Tag: korea
-
APT Groups Target Construction Firms to Steal RDP, SSH, and Citrix Credentials
Tags: apt, china, citrix, credentials, cyber, cybercrime, group, iran, korea, network, north-korea, organized, ransomware, russia, threatThe construction industry has emerged as a primary target for sophisticated cyber adversaries in 2025, with threat actors including state-sponsored APT groups, ransomware operators, and organized cybercriminal networks actively targeting organizations across the building and construction sector. Nation-state actors from China, Russia, Iran, and North Korea are leveraging the industry’s rapid digital transformation and security…
-
APT Groups Target Construction Firms to Steal RDP, SSH, and Citrix Credentials
Tags: apt, china, citrix, credentials, cyber, cybercrime, group, iran, korea, network, north-korea, organized, ransomware, russia, threatThe construction industry has emerged as a primary target for sophisticated cyber adversaries in 2025, with threat actors including state-sponsored APT groups, ransomware operators, and organized cybercriminal networks actively targeting organizations across the building and construction sector. Nation-state actors from China, Russia, Iran, and North Korea are leveraging the industry’s rapid digital transformation and security…
-
Unpatched Windows Flaw a Boon for Nation-State Hackers
Chinese Hackers Target European Diplomats with LNK File Flaw. Chinese nation-state hackers are exploiting a Windows vulnerability to hack European diplomatic outposts, say security researchers – but operating system giant Microsoft says the flaw doesn’t merit a patch. Hackers used a flaw already compromised by North Korea and Russia. First seen on govinfosecurity.com Jump to…
-
U.S. sanctioned North Korea bankers for laundering funds linked to cyberattacks and peapons program
U.S. sanctions North Korea bankers and firms accused of laundering cybercrime funds used to finance the country’s nuclear weapons program. The U.S. Government has imposed sanctions on several North Korea bankers, financial institutions, and individuals accused of laundering funds obtained from cybercrime operations. According to the U.S. Treasury Department, these illicit financial activities directly support…
-
U.S. Sanctions 10 North Korean Entities for Laundering $12.7M in Crypto and IT Fraud
The U.S. Treasury Department on Tuesday imposed sanctions against eight individuals and two entities within North Korea’s global financial network for laundering money for various illicit schemes, including cybercrime and information technology (IT) worker fraud.”North Korean state-sponsored hackers steal and launder money to fund the regime’s nuclear weapons program,” said Under Secretary of First seen…
-
U.S. Sanctions 10 North Korean Entities for Laundering $12.7M in Crypto and IT Fraud
The U.S. Treasury Department on Tuesday imposed sanctions against eight individuals and two entities within North Korea’s global financial network for laundering money for various illicit schemes, including cybercrime and information technology (IT) worker fraud.”North Korean state-sponsored hackers steal and launder money to fund the regime’s nuclear weapons program,” said Under Secretary of First seen…
-
Kimsuky Debuts HTTPTroy Backdoor Against South Korea Users
The well-known North Korean threat group continues to improve the obfuscation and anti-analysis features of its attack toolchain. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/kimsuky-httptroy-backdoor-south-korea-users
-
North Korean companies, people sanctioned for money laundering from cybercrime, IT worker schemes
The Treasury Department on Tuesday sanctioned eight people and two companies it accused of laundering money obtained from cybercrime and IT worker schemes to fund North Korean government objectives. According to the department, over the last three years North Korea-linked cybercriminals have stolen over $3 billion, mostly in cryptocurrency. In addition, it said, North Korean…
-
North Korean companies, people sanctioned for money laundering from cybercrime, IT worker schemes
The Treasury Department on Tuesday sanctioned eight people and two companies it accused of laundering money obtained from cybercrime and IT worker schemes to fund North Korean government objectives. According to the department, over the last three years North Korea-linked cybercriminals have stolen over $3 billion, mostly in cryptocurrency. In addition, it said, North Korean…
-
Treasury sanctions 8 for laundering North Korea earnings from cybercrime, IT worker scheme
An IT company, a financial institution and eight men accused of aiding cybercrime and IT worker scams are now on the U.S. government’s list of sanctioned North Korean entities. First seen on therecord.media Jump to article: therecord.media/north-korea-us-sanctions-it-worker-scams-cybercrime
-
China’s president Xi Jinping jokes about backdoors in Xiaomi smartphones
South Korea’s president laughed, so perhaps it was funny? Unlike China’s censorship and snooping First seen on theregister.com Jump to article: www.theregister.com/2025/11/04/chinas_president_xi_jinping_jokes/
-
New HttpTroy Backdoor Poses as VPN Invoice in Targeted Cyberattack on South Korea
Tags: attack, backdoor, cyberattack, email, korea, north-korea, phishing, spear-phishing, threat, vpnThe North Korea-linked threat actor known as Kimsuky has distributed a previously undocumented backdoor codenamed HttpTroy as part of a likely spear-phishing attack targeting a single victim in South Korea.Gen Digital, which disclosed details of the activity, did not reveal any details on when the incident occurred, but noted that the phishing email contained a…
-
North Korea’s BlueNoroff Expands Scope of Crypto Heists
