Tag: korea
-
Security Affairs newsletter Round 531 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates Critical Sudo bugs expose…
-
North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates
North Korea-linked hackers use fake Zoom updates to spread macOS NimDoor malware, targeting crypto firms with stealthy backdoors. North Korea-linked threat actors are targeting Web3 and crypto firms with NimDoor, a rare macOS backdoor disguised as a fake Zoom update. Victims are tricked into installing the malware through phishing links sent via Calendly or Telegram.…
-
Microsoft shuts down 3,000 email accounts created by North Korean IT workers
Microsoft said it has spent years monitoring North Korea’s campaign to get its citizens hired in IT roles at U.S. companies and recently saw changes in how the campaign operates. First seen on therecord.media Jump to article: therecord.media/microsoft-shuts-down-3000-north-korea-it-worker-email
-
N Korean Hackers Drop NimDoor macOS Malware Via Fake Zoom Updates
SentinelLabs uncovers NimDoor, new North Korea-aligned macOS malware targeting Web3 and crypto firms. Exploits Nim, AppleScript, and steals Keychain, browser, shell, and Telegram data. First seen on hackread.com Jump to article: hackread.com/n-korean-hackers-nimdoor-macos-malware-fake-zoom-updates/
-
North Korean Hackers Target Web3 with Nim Malware and Use ClickFix in BabyShark Campaign
Tags: communications, crypto, hacker, injection, korea, macOS, malware, north-korea, programming, threatThreat actors with ties to North Korea have been observed targeting Web3 and cryptocurrency-related businesses with malware written in the Nim programming language, underscoring a constant evolution of their tactics.”Unusually for macOS malware, the threat actors employ a process injection technique and remote communications via wss, the TLS-encrypted version of the WebSocket protocol,” First seen…
-
North Korean IT Workers Employ New Tactics to Infiltrate Global Organizations
Tags: ai, china, cyber, intelligence, korea, microsoft, north-korea, russia, tactics, technology, threat, toolMicrosoft Threat Intelligence has uncovered a sophisticated operation by North Korean remote IT workers who are leveraging cutting-edge artificial intelligence (AI) tools to infiltrate organizations worldwide. Since at least 2020, these highly skilled individuals, often based in North Korea, China, and Russia, have been targeting technology-related roles across various industries to generate revenue for the…
-
U.S. DOJ Cracks Down on North Korean Remote IT Workforce Operating Illegally
The U.S. Department of Justice (DOJ) has announced a major crackdown on North Korea’s covert use of remote information technology (IT) workers to siphon millions from American companies and fund its weapons programs. The coordinated law enforcement actions, resulted in the arrest of a New Jersey man, the seizure of 29 financial accounts, 21 fraudulent…
-
US government takes down major North Korean ‘remote IT workers’ operation
US prosecutors indicated a total of 13 people involved in the fraudulent scheme to steal and launder money for North Korea’s nuclear weapons program. First seen on techcrunch.com Jump to article: techcrunch.com/2025/06/30/us-government-takes-down-major-north-korean-remote-it-workers-operation/
-
N. Korean Group BlueNoroff Uses Deepfake Zoom Calls in Crypto Scams
The notorious BlueNoroff group from North Korea is using deepfake video and deceptive Zoom calls to steal cryptocurrency by enticing targets to unwittingly download malware onto their macOS devices and letting the hackers to get access into them. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/n-korean-group-bluenoroff-uses-deepfake-zoom-calls-in-crypto-scams/
-
New wave of ‘fake interviews’ use 35 npm packages to spread malware
A new wave of North Korea’s ‘Contagious Interview’ campaign is targeting job seekers with malicious npm packages that infect dev’s devices with infostealers and backdoors. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-wave-of-fake-interviews-use-35-npm-packages-to-spread-malware/
-
North Korea-linked Supply Chain Attack Targets Developers with 35 Malicious npm Packages
Cybersecurity researchers have uncovered a fresh batch of malicious npm packages linked to the ongoing Contagious Interview operation originating from North Korea.According to Socket, the ongoing supply chain attack involves 35 malicious packages that were uploaded from 24 npm accounts. These packages have been collectively downloaded over 4,000 times. The complete list of the JavaScript…
-
Successful Military Attacks are Driving Nation States to Cyber Options
Tags: attack, china, communications, computing, cyber, cyberattack, cybersecurity, data, defense, exploit, extortion, finance, fraud, government, healthcare, infrastructure, iran, korea, middle-east, military, north-korea, russia, service, tactics, technology, tool, ukraine, vulnerability, warfareWith daring military attacks, kinetic warfare is shifting the balance of power in regions across the globe, upending the perception of power projection. Powerful nations are reeling from the impacts of bold assaults and seeking additional methods to drive foreign policy”Š”, “Šcyber may look as an appealing asymmetric warfare capability that is worth doubling-down on.…
-
Cryptohack Roundup: $100 Million Iranian Cryptocurrency Hack
Also: Gotbit CEO Sentencing, US Authorities Seize $225M Tied to Scams. This week, $100 million Nobitex hack, Gotbit CEO sentenced, support for Roman Storm, Trump’s crypto earnings, North Korea’s Codebase infiltration, Haru Invest CEO acquitted, $225 million scam funds seized and New York disrupted a $1 million scam. First seen on govinfosecurity.com Jump to article:…
-
North Korea’s BlueNoroff uses AI deepfakes to push Mac malware in fake Zoom calls
Campaign delivers modular, persistent, Mac-specific malware: Huntress recovered a total of eight distinct malicious binaries, each with specific tasks. The primary implant, ‘Telegram 2’, was written in Nim and embedded itself as a macOS LaunchDaemon to maintain persistence. It acted as a launchpad for the real power tools, including Go-based ‘Root Troy V4’ backdoor and…
-
BlueNoroff Deepfake Zoom Scam Hits Crypto Employee with MacOS Backdoor Malware
The North Korea-aligned threat actor known as BlueNoroff has been observed targeting an employee in the Web3 sector with deceptive Zoom calls featuring deepfaked company executives to trick them into installing malware on their Apple macOS devices.Huntress, which revealed details of the cyber intrusion, said the attack targeted an unnamed cryptocurrency foundation employee, who received…
-
U.S. Moves to Collect $7.74 Million Tied to N. Korea IT Worker Scam
The DOJ is moving to collect $7.74 million seized two years ago in connection with a criminal case involving an IT worker scam run by North Korean operatives. The case is one of many that have been running in the United States and elsewhere for almost a decade. First seen on securityboulevard.com Jump to article:…
-
U.S. Seizes $7.74M in Crypto Tied to North Korea’s Global Fake IT Worker Network
The U.S. Department of Justice (DoJ) said it has filed a civil forfeiture complaint in federal court that targets over $7.74 million in cryptocurrency, non-fungible tokens (NFTs), and other digital assets allegedly linked to a global IT worker scheme orchestrated by North Korea.”For years, North Korea has exploited global remote IT contracting and cryptocurrency ecosystems…
-
Is attacker laziness enabled by genAI shortcuts making them easier to catch?
