Tag: korea
-
North Korea’s >>Contagious Interview<< Floods npm with 200 New Packages, Using Fake Crypto Jobs to Deploy OtterCookie Spyware
The post North Korea’s >>Contagious Interview
-
Contagious Interview campaign expands with 197 npm Ppackages spreading new OtterCookie malware
North Korea-linked actors behind Contagious Interview uploaded 197 new malicious npm packages to distribute a new OtterCookie malware version. North Korea-linked threat actors added 197 new malicious npm packages to spread updated OtterCookie malware as part of the ongoing Contagious Interview campaign, cybersecurity firm Socket warns. TheContagious Interviewcampaign, active since November 2023 and linked to…
-
Rare APT Collaboration Emerges Between Russia and North Korea
Researchers say Russia’s Gamaredon and North Korea’s Lazarus may be sharing infrastructure, a rare APT collaboration. The post Rare APT Collaboration Emerges Between Russia and North Korea appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-apt-collaboration-russia-north-korea/
-
Qilin Ransomware Turns South Korean MSP Breach Into 28-Victim ‘Korean Leaks’ Data Heist
Tags: attack, breach, data, finance, group, korea, leak, msp, north-korea, ransomware, service, supply-chainSouth Korea’s financial sector has been targeted by what has been described as a sophisticated supply chain attack that led to the deployment of Qilin ransomware.”This operation combined the capabilities of a major Ransomware-as-a-Service (RaaS) group, Qilin, with potential involvement from North Korean state-affiliated actors (Moonstone Sleet), leveraging Managed Service Provider (MSP) First seen on…
-
Rare APT Collaboration Emerges Between Russia and North Korea
Researchers say Russia’s Gamaredon and North Korea’s Lazarus may be sharing infrastructure, a rare APT collaboration. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/news-russia-north-korea-apt-collab/
-
Russian and North Korean Hackers Forge Global Cyberattack Alliance
Tags: cyber, cyberattack, group, hacker, infrastructure, korea, lazarus, north-korea, russia, threat, warfareState-sponsored hackers from Russia and North Korea are collaborating on shared infrastructure, marking a significant shift in cyber geopolitics. Security researchers have uncovered evidence suggesting that Gamaredon, a Russia-aligned advanced persistent threat (APT) group, and Lazarus, North Korea’s primary cyber warfare unit, may be operating jointly a development with profound implications for global security. Russia…
-
North Korean Kimsuky and Lazarus Teams Target Critical Sectors with Zero-Day Exploits
Tags: apt, attack, blockchain, crypto, cyber, exploit, finance, framework, group, healthcare, infrastructure, intelligence, korea, lazarus, military, north-korea, threat, zero-dayNorth Korea’s two most formidable APT groups Kimsuky and Lazarus have established a coordinated operational framework that combines intelligence gathering with large-scale cryptocurrency theft. According to a comprehensive Trend Micro analysis, this collaboration poses an unprecedented threat to critical infrastructure worldwide, with attacks targeting the military, financial, blockchain, energy, and healthcare sectors across the United…
-
North Korean Kimsuky and Lazarus Teams Target Critical Sectors with Zero-Day Exploits
Tags: apt, attack, blockchain, crypto, cyber, exploit, finance, framework, group, healthcare, infrastructure, intelligence, korea, lazarus, military, north-korea, threat, zero-dayNorth Korea’s two most formidable APT groups Kimsuky and Lazarus have established a coordinated operational framework that combines intelligence gathering with large-scale cryptocurrency theft. According to a comprehensive Trend Micro analysis, this collaboration poses an unprecedented threat to critical infrastructure worldwide, with attacks targeting the military, financial, blockchain, energy, and healthcare sectors across the United…
-
4 U.S. Citizens, Ukrainian Plead Guilty in N. Korea IT Worker Scheme
Four U.S. citizens and a Ukrainian national pleaded guilty to their roles in a North Korean IT worker scam that victimized more than 135 U.S. companies and netted more than $2.2 million for the DPRK regime and is military and weapons programs. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/4-u-s-citizens-ukrainian-plead-guilty-in-n-korea-it-worker-scheme/
-
Lazarus APT Group’s New ScoringMathTea RAT Enhances Remote Command Execution and More
