Nigerian enters guilty plea for payroll firm hack

The U.S. Justice Department announced that Nigerian national Charles Onus has entered a guilty plea to one count of computer fraud related to hacking the user accounts of a payroll firm, as well as stealing payroll deposits, BleepingComputer reports. Since July 2017, Onus was implicated in malicious activity leveraging credential stuffing attacks to compromise 5,500 user accounts at a human resources and payroll firm, resulting in the exfiltration of payroll funds totaling $800,000, according to the indictment and court documents. "After a company user account was compromised, the bank account information designated by the user of the account was changed so that Onus would receive the user's payroll to a prepaid debit card that was under Onus' control," said the DoJ in its announcement. Onus, who was arrested last April when he arrived at San Francisco, faces up to five years imprisonment, with sentencing expected to be decided on May 12.