Tag: korea
-
Xinbi Telegram Market Tied to $8.4B in Crypto Crime, Romance Scams, North Korea Laundering
by
in SecurityNews
Tags: blockchain, china, crime, crypto, data, data-breach, korea, marketplace, north-korea, scam, technologyA Chinese-language, Telegram-based marketplace called Xinbi Guarantee has facilitated no less than $8.4 billion in transactions since 2022, making it the second major black market to be exposed after HuiOne Guarantee.According to a report published by blockchain analytics firm Elliptic, merchants on the marketplace have been found to peddle technology, personal data, and money laundering…
-
Earth Ammit Breached Drone Supply Chains via ERP in VENOM, TIDRONE Campaigns
by
in SecurityNews
Tags: cyber, espionage, group, healthcare, korea, military, service, software, supply-chain, technologyA cyber espionage group known as Earth Ammit has been linked to two related but distinct campaigns from 2023 to 2024 targeting various entities in Taiwan and South Korea, including military, satellite, heavy industry, media, technology, software services, and healthcare sectors.Cybersecurity firm Trend Micro said the first wave, codenamed VENOM, mainly targeted software service providers,…
-
TA406 Cyber Campaign: North Korea’s Focus on Ukraine Intelligence
by
in SecurityNewsIn a recently disclosed campaign, TA406, a North Korean state-aligned threat actor, has expanded its cyber-espionage efforts by First seen on securityonline.info Jump to article: securityonline.info/ta406-cyber-campaign-north-koreas-focus-on-ukraine-intelligence/
-
North Korea ramps up cyberspying in Ukraine to assess war risk
by
in SecurityNewsThe state-backed North Korean threat group Konni (Opal Sleet, TA406) was observed targeting Ukrainian government entities in intelligence collection operations. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/north-korea-ramps-up-cyberspying-in-ukraine-to-assess-war-risk/
-
North Korean Konni APT Targets Ukraine with Malware to track Russian Invasion Progress
by
in SecurityNews
Tags: apt, government, group, intelligence, korea, malware, north-korea, phishing, russia, threat, ukraineThe North Korea-linked threat actor known as Konni APT has been attributed to a phishing campaign targeting government entities in Ukraine, indicating the threat actor’s targeting beyond Russia.Enterprise security firm Proofpoint said the end goal of the campaign is to collect intelligence on the “trajectory of the Russian invasion.””The group’s interest in Ukraine follows historical…
-
North Korea Targets Ukraine With Cyberespionage Operations
by
in SecurityNews
Tags: cyber, cyberespionage, cybersecurity, hacker, intelligence, korea, north-korea, phishing, risk, ukrainePhishing Campaigns Appear to Be Solely Intelligence-Gathering for DPRK Leadership. North Korea nation-state hackers appear to have entered the Ukrainian cyber operations fray, albeit solely for cyberespionage purposes for gathering intelligence to help North Korean leadership determine the current risk to its forces already in the theater, cybersecurity researchers report. First seen on govinfosecurity.com Jump…
-
North Korea’s TA406 Targets Ukraine for Intel
by
in SecurityNewsThe threat group’s goal is to help Pyongyang assess risk to its troops deployed in Ukraine and to figure out if Moscow might want more. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/north-koreas-ta406-targets-ukraine
-
North Korea’s OtterCookie Malware Added a New Feature to Attack Windows, Linux, and macOS
by
in SecurityNewsA North Korea-linked attack group, known as WaterPlum (also referred to as Famous Chollima or PurpleBravo), has been actively targeting financial institutions, cryptocurrency operators, and FinTech companies globally. Since 2023, their infamous Contagious Interview campaign has utilized malware such as BeaverTail and InvisibleFerret to infiltrate systems. However, in September 2024, WaterPlum introduced a sophisticated new…
-
A timeline of South Korean telco giant SKT’s data breach
by
in SecurityNewsIn April, South Korea’s telco giant SK Telecom (SKT) was hit by a cyberattack that led to the theft of personal data on approximately 23 million customers, equivalent to almost half of the country’s 52 million residents. At a National Assembly hearing in Seoul on Thursday, SKT chief executive Young-sang Ryu said about 250,000 users…
-
