Tag: korea
-
Microsoft isn’t fixing 8-year-old shortcut exploit abused for spying
‘Only’ a local access bug but important part of N Korea, Russia, and China attack picture First seen on theregister.com Jump to article: www.theregister.com/2025/03/18/microsoft_trend_flaw/
-
Unpatched Windows Zero-Day Flaw Exploited by 11 State-Sponsored Threat Groups Since 2017
An unpatched security flaw impacting Microsoft Windows has been exploited by 11 state-sponsored groups from China, Iran, North Korea, and Russia as part of data theft, espionage, and financially motivated campaigns that date back to 2017.The zero-day vulnerability, tracked by Trend Micro’s Zero Day Initiative (ZDI) as ZDI-CAN-25373, refers to an issue that allows bad…
-
Crypto exchange OKX shuts down tool used by North Korean hackers to launder stolen funds
OKX said it detected a coordinated effort by one of North Korea’s most prolific hacking outfits to misuse its decentralized finance (DeFi) services. First seen on therecord.media Jump to article: therecord.media/crypto-okx-shuts-down-exchange
-
GitHub accounts targeted with fake security alerts
Possible DPRK links: Luc4m’s X post hinted at possible nation-state connections, adding, “Smells #DPRK?” While nothing else was said on the X thread, North Korea is known for using click-fix attacks for its cyber espionage activities, with Contagious Interviews being a prominent one of those campaigns.All GitHub fake alerts included the same login information, location:…
-
Attackers attempted hijacking 12,000 GitHub accounts with click-fix alerts
Possible DPRK links: Luc4m’s X post hinted at possible nation-state connections, adding, “Smells #DPRK?” While nothing else was said on the X thread, North Korea is known for using click-fix attacks for its cyber espionage activities, with Contagious Interviews being a prominent one of those campaigns.All GitHub fake alerts included the same login information, location:…
-
The most notorious and damaging ransomware of all time
Tags: access, android, attack, backdoor, backup, banking, botnet, breach, communications, computer, control, credentials, cryptography, cyber, cybercrime, dark-web, data, defense, detection, email, encryption, endpoint, exploit, extortion, finance, flaw, framework, germany, google, government, group, hacker, hacking, healthcare, infection, infrastructure, international, jobs, korea, law, lazarus, leak, linux, malicious, malware, microsoft, mobile, msp, network, north-korea, office, open-source, oracle, password, phishing, phone, powershell, ransom, ransomware, russia, service, software, spam, switch, technology, threat, tool, ukraine, update, usa, virus, vulnerability, windowsConti: History: First appearing in May 2020, the Conti RaaS platform is considered the successor to the Ryuk ransomware. As of January 2021, Conti is believed to have infected over 150 organizations and earned millions of dollars for its criminal developers and their affiliates. At least three new versions have been found since its inception.How it works: Conti uses the…
-
North Korea-linked APT group ScarCruft spotted using new Android spyware KoSpy
North Korea-linked APT group ScarCruft used a new Android spyware dubbed KoSpy to target Korean and English-speaking users. North Korea-linked threat actor ScarCruft (aka APT37, Reaper, and Group123) is behind a previously undetected Android surveillance tool named KoSpy that was used to target Korean and English-speaking users. ScarCruft has been active since at least 2012, it made the…
-
North Korea’s ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps
The North Korea-linked threat actor known as ScarCruft is said to have been behind a never-before-seen Android surveillance tool named KoSpy targeting Korean and English-speaking users.Lookout, which shared details of the malware campaign, said the earliest versions date back to March 2022. The most recent samples were flagged in March 2024. It’s not clear how…
-
North Korean Hackers Distributed Android Spyware via Google Play
The North Korea-linked APT37 has been observed targeting Android users with spyware distributed via Google Play. The post North Korean Hackers Distributed Android Spyware via Google Play appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/north-korean-hackers-distributed-android-spyware-via-google-play/
-
Suspected North Korea Group Targets Android Devices with Spyware
A North Korea-backed threat group, APT37, disguised KoSpy as utility apps in Google Play to infect Android devices, using the spyware for such activities as gathering sensitive information, tracking locations, capturing screenshots, recording keystrokes, and accessing files. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/03/suspected-north-korea-group-targets-android-devices-with-spyware/
-
Lazarus Hackers Exploit 6 NPM Packages to Steal Login Credentials
North Korea’s Lazarus Group has launched a new wave of attacks targeting the npm ecosystem, compromising six packages designed to steal login credentials and deploy backdoors. The malicious packages is-buffer-validator, yoojae-validator, event-handle-package, array-empty-validator, react-event-dependency, and auth-validator have collectively been downloaded over 330 times. These packages mimic the names of widely trusted libraries, employing a typosquatting…
-
Qilin ransomware leveraged by North Korea’s Moonstone Sleet in new attacks
First seen on scworld.com Jump to article: www.scworld.com/brief/qilin-ransomware-leveraged-by-north-koreas-moonstone-sleet-in-new-attacks
-
North Korea-linked APT Moonstone used Qilin ransomware in limited attacks
