Tag: korea
-
North Korea’s hijack of one of the web’s most used open source projects was likely weeks in the making
North Korean hackers pushed out malicious updates to a popular open source project by hacking a top developer’s computer in a long-running campaign. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/06/north-koreas-hijack-of-one-of-the-webs-most-used-open-source-projects-was-likely-weeks-in-the-making/
-
DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea
Threat actors likely associated with the Democratic People’s Republic of Korea (DPRK) have been observed using GitHub as command-and-control (C2) infrastructure in multi-stage attacks targeting organizations in South Korea.The attack chain, per Fortinet FortiGuard Labs, involves obfuscated Windows shortcut (LNK) files acting as the starting point to drop a decoy PDF First seen on thehackernews.com…
-
Drift Protocol Hit in $286M Suspected North Korea-Linked Crypto Heist
Hackers have stolen approximately $286 million from Drift Protocol, a leading decentralized perpetual futures exchange on the Solana blockchain, in what security researchers believe may be a North Korea-linked cyberattack. The incident occurred on April 1, 2026, and is already being described as the largest decentralized finance (DeFi) hack of the year. Drift Protocol quickly…
-
GitHub-Backed Malware Spread via LNK Files in South Korea
Hackers are abusing Windows shortcut files and GitHub to run a stealthy, multi”‘stage malware campaign against organizations in South Korea. The operation chains LNK files, PowerShell, and GitHub APIs to deliver surveillance tools while blending into normal enterprise traffic.The campaign begins with weaponized LNK files that contain hidden scripts instead of simple shortcuts. These older…
-
North Korea’s Modular Malware Strategy Hides Attribution, Defies Takedowns
North Korea’s cyber program is shifting from monolithic “families” to a modular, portfolio-style malware ecosystem designed to survive exposure, frustrate attribution, and keep operations running under constant pressure. Years of sanctions, coordinated law-enforcement pressure, and rapid public disclosure of campaigns have forced Pyongyang to treat every tool as disposable. Once-static implants are now built with…
-
AI’s Achilles Heel is an Oil Shipping Strait
A Shipping Crisis in the Middle East Is Now a Chip Crisis Everywhere Else. The Strait of Hormuz crisis is amplifying a supply crunch in the specialist memory chips that power AI, and analysts say the industry’s concentration in South Korea makes the timing particularly uncomfortable. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/ais-achilles-heel-oil-shipping-strait-a-31332
-
North Korealinked hackers drain $285M from Drift in sophisticated attack
Drift lost $285M in a sophisticated attack, likely by North Korea, who used nonce-based tricks to gain control and quickly drain funds Drift suffered a $285 million cryptocurrency heist in a highly sophisticated attack likely linked to North Korea. Threat actors used durable nonce accounts to pre-sign and delay transactions, while also compromising multisig approvals…
-
North Korea-Linked Hackers Hit Axios npm in Supply Chain Attack
Tags: attack, breach, credentials, cyber, hacker, korea, malicious, north-korea, software, supply-chain, threatA major software supply chain attack has been uncovered after threat actors compromised the widely used Axios npm package, impacting developers and organizations worldwide. The incident, detected on March 31, 2026, involved the use of stolen maintainer credentials to inject malicious code into the popular HTTP client library. Axios is one of the most widely…
-
North Korea Uses GitHub as C2 in New LNK Phishing Campaign
A new phishing campaign that uses malicious Windows shortcut (LNK) files to target users in South Korea, while abusing GitHub as Command and Control (C2) infrastructure to hide its activity. The operation, linked through tooling and tradecraft to North Korearelated actors, shows a clear evolution from earlier, less obfuscated XenoRAT-delivery campaigns observed since 2024. In…
-
Drift crypto platform confirms $280 million stolen in hack as researchers point finger at North Korea
The platform released a post-mortem on Wednesday night explaining that malicious actors gained access to Drift systems through a “novel attack” that involved the “rapid takeover” of the company’s security council administrative powers. First seen on therecord.media Jump to article: therecord.media/drift-crypto-confirms-280-million-stolen-north-korea
-
Google links Axios npm supply chain attack to North Korea-linked APT UNC1069
Google links the Axios npm supply chain attack to North Korean threat group UNC1069, targeting financial gain. Google has attributed the recent Axios npm supply chain compromise to a North Korean threat group tracked as UNC1069. The attack, aimed at financial gain, exploited the package to target developers and organizations relying on Axios. John Hultquist…
-
Backdooring of JavaScript Library Axios Tied to North Korea
Expect Fallout After Remote Access Trojan Added to Popular JavaScript NPM Package. A supply-chain attack backdoored versions of Axios, a popular JavaScript library that’s present in many different software packages, to distribute a cross-platform, remote access Trojan. Identifying the full fallout from the attack could take some time, experts warned. First seen on govinfosecurity.com Jump…
-
Google Says North Korea Was Behind the Axios npm Supply Chain Attack
A supply chain compromise involving the widely used JavaScript package Axios is now being tied to a North Korea-linked threat actor, turning what already looked like a serious open-source incident into a much bigger security story. Google Threat Intelligence Group said the attack targeted the official Axios package on npm and attributed the activity to……
