Tag: korea
-
North Korea-linked Supply Chain Attack Targets Developers with 35 Malicious npm Packages
Cybersecurity researchers have uncovered a fresh batch of malicious npm packages linked to the ongoing Contagious Interview operation originating from North Korea.According to Socket, the ongoing supply chain attack involves 35 malicious packages that were uploaded from 24 npm accounts. These packages have been collectively downloaded over 4,000 times. The complete list of the JavaScript…
-
Successful Military Attacks are Driving Nation States to Cyber Options
Tags: attack, china, communications, computing, cyber, cyberattack, cybersecurity, data, defense, exploit, extortion, finance, fraud, government, healthcare, infrastructure, iran, korea, middle-east, military, north-korea, russia, service, tactics, technology, tool, ukraine, vulnerability, warfareWith daring military attacks, kinetic warfare is shifting the balance of power in regions across the globe, upending the perception of power projection. Powerful nations are reeling from the impacts of bold assaults and seeking additional methods to drive foreign policy”Š”, “Šcyber may look as an appealing asymmetric warfare capability that is worth doubling-down on.…
-
Cryptohack Roundup: $100 Million Iranian Cryptocurrency Hack
Also: Gotbit CEO Sentencing, US Authorities Seize $225M Tied to Scams. This week, $100 million Nobitex hack, Gotbit CEO sentenced, support for Roman Storm, Trump’s crypto earnings, North Korea’s Codebase infiltration, Haru Invest CEO acquitted, $225 million scam funds seized and New York disrupted a $1 million scam. First seen on govinfosecurity.com Jump to article:…
-
North Korea’s BlueNoroff uses AI deepfakes to push Mac malware in fake Zoom calls
Campaign delivers modular, persistent, Mac-specific malware: Huntress recovered a total of eight distinct malicious binaries, each with specific tasks. The primary implant, ‘Telegram 2’, was written in Nim and embedded itself as a macOS LaunchDaemon to maintain persistence. It acted as a launchpad for the real power tools, including Go-based ‘Root Troy V4’ backdoor and…
-
BlueNoroff Deepfake Zoom Scam Hits Crypto Employee with MacOS Backdoor Malware
The North Korea-aligned threat actor known as BlueNoroff has been observed targeting an employee in the Web3 sector with deceptive Zoom calls featuring deepfaked company executives to trick them into installing malware on their Apple macOS devices.Huntress, which revealed details of the cyber intrusion, said the attack targeted an unnamed cryptocurrency foundation employee, who received…
-
U.S. Moves to Collect $7.74 Million Tied to N. Korea IT Worker Scam
The DOJ is moving to collect $7.74 million seized two years ago in connection with a criminal case involving an IT worker scam run by North Korean operatives. The case is one of many that have been running in the United States and elsewhere for almost a decade. First seen on securityboulevard.com Jump to article:…
-
U.S. Seizes $7.74M in Crypto Tied to North Korea’s Global Fake IT Worker Network
The U.S. Department of Justice (DoJ) said it has filed a civil forfeiture complaint in federal court that targets over $7.74 million in cryptocurrency, non-fungible tokens (NFTs), and other digital assets allegedly linked to a global IT worker scheme orchestrated by North Korea.”For years, North Korea has exploited global remote IT contracting and cryptocurrency ecosystems…
-
Is attacker laziness enabled by genAI shortcuts making them easier to catch?
Tactics of attackers: The OpenAI report, published in June, detailed a variety of defenses the company has deployed against fraudsters. One, for example, involved bogus job applications.”We identified and banned ChatGPT accounts associated with what appeared to be multiple suspected deceptive employment campaigns. These threat actors used OpenAI’s models to develop materials supporting what may…
-
OpenAI Shuts Down 10 Malicious AI Ops Linked to China, Russia, Iran, N. Korea
OpenAI, a leading artificial intelligence company, has revealed it is actively fighting widespread misuse of its AI tools… First seen on hackread.com Jump to article: hackread.com/openai-shuts-down-ai-ops-china-russia-iran-nkorea/
-
OpenAI’s ChatGPT a Hit With Nation-State Hackers
Malicious Accounts Linked to Malware, Influence Operations. OpenAI is using its artificial intelligence models to detect and counter abuse and has banned accounts associated with malicious state-linked operations. Hackers aligned with Russia, China, North Korea and Iran have used OpenAI’s tools for malware development and social media manipulation. First seen on govinfosecurity.com Jump to article:…
-
North Korean APT Hackers Target Users on Social Media to Spread Malware
The Genians Security Center (GSC) has uncovered a highly sophisticated Advanced Persistent Threat (APT) campaign orchestrated by the North Korean state-sponsored hacking group Kimsuky. Active between March and April 2025, this campaign, identified as part of the notorious ‘AppleSeed’ operation, targets individuals in South Korea through a multi-pronged approach using Facebook, email, and Telegram. Sophisticated…
-
Kimsuky’s AppleSeed Returns: North Korea-Linked APT Targets Korean Users via Social Media
The post Kimsuky’s AppleSeed Returns: North Korea-Linked APT Targets Korean Users via Social Media appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/kimsukys-appleseed-returns-north-korea-linked-apt-targets-korean-users-via-social-media/
-
Kimsuky Strikes Again Coordinated Attacks Target Facebook, Email, and Telegram