The Lazarus APT Group, an advanced persistent threat (APT) attributed to North Korea, has deployed a sophisticated new Remote Access Trojan (RAT) called ScoringMathTea as part of its ongoing Operation DreamJob cyberespionage campaign. ScoringMathTea represents a significant evolution in Lazarus’s malware toolkit, implementing a modular architecture designed specifically to evade detection across both network and…
-
Lazarus APT Group’s New ScoringMathTea RAT Enhances Remote Command Execution and More
The Lazarus APT Group, an advanced persistent threat (APT) attributed to North Korea, has deployed a sophisticated new Remote Access Trojan (RAT) called ScoringMathTea as part of its ongoing Operation DreamJob cyberespionage campaign. ScoringMathTea represents a significant evolution in Lazarus’s malware toolkit, implementing a modular architecture designed specifically to evade detection across both network and…
-
Frentree Partners with AccuKnox to Expand Zero Trust CNAPP Security in South Korea
Menlo Park, California, USA, November 17th, 2025, CyberNewsWire AccuKnox, a global leader in Zero Trust Cloud-Native Application Protection Platforms (CNAPP), today announced its distributor partnership with Frentree, a leading cybersecurity solutions provider in South Korea. The collaboration aims to strengthen cloud, container, and AI workload security for enterprises across the region by combining Frentree’s strong…
-
Frentree Partners with AccuKnox to Expand Zero Trust CNAPP Security in South Korea
Menlo Park, California, USA, 17th November 2025, CyberNewsWire First seen on hackread.com Jump to article: hackread.com/frentree-partners-with-accuknox-to-expand-zero-trust-cnapp-security-in-south-korea/
-
North Korean Hackers Breach 136 U.S. Companies, Earning $2.2 Million
The U.S. Justice Department has announced a significant crackdown on North Korean cybercrime operations, securing five guilty pleas and initiating civil forfeiture actions totaling over $15 million against schemes orchestrated by the Democratic People’s Republic of Korea (DPRK). The elaborate fraud network impacted more than 136 American companies, generating $2.2 million for the North Korean…
-
North Korea’s ‘Job Test’ trap upgrades to JSON malware dropboxes
Developers remain a high-value target: Researchers highlighted that the campaign specifically targets developers involved in crypto and Web3 projects, using realistic-sounding personas and demo applications (real estate, DeFi, game forks) to lower suspicion. The state-linked actors’ shift from direct payload hosting to abusing legitimate JSON storage services suggests that even benign developer-centric platforms are now…
-
North Korea’s ‘Job Test’ trap upgrades to JSON malware dropboxes
Developers remain a high-value target: Researchers highlighted that the campaign specifically targets developers involved in crypto and Web3 projects, using realistic-sounding personas and demo applications (real estate, DeFi, game forks) to lower suspicion. The state-linked actors’ shift from direct payload hosting to abusing legitimate JSON storage services suggests that even benign developer-centric platforms are now…
-
North Korean threat actors use JSON sites to deliver malware via trojanized code
North Korean Contagious Interview actors now host malware on JSON storage sites to deliver trojanized code projects, NVISO reports. North Korea-linked actors behind the Contagious Interview campaign have updated their tactics, using JSON storage services (e.g. JSON Keeper, JSONsilo, and npoint.io) to host and deliver malware through trojanized code projects, according to a new NVISO report. >>NVISO…
-
North Korean threat actors use JSON sites to deliver malware via trojanized code
North Korean Contagious Interview actors now host malware on JSON storage sites to deliver trojanized code projects, NVISO reports. North Korea-linked actors behind the Contagious Interview campaign have updated their tactics, using JSON storage services (e.g. JSON Keeper, JSONsilo, and npoint.io) to host and deliver malware through trojanized code projects, according to a new NVISO report. >>NVISO…
-
North Korea’s Contagious Interview APT Uses JSON Keeper and GitLab to Deliver BeaverTail Spyware
The post North Korea’s Contagious Interview APT Uses JSON Keeper and GitLab to Deliver BeaverTail Spyware appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/north-koreas-contagious-interview-apt-uses-json-keeper-and-gitlab-to-deliver-beavertail-spyware/
-
Five admit helping North Korea evade sanctions through IT worker schemes
Five pleaded guilty to aiding North Korea ‘s illicit revenue via IT worker fraud, violating international sanctions. The U.S. Department of Justice announced that five people have pleaded guilty to helping North Korea secretly generate revenue by running illegal IT-worker schemes that violated international sanctions. The individuals Audricus Phagnasay (24), Jason Salazar (30), Alexander […]…
