally, QSYS2-based functions for using HTTP requests to publish or consume Web services, including the use of embedded SQL in REST services. These are enhanced versions of the functions that were seen in 7.3/7.4 where IBM removed the requirement for a JVM to use SQL to consume web services.
IT Jungle has many more details. Some of the highlights: Merlin provides a lightweight, browser-based development environment for creating new applications or modernizing existing RPG-based application. It's an alternative to Rational Developer for i (RDi) based on Eclipse, which many developers seem to hate. Developed in partnership with ARCAD Software, Merlin comes pre-loaded with tools like Git and Jenkins for DevOps-style code management, as well as an RPG code-converter. It runs in a Linux-based Red Hat OpenShift container running on the Power platform. While it's not technically tied to IBM i version 7.5 or 7.4 TR6, Merlin represents an important change in how IBM is packaging and delivering capabilities for IBM i shops, as well as a recognition that IBM should take a more active role in helping users modernize their codebases....

IBM is now enabling customers to buy subscriptions to IBM i for periods of one to five years. Allowing customers to use operating expenditure (Opex) budget lines instead of the dreaded capital expenditure (CapEx) accounting code for subscriptions. IBM is focusing on lower-end IBM i environments at the moment, so the subscription is limited to four-core P05 machines at this time. As part of this shift to software subscriptions, IBM is rethinking how it bundles ancillary products that are often used with IBM i. 11 packages are being moved into the core OS entitlement.

A group of nearly two dozen investors including Sequoia Capital, Andreessen Horowitz, crypto exchange Binance and asset management firm Fidelity is backing Elon Musk's $44 billion bid to acquire Twitter. From a report: The Tesla and SpaceX chief executive said in a filing Thursday that he had raised over $7.1 billion in total from the investors. Oracle co-founder Larry Ellison delivered the largest check, at $1 billion, the filing revealed. Sequoia has chipped in $800 million, VyCapital $700 million, Binance financed $500 million, and Andreessen Horowitz has invested $400 million, the amended 13D filing said.

Oracle has begun making a new version of Solaris 11.4 available for free/open-source developers and for non-production personal use. Phoronix reports: Solaris 11.4 CBE is the "Common Build Environment" and intended for open-source developers and strictly non-production personal use... That is if you want Solaris for new installs in 2022. The new Solaris 11.4 "CBE" spin is effectively a rolling release and from Oracle's perspective hopes to ease the integration of the open-source software relied upon by Solaris rather than being bound to the dated 11.4.0 GA release.

Downloading the new Solaris 11.4 CBE does require an Oracle account. The CBE builds are also described as "similar to a beta, they are pre-release builds of a particular SRU." The non-production use license is put out under the Oracle Technology Network Early Adopter License Agreement for Oracle Solaris. Oracle will allow upgrading from these free CBE releases to paid SRU releases under Oracle support contracts. More details for those interested in Oracle Solaris 11.4 CBE via the Oracle Solaris blog.

Google's Threat Analysis Group announced on Thursday that it had discovered a pair of North Korean hacking cadres going by the monikers Operation Dream Job and Operation AppleJeus in February that were leveraging a remote code execution exploit in the Chrome web browser. From a report: The blackhatters reportedly targeted the US news media, IT, crypto and fintech industries, with evidence of their attacks going back as far as January 4th, 2022, though the Threat Analysis Group notes that organizations outside the US could have been targets as well.

"We suspect that these groups work for the same entity with a shared supply chain, hence the use of the same exploit kit, but each operate with a different mission set and deploy different techniques," the Google team wrote on Thursday. "It is possible that other North Korean government-backed attackers have access to the same exploit kit." Operation Dream Job targeted 250 people across 10 companies with fraudulent job offers from the likes of Disney and Oracle sent from accounts spoofed to look like they came from Indeed or ZipRecruiter. Clicking on the link would launch a hidden iframe that would trigger the exploit.