Microsoft researchers reported that North Korea-linked APT tracked as Moonstone Sleet has employed the Qilin ransomware in limited attacks. Microsoft observed a North Korea-linked APT group, tracked as Moonstone Sleet, deploying Qilin ransomware in limited attacks since February 2025. The APT group uses Qilin ransomware after previously using custom ransomware. >>Moonstone Sleet has previously exclusively…
-
North Korea’s Latest ‘IT Worker’ Scheme Seeks Nuclear Funds
Fraudulent IT workers are looking for engineering and developer positions in the US and Japan, and this time it’s not about espionage. First seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/north-korea-it-worker-scheme-nuclear-funds
-
The Trump Administration Is Deprioritizing Russia as a Cyber Threat
Plus: The FBI pins that ByBit theft on North Korea, a malicious app download breaches Disney, spyware targets a priest close to the pope, and more. First seen on wired.com Jump to article: www.wired.com/story/trump-administration-deprioritizing-russia-cyber-threat/
-
$1.5B Bybit Hack is Linked to North Korea, FBI Says, in Potentially the Largest Crypto Heist Ever
The FBI referred to the attack as “TraderTraitor,” a malicious campaign linked to North Korean state-sponsored hackers the Lazarus Group. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/bybit-cryptocurrency-heist/
-
FBI officially fingers North Korea for $1.5B Bybit crypto-burglary
Federal agents, open up … your browsers and see if you recognize any of these wallets First seen on theregister.com Jump to article: www.theregister.com/2025/02/27/fbi_bybit_korea/
-
North Korea’s Lazarus Pulls Off Biggest Crypto Heist in History
Cyberattackers believed to be affiliated with the state-sponsored threat group pulled off the largest crypto heist reported to date, stealing $1.5 billion from exchange Bybit. It was carried out by interfering with a routine transfer between wallets. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/north-korea-lazarus-crypto-heist
-
EU sanctioned the leader of North Korea-linked APT groups
The European Union sanctioned the leader of North Korea-linked APT groups for aiding Russia in its war against Ukraine. The European Union announced sanctions against entities aiding Russia in the ongoing conflict with Ukraine, including Lee Chang Ho, who is the leader of North Korea-linked APT groups. Lee Chang Ho coordinated North Korean soldiers in…
-
Beware of Fake Job Interview Challenges Targeting Developers to Deliver Malware
Tags: attack, credentials, crypto, cyber, cyberattack, jobs, korea, login, malicious, malware, north-korea, software, threatA new wave of cyberattacks, dubbed >>DeceptiveDevelopment,
-
OpenAI Purges ChatGPT Accounts: China and North Korea Weaponizing AI for Propaganda
OpenAI has confirmed that it has begun blocking accounts linked to Chinese and North Korean users who have First seen on securityonline.info Jump to article: securityonline.info/openai-purges-chatgpt-accounts-china-and-north-korea-weaponizing-ai-for-propaganda/
-
How North Korea pulled off a $1.5 billion crypto heist”, the biggest in history
Attack on Bybit didn’t hack infrastructure or exploit smart contract code. So how did it work? First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/02/how-north-korea-pulled-off-a-1-5-billion-crypto-heist-the-biggest-in-history/
-
DeepSeek’s ByteDance Data-Sharing Raises Fresh Security Concerns
Confirmation by South Korea’s data protection agency that the AI chatbot sent data to TikTok’s Chinese parent company has spurred a ban in that nation, and is again is calling into question DeepSeek’s safety. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/deepseek-bytedance-data-sharing-security-concerns
-
North Korea’s Lazarus hackers behind $1.4 billion crypto theft from Bybit, researchers say
Cybersecurity researchers say North Korean hackers are behind the largest cryptocurrency heist in history and are actively laundering the more than $1.4 billion in cryptocurrency stolen from the Bybit exchange on Friday. First seen on therecord.media Jump to article: therecord.media/lazarus-hackers-behind-bybit-crypto-heist
-
China Using AI-Powered Surveillance Tools, Says OpenAI
Report Also Flags Threats Linked to North Korea, Iran. Chinese influence operations are using artificial intelligence to carry out surveillance and disinformation campaigns, OpenAI said in its latest threat report. The report details two major Chinese campaigns that misused AI tools, including OpenAI’s own models, to advance state-backed agendas. First seen on govinfosecurity.com Jump to…
-
Industrial Organizations Under Siege: Chinese Hackers Wield Advanced FatalRAT Malware
A recent investigation by Kaspersky ICS CERT has uncovered a sophisticated cyberattack targeting industrial organizations across the Asia-Pacific region, particularly those in Taiwan, Malaysia, China, Japan, Thailand, South Korea, Singapore, the Philippines, Vietnam, and Hong Kong. The attackers are using a highly advanced version of the FatalRAT malware, delivered through a complex multi-stage payload framework…
-
Researchers accuse North Korea of $1.4 billion Bybit crypto heist
North Korea is behind the massive crypto hack, according to several blockchain monitoring firms and a well-known researcher First seen on techcrunch.com Jump to article: techcrunch.com/2025/02/24/researchers-accuse-north-korea-of-1-4-billion-bybit-crypto-heist/
-
North Korean hackers linked to $1.5 billion ByBit crypto heist
Over the weekend, blockchain security companies and experts have linked North Korea’s Lazarus hacking group to the theft of over $1.5 billion from cryptocurrency exchange Bybit. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/north-korean-hackers-linked-to-15-billion-bybit-crypto-heist/