Two campaigns targeting fintech execs and Web3 developers show the APT going cross-platform in financially motivated campaigns that use fake business collaboration and job recruitment lures. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/north-korea-bluenoroff-expands-crypto-heists
-
Researchers Expose GhostCall and GhostHire: BlueNoroff’s New Malware Chains
Threat actors tied to North Korea have been observed targeting the Web3 and blockchain sectors as part of twin campaigns tracked as GhostCall and GhostHire.According to Kaspersky, the campaigns are part of a broader operation called SnatchCrypto that has been underway since at least 2017. The activity is attributed to a Lazarus Group sub-cluster called…
-
North Korea led the world in nation-state hacking in Q2 and Q3
Security leaders should prioritize anomalous-activity detection and zero-trust principles, a new report recommends. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/north-korea-hacking-trellix-report/803641/
-
Lazarus group targets European drone makers in new espionage campaign
Drone-component theft meets geopolitical ambition: The targeting of firms linked to UAV design and manufacture is no coincidence. At least two of the companies compromised were tied to critical drone component supply chains and software systems.”The in-the-wild attacks successively targeted three European companies active in the defense sector,” researchers added. “Although their activities are somewhat…
-
North Korean Hackers Target UAV Industry to Steal Confidential Data
ESET researchers have uncovered a sophisticated cyberespionage campaign targeting European defense companies specializing in unmanned aerial vehicle (UAV) technology. The attacks, attributed to the North Korea-aligned Lazarus group operating under Operation DreamJob, reveal a coordinated effort to steal proprietary manufacturing data and design specifications from critical players in the drone industry. The campaign, observed beginning…
-
North Korean Hackers Target UAV Industry to Steal Confidential Data
ESET researchers have uncovered a sophisticated cyberespionage campaign targeting European defense companies specializing in unmanned aerial vehicle (UAV) technology. The attacks, attributed to the North Korea-aligned Lazarus group operating under Operation DreamJob, reveal a coordinated effort to steal proprietary manufacturing data and design specifications from critical players in the drone industry. The campaign, observed beginning…
-
North Korean hacking group targeting European drone maker with ScoringMathTea malware
Researchers at ESET said they found evidence of a new tentacle of the long-running Operation DreamJob campaign, where North Korea’s Lazarus group sends malware-laden emails purporting to be from recruiters at top companies. First seen on therecord.media Jump to article: therecord.media/north-korea-hackers-target-europe-drone-makers
-
Lazarus targets European defense firms in UAV-themed Operation DreamJob
North Korean Lazarus hackers targeted 3 European defense firms via Operation DreamJob, using fake recruitment lures to hit UAV tech staff. North Korea-linked Lazarus APT group (aka Hidden Cobra) launched Operation DreamJob, compromising three European defense companies. Threat actors used fake recruiter profiles to lure employees into UAV technology roles, aiming to gain access to…
-
North Korean Hackers Lure Defense Engineers With Fake Jobs to Steal Drone Secrets
Threat actors with ties to North Korea have been attributed to a new wave of attacks targeting European companies active in the defense industry as part of a long-running campaign known as Operation Dream Job.”Some of these [companies’ are heavily involved in the unmanned aerial vehicle (UAV) sector, suggesting that the operation may be linked…
-
Lazarus Group’s Operation DreamJob Targets European Defense Firms
Cyber-attacks by North Korea’s Lazarus Group target European defense firms in drone development First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/lazarus-groups-operation-dreamjob/
-
How Lazarus Group used fake job ads to spy on Europe’s drone and defense sector
ESET researchers have uncovered a fresh wave of Operation DreamJob, a long-running campaign linked to North Korea’s Lazarus Group. This latest activity targeted several … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/23/eset-lazarus-operation-dreamjob/
-
Asian Nations Ramp Up Pressure on Cybercrime ‘Scam Factories’
After a particularly gruesome murder, South Korea issues code black travel ban for several regions in Cambodia, while other nations urge more raids. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/asian-nations-ramp-up-legal-attacks-cybercrime-factories
-
Foreign hackers breached a US nuclear weapons plant via SharePoint flaws
Tags: access, attack, authentication, breach, china, control, corporate, cve, cyber, cybercrime, cybersecurity, data, defense, exploit, flaw, framework, government, group, hacker, identity, infrastructure, intelligence, Intruder, korea, microsoft, monitoring, network, ransomware, reverse-engineering, risk, russia, supply-chain, tactics, technology, theft, threat, vulnerability, zero-day, zero-trustChina or Russia? Conflicting attribution: Microsoft attributed the broader wave of SharePoint exploitations to three Chinese-linked groups: Linen Typhoon, Violet Typhoon, and a third actor it tracks as Storm-2603. The company said the attackers were preparing to deploy Warlock ransomware across affected systems.However, the source familiar with the Kansas City incident tells CSO that a…
-
North Korea’s WaterPlum APT Deploys Node.js OtterCandy RAT for Crypto Theft with Anti-Forensic Module
The post North Korea’s WaterPlum APT Deploys Node.js OtterCandy RAT for Crypto Theft with Anti-Forensic Module appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/north-koreas-waterplum-apt-deploys-node-js-ottercandy-rat-for-crypto-theft-with-anti-forensic-module/