A recent investigation by Genians Security Center (GSC) has uncovered a highly sophisticated, multi-channel cyber espionage campaign attributed to the North Korea-aligned advanced persistent threat (APT) group known as Kimsuky. Between March and April 2025, the group leveraged Facebook, email, and Telegram to infiltrate targets primarily within the defense sector, North Korea-related activists, and cryptocurrency…
-
ViperSoftX Malware Used by Threat Actors to Steal Sensitive Information
The AhnLab Security Intelligence Center (ASEC) has recently issued a detailed report confirming the persistent distribution of ViperSoftX malware by threat actors, with notable impact on users in South Korea and beyond. First identified by Fortinet in 2020, ViperSoftX is a sophisticated PowerShell-based malware designed to infiltrate infected systems, execute remote commands, and steal sensitive…
-
New phishing campaign hijacks clipboard via fake CAPTCHA for malware delivery
Fail-proof exploit of ‘verification fatigue’: SlashNext highlighted that the campaign’s success stems largely from its exploitation of human psychology.”Modern internet users are inundated with spam checks, CAPTCHAs, and security prompts on websites, and they’ve been conditioned to click through these as quickly as possible,” Kelley added. “Attackers exploit this ‘verification fatigue,’ knowing that many users…
-
DOJ seizes $7.7M from crypto funds linked to North Korea’s IT worker scheme
Authorities said they froze and seized the allegedly illegally obtained funds when North Korean nationals attempted to launder money linked to the long-running conspiracy. First seen on cyberscoop.com Jump to article: cyberscoop.com/doj-seizure-crypto-north-korea-it-workers/
-
APT37 Hackers Fake Academic Forum Invites to Deliver Malicious LNK Files via Dropbox Platform
The North Korean state-sponsored hacking group APT37 has launched a sophisticated spear phishing campaign in March 2025, targeting activists focused on North Korean issues. Disguised as invitations to an academic forum hosted by a South Korean national security think tank, these emails cleverly referenced a real event titled “Trump 2.0 Era: Prospects and South Korea’s…
-
Hackers Use Gh0st RAT to Hijack Internet Café Systems for Crypto Mining
Hackers have been targeting Internet cafés in South Korea since the second half of 2024, exploiting specialized management software to install malicious tools for cryptocurrency mining. According to a detailed report from AhnLab SEcurity intelligence Center (ASEC), the attackers, active since 2022, are using the notorious Gh0st RAT (Remote Access Trojan) to seize control of…
-
North Korea’s Laptop Farm Scam: ‘Something We’d Never Seen Before’
Officials uncover how North Korean operatives used stolen identities and remote-controlled tech to infiltrate American companies and steal corporate data. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-north-korea-laptop-farm-remote-job-scam/
-
U.S. cyber veteran urges stronger Korea response
First seen on scworld.com Jump to article: www.scworld.com/brief/u-s-cyber-veteran-urges-stronger-korea-response
-
TA-ShadowCricket: Sophisticated Hacker Group Targeting Government and Enterprise Networks
A decade-long cyber espionage campaign orchestrated by the advanced persistent threat (APT) group TA-ShadowCricket has been exposed through a joint investigation by South Korea’s AhnLab and the National Cyber Security Center (NCSC). The group, previously identified as Shadow Force, has systematically compromised over 2,000 systems across 72 countries since 2012, with primary targets in government…
-
Decade of Stealth: China-Linked TA-ShadowCricket Targets Asia-Pacific
AhnLab and South Korea’s National Cyber Security Center (NCSC) have released a detailed joint report on a persistent First seen on securityonline.info Jump to article: securityonline.info/decade-of-stealth-china-linked-ta-shadowcricket-targets-asia-pacific/
-
Strategic Defense Innovation: Israel and South Korea’s Technological Partnership
The Israel-South Korea defense partnership has evolved from basic procurement relationships into a sophisticated technological alliance. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/strategic-defense-innovation-israel-and-south-koreas-technological-partnership/
-
SK Telecom revealed that malware breach began in 2022
South Korean mobile network operator SK Telecom revealed that the security breach disclosed in April began in 2022. SK Telecom is South Korea’s largest wireless telecom company, a major player in the country’s mobile and tech landscape. It holds about 48% of the market share for mobile services, meaning around 34 million subscribers use its…
-
Asia Produces More APT Actors, As Focus Expands Globally
China and North Korea-aligned groups account for more than half of global attacks, and an increasing number of countries look to cyber to balance power in the region. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/asia-apt-actors-focus-expands-globally
-
DPRK IT Workers Impersonate Polish and US Nationals to Secure Full-Stack Developer Positions
A alarming cybersecurity report by Nisos has uncovered a sophisticated employment scam network potentially affiliated with the Democratic People’s Republic of Korea (DPRK). This network targets remote engineering and full-stack blockchain developer roles by impersonating Polish and US nationals. The threat actors behind this operation employ a range of deceptive tactics, including the use of…
-
APT Group 123 Targets Windows Systems in Ongoing Malicious Payload Campaign
Group123, a North Korean state-sponsored Advanced Persistent Threat (APT) group also known by aliases such as APT37, Reaper, and ScarCruft, continues to target Windows-based systems across multiple regions. Active since at least 2012, the group has historically focused on South Korea but has broadened its operations since 2017 to include Japan, Vietnam, the Middle East,…