U.S. DoD tricked into paying $23.5 million to phishing actor 

Bleeping Computer: The Department of Defense (DoD) was duped by a phishing operation back in 2018 by California resident, Sercan Oyuntur, who was convicted this month by the Department of Justice (DOJ). Oyunter managed to hack $23.5 million from the DoD into his personal bank account by leveraging his employee status as a DoD contractor. Him and his co-conspirators were able to outsmart DoD employees using URLs similar to legitimate websites, which shows the importance of training employees on phishing scams and how easy it is to fall victim to them. 

More: Justice Department | CPO Magazine | 

Costa Rica declares state of emergency over ransomware attack 

NBC News: Costa Rica has declared a state of emergency after multiple government agencies have been crippled by ransomware hackers. At the center of this spree is due to the Russia-based ransomware gang, Conti. They have crippled many of the country’s essential services, such as collecting taxes, overseeing exports and canceling 30,000 medical appointments. The cybergang’s behavior has been quite disturbing, telling Costa Rica residents, “we are determined to overthrow the government by means of a cyber attack.”  The country has until May 23 to pay the $20M ransom or their decryption keys will be deleted.

More: Tech Crunch | Wired |Washington Post ($) | @BrettCallow

Some cyber humor to end the week: