Tag: korea
-
Cryptohack Roundup: $7M KiloEx Theft
Also: A $40M Block Penalty, US SEC Guidance on Crypto Laws. This week, a KiloEx exploit, Block fined $40M, U.S. Securities and Exchange Commission guidance on crypto laws, Senate Democrats slammed NCET disbandment, $4.3M scam disrupted, guilty plea in $3.3M tax evasion and a South Korea ban on crypto apps. First seen on govinfosecurity.com Jump…
-
New BPFDoor Controller Enables Stealthy Lateral Movement in Linux Server Attacks
Cybersecurity researchers have unearthed a new controller component associated with a known backdoor called BPFDoor as part of cyber attacks targeting telecommunications, finance, and retail sectors in South Korea, Hong Kong, Myanmar, Malaysia, and Egypt in 2024.”The controller could open a reverse shell,” Trend Micro researcher Fernando Mercês said in a technical report published earlier…
-
The TraderTraitor Crypto Heist: Nation-State Tactics Meet Financial Cybercrime
The cryptocurrency sector has always been a magnet for cybercriminals, but the TraderTraitor campaign marks a different kind of threat”, one backed by state-sponsored actors with long-term goals and surgical precision. Allegedly linked to North Korea’s Lazarus Group, this campaign wasn’t just about breaking into wallets. It was about exploiting trust, manipulating human behavior, and…
-
Crypto Developers Targeted by Python Malware Disguised as Coding Challenges
The North Korea-linked threat actor assessed to be behind the massive Bybit hack in February 2025 has been linked to a malicious campaign that targets developers to deliver new stealer malware under the guise of a coding assignment.The activity has been attributed by Palo Alto Networks Unit 42 to a hacking group it tracks as…
-
Slow Pisces Group Targets Developers Using Coding Challenges Laced with Python Malware
A North Korean state-sponsored threat group known as >>Slow Pisces
-
TraderTraitor: The Kings of the Crypto Heist
Allegedly responsible for the theft of $1.5 billion in cryptocurrency from a single exchange, North Korea’s TraderTraitor is one of the most sophisticated cybercrime groups in the world. First seen on wired.com Jump to article: www.wired.com/story/tradertraitor-north-korea-crypto-theft/
-
Lazarus Expands NPM Campaign With Trojan Loaders
North Korea’s Lazarus Deploys Malicious NPM Packages to Steal Data. North Korea’s Lazarus Group expanded a malicious campaign of uploading malicious code to the JavaScript runtime environment npm repository, publishing 11 packages embedded with Trojan loaders. Researchers identified 11 malicious packages in the repository, a hotspot for supply chain attacks. First seen on govinfosecurity.com Jump…
-
North Korean IT Scammers Targeting European Companies
Inside North Korea’s IT Scam Network Now Shifting to Europe. North Koreans posing as remote IT workers have spread to Europe, where one Pyongyang fraudster assumed at least 12 personas to target companies in Germany, Portugal and the United Kingdom. Western companies have grappled for years with the prospect of unintentionally hiring a North Korean…
-
North Korean IT worker scam spreading to Europe after US law enforcement crackdown
North Korea’s IT worker scam has expanded widely into Europe after years of focusing on U.S. companies, according to new research. First seen on therecord.media Jump to article: therecord.media/north-korean-it-worker-scam-spreads-to-europe
-
North Korea’s IT Operatives Are Exploiting Remote Work Globally
The global rise of North Korean IT worker infiltration poses a serious cybersecurity risk”, using fake identities, remote access, and extortion to compromise organizations. The post North Korea’s IT Operatives Are Exploiting Remote Work Globally appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/north-koreas-it-operatives-are-exploiting-remote-work-globally/
-
North Korea IT Workers Expand Their Employment Across Europe To Infiltrate the Company Networks
North Korean IT workers have intensified their global operations, expanding their employment footprint across Europe to infiltrate corporate networks and generate revenue for the regime. According to the latest report by Google Threat Intelligence Group (GTIG), these workers pose as legitimate remote employees, leveraging advanced technical skills and deceptive tactics to gain access to sensitive…
-
Lazarus Uses ClickFix Tactics in Fake Cryptocurrency Job Attacks
North Korea’s Lazarus hackers are using the ClickFix technique for malware deployment in fresh attacks targeting the cryptocurrency ecosystem. The post Lazarus Uses ClickFix Tactics in Fake Cryptocurrency Job Attacks appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/lazarus-uses-clickfix-tactics-in-fake-cryptocurrency-job-attacks/
-
North Korea’s Fake IT Worker Scheme Sets Sights on Europe
Google has found a significant increase in North Korean actors attempting to gain employment as IT workers in European companies, leading to data theft and extortion First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/north-korea-fake-it-worker-europe/
-
North Korea’s fake tech workers now targeting European employers
With help from UK operatives, because it’s getting tougher to run the scam in the USA First seen on theregister.com Jump to article: www.theregister.com/2025/04/02/north_korean_fake_techies_target_europe/
-
North Korean IT worker army expands operations in Europe
North Korea’s IT workers have expanded operations beyond the United States and are now increasingly targeting organizations across Europe. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/north-korean-it-worker-army-expands-operations-in-europe/
-
The North Korea worker problem is bigger than you think
The yearslong scheme goes much deeper than contract work, extending to roles beyond traditional IT and sometimes granting the insider threat “keys to the kingdom,” DTEX President Mohan Koo said. First seen on cyberscoop.com Jump to article: cyberscoop.com/north-korea-technical-workers-full-time-jobs/
-
North Korean Kimsuky Hackers Deploy New Tactics and Malicious Scripts in Recent Attacks
Security researchers have uncovered a new attack campaign by the North Korean state-sponsored APT group Kimsuky, also known as >>Black Banshee.