Tactics of attackers: The OpenAI report, published in June, detailed a variety of defenses the company has deployed against fraudsters. One, for example, involved bogus job applications.”We identified and banned ChatGPT accounts associated with what appeared to be multiple suspected deceptive employment campaigns. These threat actors used OpenAI’s models to develop materials supporting what may…
-
OpenAI Shuts Down 10 Malicious AI Ops Linked to China, Russia, Iran, N. Korea
OpenAI, a leading artificial intelligence company, has revealed it is actively fighting widespread misuse of its AI tools… First seen on hackread.com Jump to article: hackread.com/openai-shuts-down-ai-ops-china-russia-iran-nkorea/
-
OpenAI’s ChatGPT a Hit With Nation-State Hackers
Malicious Accounts Linked to Malware, Influence Operations. OpenAI is using its artificial intelligence models to detect and counter abuse and has banned accounts associated with malicious state-linked operations. Hackers aligned with Russia, China, North Korea and Iran have used OpenAI’s tools for malware development and social media manipulation. First seen on govinfosecurity.com Jump to article:…
-
North Korean APT Hackers Target Users on Social Media to Spread Malware
The Genians Security Center (GSC) has uncovered a highly sophisticated Advanced Persistent Threat (APT) campaign orchestrated by the North Korean state-sponsored hacking group Kimsuky. Active between March and April 2025, this campaign, identified as part of the notorious ‘AppleSeed’ operation, targets individuals in South Korea through a multi-pronged approach using Facebook, email, and Telegram. Sophisticated…
-
Kimsuky’s AppleSeed Returns: North Korea-Linked APT Targets Korean Users via Social Media
The post Kimsuky’s AppleSeed Returns: North Korea-Linked APT Targets Korean Users via Social Media appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/kimsukys-appleseed-returns-north-korea-linked-apt-targets-korean-users-via-social-media/
-
Kimsuky Strikes Again Coordinated Attacks Target Facebook, Email, and Telegram
A recent investigation by Genians Security Center (GSC) has uncovered a highly sophisticated, multi-channel cyber espionage campaign attributed to the North Korea-aligned advanced persistent threat (APT) group known as Kimsuky. Between March and April 2025, the group leveraged Facebook, email, and Telegram to infiltrate targets primarily within the defense sector, North Korea-related activists, and cryptocurrency…
-
ViperSoftX Malware Used by Threat Actors to Steal Sensitive Information
The AhnLab Security Intelligence Center (ASEC) has recently issued a detailed report confirming the persistent distribution of ViperSoftX malware by threat actors, with notable impact on users in South Korea and beyond. First identified by Fortinet in 2020, ViperSoftX is a sophisticated PowerShell-based malware designed to infiltrate infected systems, execute remote commands, and steal sensitive…
-
New phishing campaign hijacks clipboard via fake CAPTCHA for malware delivery
Fail-proof exploit of ‘verification fatigue’: SlashNext highlighted that the campaign’s success stems largely from its exploitation of human psychology.”Modern internet users are inundated with spam checks, CAPTCHAs, and security prompts on websites, and they’ve been conditioned to click through these as quickly as possible,” Kelley added. “Attackers exploit this ‘verification fatigue,’ knowing that many users…
-
DOJ seizes $7.7M from crypto funds linked to North Korea’s IT worker scheme
Authorities said they froze and seized the allegedly illegally obtained funds when North Korean nationals attempted to launder money linked to the long-running conspiracy. First seen on cyberscoop.com Jump to article: cyberscoop.com/doj-seizure-crypto-north-korea-it-workers/
-
APT37 Hackers Fake Academic Forum Invites to Deliver Malicious LNK Files via Dropbox Platform
The North Korean state-sponsored hacking group APT37 has launched a sophisticated spear phishing campaign in March 2025, targeting activists focused on North Korean issues. Disguised as invitations to an academic forum hosted by a South Korean national security think tank, these emails cleverly referenced a real event titled “Trump 2.0 Era: Prospects and South Korea’s…
-
Hackers Use Gh0st RAT to Hijack Internet Café Systems for Crypto Mining
Hackers have been targeting Internet cafés in South Korea since the second half of 2024, exploiting specialized management software to install malicious tools for cryptocurrency mining. According to a detailed report from AhnLab SEcurity intelligence Center (ASEC), the attackers, active since 2022, are using the notorious Gh0st RAT (Remote Access Trojan) to seize control of…