-
Five Plead Guilty in U.S. for Helping North Korean IT Workers Infiltrate 136 Companies
The U.S. Department of Justice (DoJ) on Friday announced that five individuals have pleaded guilty to assisting North Korea’s illicit revenue generation schemes by enabling information technology (IT) worker fraud in violation of international sanctions.The five individuals are listed below -Audricus Phagnasay, 24Jason Salazar, 30Alexander Paul Travis, 34Oleksandr Didenko, 28, andErick First seen on thehackernews.com…
-
Five U.S. Citizens Plead Guilty to Helping North Korean IT Workers Infiltrate 136 Companies
The U.S. Department of Justice (DoJ) on Friday announced that five individuals have pleaded guilty to assisting North Korea’s illicit revenue generation schemes by enabling information technology (IT) worker fraud in violation of international sanctions.The five individuals are listed below -Audricus Phagnasay, 24Jason Salazar, 30Alexander Paul Travis, 34Oleksandr Didenko, 28, andErick First seen on thehackernews.com…
-
DOJ Continues Crackdown on North Korea’s Cyber Schemes
Justice Department Secures Guilty Pleas, $15M in Civil Forfeiture. Federal prosecutors charged U.S. citizens and foreign nationals for aiding North Korean IT workers in infiltrating U.S. firms, laundering crypto and funneling illicit revenue back to Pyongyang’s weapons program in what the DOJ has described as a major sanctions-evasion scheme. First seen on govinfosecurity.com Jump to…
-
Five plead guilty to helping North Koreans infiltrate US firms
The U.S. Department of Justice announced that five individuals pleaded guilty to aiding North Korea’s illicit revenue generation schemes, including remote IT worker fraud and cryptocurrency theft. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/five-plead-guilty-to-helping-north-koreans-infiltrate-us-firms/
-
Breach Roundup: UK Probes Chinese-Made Electric Buses
Also, North Korean Hackers Remotely Wipe Android Devices. This week, the U.K. government probed Chinese electric buses for a kill switch, APT37 abused Google’s Find Hub in South Korea, Conduent said its January hack will cost it more, Hyundai disclosed a breach and Patch Tuesday. OWASP added two new categories to its Top 10 web…
-
North Korea-linked Konni APT used Google Find Hub to erase data and spy on defectors
North Korea-linked APT Konni posed as counselors to steal data and wipe Android phones via Google Find Hub in Sept 2025. Genians Security Center researchers warn that the North Korea-linked Konni APT group (aka Kimsuky, Earth Imp, TA406, Thallium, Vedalia, and Velvet Chollima) posed as counselors to hack Android and Windows, stealing data and wiping phones…
-
North Korea’s KONNI APT Hijacks Google Find Hub to Remotely Wipe and Track South Korean Android Devices
The post North Korea’s KONNI APT Hijacks Google Find Hub to Remotely Wipe and Track South Korean Android Devices appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/north-koreas-konni-apt-hijacks-google-find-hub-to-remotely-wipe-and-track-south-korean-android-devices/
-
Konni Hackers Turn Google’s Find Hub into a Remote Data-Wiping Weapon
The North Korea-affiliated threat actor known as Konni (aka Earth Imp, Opal Sleet, Osmium, TA406, and Vedalia) has been attributed to a new set of attacks targeting both Android and Windows devices for data theft and remote control.”Attackers impersonated psychological counselors and North Korean human rights activists, distributing malware disguised as stress-relief programs,” the Genians…
-
Android Users Hit by Malware Disguised as Relaxation Programs
A sophisticated new cyberattack targeting Android devices in South Korea has been uncovered, leveraging Google’s asset-tracking feature, Find Hub, to remotely wipe sensitive user data. Threat actors disguised as psychological counselors and North Korean human rights activists have distributed malware masquerading as stress-relief programs, marking a significant escalation in state-sponsored attacks linked to the notorious…
-
Android Users Hit by Malware Disguised as Relaxation Programs
A sophisticated new cyberattack targeting Android devices in South Korea has been uncovered, leveraging Google’s asset-tracking feature, Find Hub, to remotely wipe sensitive user data. Threat actors disguised as psychological counselors and North Korean human rights activists have distributed malware masquerading as stress-relief programs, marking a significant escalation in state-sponsored attacks linked to the notorious…