-
New ‘StoatWaffle’ malware auto”‘executes attacks on developers
Tags: attack, detection, group, infrastructure, jobs, korea, malicious, malware, north-korea, threatContagious Interview, revisited: StoatWaffle isn’t an isolated campaign. It’s the latest chapter in the Contagious Interview attacks, widely attributed to North Korea-linked threat actors tracked as WaterPlum.Historically, this campaign has targeted developers and job seekers through fake interview processes, luring them into running malicious code under the guise of technical assessments. Previously, the campaign weaponized…
-
North Korea-linked threat actors abuse VS Code auto-run to spread StoatWaffle malware
North Korea-linked threat actors use VS Code auto-run tasks to spread StoatWaffle malware via malicious projects that execute on folder open. North Korea-linked threat actor Team 8 behind the Contagious Interview campaign is spreading StoatWaffle malware through malicious Microsoft Visual Studio Code projects. Since late 2025, they have abused the “tasks.json” auto-run feature in Microsoft…
-
Behavioral XDR and threat intel nab North Korean fake IT worker within 10 days of hire
Key signs of NK-linked insider infiltration: SpiderLabs has found that these threat actors commonly operate from China rather than North Korea because the internet is more stable and they can employ VPN services to conceal their true geographic origin.Astrill VPN has the ability to bypass China’s Great Firewall and allows threat actors to tunnel traffic…
-
WaterPlum Unleashes “StoatWaffle” Malware in VSCode Supply Chain Attack
A North Korea-linked threat group known as WaterPlum has introduced a new malware strain called “StoatWaffle” as part of its ongoing Contagious Interview campaign. The activity has been attributed to Team 8, a subgroup within WaterPlum also tracked as the Moralis or Modilus cluster. This team was previously associated with the OtterCookie malware, but since…
-
OFAC Sanctions DPRK IT Worker Network Funding WMD Programs Through Fake Remote Jobs
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned six individuals and two entities for their involvement in the Democratic People’s Republic of Korea (DPRK) information technology (IT) worker scheme with an aim to defraud U.S. businesses and generate illicit revenue for the regime to fund its weapons of mass…
-
New research unpacks North Korea’s stealthy, sophisticated remote IT worker schemes
The report recommends that businesses practice several forms of vigilance to avoid unwittingly hiring Pyongyang’s operatives. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/north-korea-remote-it-worker-ibm-flare/815063/
-
North Korea’s 100,000-strong fake IT worker army rake in $500M a year for Kim Jong Un
Researchers map full org chart of the scam from dodgy recruiters to helpful Western collaborators First seen on theregister.com Jump to article: www.theregister.com/2026/03/18/researchers_lift_the_lid_on/
-
Crypto e-commerce platform Bitrefill accuses North Korea of stealing 18,500 purchase records
Bitrefill said hackers allegedly tied to North Korea’s Lazarus group accessed around 18,500 purchase records that contained email addresses, crypto payment addresses, and metadata including IP addresses. First seen on therecord.media Jump to article: therecord.media/crypto-platform-accuses-north-korea-hack
-
Crypto e-commerce platform Bitrefill accuses North Korea of stealing 18,500 purchase records
Bitrefill said hackers allegedly tied to North Korea’s Lazarus group accessed around 18,500 purchase records that contained email addresses, crypto payment addresses, and metadata including IP addresses. First seen on therecord.media Jump to article: therecord.media/crypto-platform-accuses-north-korea-hack
-
US sanctions North Korea IT worker networks in Laos, Vietnam
The latest round of sanctions targeted Amnokgang Technology Development Company, a North Korean company that manages delegations of IT workers, and Quangvietdnbg International Services Company, a Vietnamese firm used by North Korean actors for currency conversion services. First seen on therecord.media Jump to article: therecord.media/us-sanctions-north-korea-it-worker-networks-laos-vietnam
-
Meta Disables 150K Accounts Linked to Southeast Asia Scam Centers in Global Crackdown
Meta on Wednesday said it disabled over 150,000 accounts associated with scam centers in Southeast Asia as part of a coordinated effort in partnership with authorities from Thailand, the U.S., the U.K., Canada, Korea, Japan, Singapore, the Philippines, Australia, New Zealand, and Indonesia.The effort also led to 21 arrests made by the Royal Thai Police,…
-
North Korean agents using AI to trick western firms into hiring them, Microsoft says
Firm says AI tools are masking identities of false applicants, who then funnel wages from remote IT jobs to North KoreaFake IT workers deployed by North Korea are using AI technology, including voice-changing tools, to trick western companies into hiring them, Microsoft has said.The US tech firm said a signature Pyongyang money-raising ruse is being…
-
Europa im Visier von Cyber-Identitätsdieben
Deutsche Unternehmen müssen sich warm anziehen: Sowohl staatliche als auch ‘private” Akteure haben es auf sie abgesehen.ShutterstockWie die Experten von Darktrace in ihrem aktuellen Threat Report 2026 darstellen, bleiben Cloud- und E-Mail-Konten das Einfallstor Nummer Eins in Europa. Dem Bericht zufolge begannen im vergangenen Jahr in Europa 58 Prozent der Attacken mit kompromittierten Cloud-Accounts oder…