-
North Korea Launches Military Research Facility to Strengthen Cyber Warfare Operations
North Korea has taken a significant step in enhancing its cyber warfare capabilities by establishing a new research center, known as Research Center 227, under the military’s Reconnaissance General Bureau (RGB). This move is part of a broader strategy to bolster the country’s offensive cyber operations, particularly focusing on AI-powered hacking technologies. Background and Objectives…
-
North Korea launches hacking hub focused on artificial intelligence
First seen on scworld.com Jump to article: www.scworld.com/news/north-korea-launches-hacking-hub-focused-on-artificial-intelligence
-
U.S. Treasury removed sanctions against the crypto mixer service Tornado Cash
The U.S. Treasury is lifting sanctions on Tornado Cash, a crypto mixer accused of helping North Korea’s Lazarus Group launder illicit funds. The U.S. Treasury Department removed sanctions against the cryptocurrency mixer service Tornado Cash. In August 2022, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned the crypto mixer service Tornado Cash used by…
-
U.S. Treasury Lifts Tornado Cash Sanctions Amid North Korea Money Laundering Probe
The U.S. Treasury Department has announced that it’s removing sanctions against Tornado Cash, a cryptocurrency mixer service that has been accused of aiding the North Korea-linked Lazarus Group to launder their ill-gotten proceeds.”Based on the Administration’s review of the novel legal and policy issues raised by use of financial sanctions against financial and commercial activity…
-
North Korea launches new unit with a focus on AI hacking, per report
North Korea is reportedly launching a new cybersecurity unit called Research Center 227 within its intelligence agency Reconnaissance General Bureau (RGB). © 2025 TechCrunch. All rights reserved. For personal use only. First seen on techcrunch.com Jump to article: techcrunch.com/2025/03/20/north-korea-launches-new-unit-with-a-focus-on-ai-hacking-per-report/
-
State-Backed Hackers Exploiting Windows Zero-Day Since 2017
At least 11 state-sponsored hacking groups from North Korea, Iran, Russia, and China have been actively exploiting a newly uncovered Windows zero-day vulnerability in cyber espionage and data theft attacks since 2017. Despite clear evidence of exploitation, Microsoft has declined… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/zdi-can-25373-zero-day-exploited-since-2017/
-
New Windows zero-day feared abused in widespread espionage for years
.The zero-day vulnerability, tracked as ZDI-CAN-25373, has yet to be publicly acknowledged and assigned a CVE-ID by Microsoft. ZDI-CAN-25373 has to do with the way Windows displays the contents of .lnk files, a type of binary file used by Windows to act as a shortcut to a file, folder, or application, through the Windows UI.A…
-
China, Russia, North Korea Hackers Exploit Windows Security Flaw
Tags: attack, china, exploit, flaw, government, group, hacker, infrastructure, korea, microsoft, north-korea, russia, threat, update, windowsAmost a dozen state-sponsored threat groups from Russia, China, and North Korea have been exploiting a security flaw in WIndows in attacks on governments and critical infrastructure that date back to 2017. According to Trend Micro’s VDI unit, Microsoft has no plans to patch the vulnerability. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/03/china-russia-north-korea-hackers-exploit-windows-security-flaw/
-
New Windows zero-day exploited by 11 state hacking groups since 2017
At least 11 state-backed hacking groups from North Korea, Iran, Russia, and China have been exploiting a new Windows vulnerability in data theft and cyber espionage zero-day attacks since 2017. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-windows-zero-day-exploited-by-11-state-hacking-groups-since-2017/