BFDOOR Malware Targets Organizations to Establish Long-Term Persistence
by
in SecurityNewsThe BPFDoor malware has emerged as a significant threat targeting domestic and international organizations, particularly in the telecommunications sector. First identified by PwC in 2021, BPFDoor is a highly sophisticated backdoor malware designed to infiltrate Linux systems with an emphasis on long-term persistence and evasion. On April 25, 2025, the Korea Internet & Security Agency…
-
India’s chipmaking ambitions hurt by Zoho’s no-go and Adani unease
by
in SecurityNewsPLUS: China spring cleans its AIs; South Korea fines Meta, probes Broadcom; and more! First seen on theregister.com Jump to article: www.theregister.com/2025/05/05/asia_tech_news_in_brief/
-
How China and North Korea Are Industrializing Zero-Days
by
in SecurityNews
Tags: china, cloud, corporate, cyberattack, exploit, google, group, hacker, intelligence, korea, north-korea, organized, threat, zero-dayGoogle Cloud’s Hultquist on How State Hackers Exploit Code and Corporate Hiring. John Hultquist, chief analyst at Google Threat Intelligence Group, Google Cloud, discussed how China and North Korea are transforming cyberattacks into organized, factory-like operations. Alongside zero-day exploits, North Korean IT operatives are quietly infiltrating Fortune 500 companies under false identities. First seen on…
-
Treasury Moves to Ban Huione Group for Laundering $4 Billion
by
in SecurityNewsThe Treasury Department is moving to cut off Huione Group, a Cambodian conglomerate, from the U.S. financial system, saying the firm and its multiple entities laundered billions of dollars for North Korea’s Lazarus Group and criminal gangs running pig-butchering scams from Southeast Asia. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/treasury-moves-to-ban-huione-group-for-laundering-4-billion/
-
North Korea Stole Your Job
by
in SecurityNewsFor years, North Korea has been secretly placing young IT workers inside Western companies. With AI, their schemes are now more devious”, and effective”, than ever. First seen on wired.com Jump to article: www.wired.com/story/north-korea-stole-your-tech-job-ai-interviews/
-
Enterprise-specific zero-day exploits on the rise, Google warns
by
in SecurityNews
Tags: access, apple, apt, attack, china, cisco, cloud, crime, crimes, cyberespionage, detection, endpoint, exploit, finance, flaw, google, group, Hardware, incident response, injection, Internet, ivanti, korea, lessons-learned, mandiant, microsoft, mitigation, network, north-korea, remote-code-execution, russia, service, strategy, technology, threat, tool, update, vpn, vulnerability, zero-daySurge in network edge device exploitation: Of the 33 zero-day vulnerabilities in enterprise-specific products, 20 targeted hardware appliances typically located at the network edge, such as VPNs, security gateways, and firewalls. Notable targets last year included Ivanti Cloud Services Appliance, Palo Alto Networks’ PAN-OS, Cisco Adaptive Security Appliance, and Ivanti Connect Secure VPN.Targeted attacks against…
-
Government hackers are leading the use of attributed zero-days, Google says
by
in SecurityNewsGovernments like China and North Korea, along with spyware makers, used the most recorded zero-days in 2024. First seen on techcrunch.com Jump to article: techcrunch.com/2025/04/29/government-hackers-are-leading-the-use-of-attributed-zero-days-google-says/
-
North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures
by
in SecurityNewsNorth Korea-linked threat actors behind the Contagious Interview have set up front companies as a way to distribute malware during the fake hiring process.”In this new campaign, the threat actor group is using three front companies in the cryptocurrency consulting industry”, BlockNovas LLC (blocknovas[.] com), Angeloper Agency (angeloper[.]com), and SoftGlide LLC (softglide[.]co)”, to spread First…
-
Operation SyncHole: Lazarus APT targets supply chains in South Korea
by
in SecurityNewsThe North Korea-linked Lazarus Group targeted at least six firms in South Korea in a cyber espionage campaign called Operation SyncHole. Kaspersky researchers reported that the North Korea-linked APT group Lazarus targeted at least six firms in South Korea in a cyber espionage campaign tracked as Operation SyncHole. The campaign has been active since at…
-
Hackers access sensitive SIM card data at South Korea’s largest telecoms company
Mobile network operator SK Telecom, which serves approximately 34 million subscribers in South Korea, has confirmed that it suffered a cyber attack earlier this month that saw malware infiltrate its internal systems, and access data related to customers’ SIM cards. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/hackers-access-sensitive-sim-card-data-at-south-koreas-largest-telecoms-company
-
Russian VPS Servers With RDP and Proxy Servers Enable North Korean Cybercrime Operations
by
in SecurityNewsTrend Research has uncovered a sophisticated network of cybercrime operations linked to North Korea, heavily utilizing Russian internet infrastructure. Specifically, IP address ranges in the towns of Khasan and Khabarovsk, Russia, assigned to organizations under TransTelecom (ASN AS20485), are pivotal in these activities. Khasan, just a mile from the North Korea-Russia border and connected via…
-
Lazarus Hits 6 South Korean Firms via Cross EX, Innorix Flaws and ThreatNeedle Malware
by
in SecurityNewsAt least six organizations in South Korea have been targeted by the prolific North Korea-linked Lazarus Group as part of a campaign dubbed Operation SyncHole.The activity targeted South Korea’s software, IT, financial, semiconductor manufacturing, and telecommunications industries, according to a report from Kaspersky published today. The earliest evidence of compromise was first detected in First…
-
Lazarus Hits 6 South Korean Firms via Cross EX, Innorix Zero-Day and ThreatNeedle Malware
by
in SecurityNewsAt least six organizations in South Korea have been targeted by the prolific North Korea-linked Lazarus Group as part of a campaign dubbed Operation SyncHole.The activity targeted South Korea’s software, IT, financial, semiconductor manufacturing, and telecommunications industries, according to a report from Kaspersky published today. The earliest evidence of compromise was first detected in First…
-
South Korea Accuses DeepSeek of Unlawful Data Transfers Amid AI Expansion
by
in SecurityNewsChinese artificial intelligence startup DeepSeek has come under intense scrutiny from South Korean authorities for allegedly transferring user data and AI prompts without proper consent. The controversy erupted after Korea’s data protection authority, the Personal Information Protection Commission (PIPC), released a detailed statement on April 18, 2025, accusing Hangzhou DeepSeek Artificial Intelligence Co. Ltd. of…
-
Cryptohack Roundup: $7M KiloEx Theft
Also: A $40M Block Penalty, US SEC Guidance on Crypto Laws. This week, a KiloEx exploit, Block fined $40M, U.S. Securities and Exchange Commission guidance on crypto laws, Senate Democrats slammed NCET disbandment, $4.3M scam disrupted, guilty plea in $3.3M tax evasion and a South Korea ban on crypto apps. First seen on govinfosecurity.com Jump…
-
New BPFDoor Controller Enables Stealthy Lateral Movement in Linux Server Attacks
by
in SecurityNewsCybersecurity researchers have unearthed a new controller component associated with a known backdoor called BPFDoor as part of cyber attacks targeting telecommunications, finance, and retail sectors in South Korea, Hong Kong, Myanmar, Malaysia, and Egypt in 2024.”The controller could open a reverse shell,” Trend Micro researcher Fernando Mercês said in a technical report published earlier…
-
The TraderTraitor Crypto Heist: Nation-State Tactics Meet Financial Cybercrime
by
in SecurityNewsThe cryptocurrency sector has always been a magnet for cybercriminals, but the TraderTraitor campaign marks a different kind of threat”, one backed by state-sponsored actors with long-term goals and surgical precision. Allegedly linked to North Korea’s Lazarus Group, this campaign wasn’t just about breaking into wallets. It was about exploiting trust, manipulating human behavior, and…
-
Crypto Developers Targeted by Python Malware Disguised as Coding Challenges
by
in SecurityNewsThe North Korea-linked threat actor assessed to be behind the massive Bybit hack in February 2025 has been linked to a malicious campaign that targets developers to deliver new stealer malware under the guise of a coding assignment.The activity has been attributed by Palo Alto Networks Unit 42 to a hacking group it tracks as…
-
Slow Pisces Group Targets Developers Using Coding Challenges Laced with Python Malware
by
in SecurityNewsA North Korean state-sponsored threat group known as >>Slow Pisces