Tag: korea
-
North Korean Hackers Target UAV Industry to Steal Confidential Data
ESET researchers have uncovered a sophisticated cyberespionage campaign targeting European defense companies specializing in unmanned aerial vehicle (UAV) technology. The attacks, attributed to the North Korea-aligned Lazarus group operating under Operation DreamJob, reveal a coordinated effort to steal proprietary manufacturing data and design specifications from critical players in the drone industry. The campaign, observed beginning…
-
North Korean hacking group targeting European drone maker with ScoringMathTea malware
Researchers at ESET said they found evidence of a new tentacle of the long-running Operation DreamJob campaign, where North Korea’s Lazarus group sends malware-laden emails purporting to be from recruiters at top companies. First seen on therecord.media Jump to article: therecord.media/north-korea-hackers-target-europe-drone-makers
-
Lazarus targets European defense firms in UAV-themed Operation DreamJob
North Korean Lazarus hackers targeted 3 European defense firms via Operation DreamJob, using fake recruitment lures to hit UAV tech staff. North Korea-linked Lazarus APT group (aka Hidden Cobra) launched Operation DreamJob, compromising three European defense companies. Threat actors used fake recruiter profiles to lure employees into UAV technology roles, aiming to gain access to…
-
North Korean Hackers Lure Defense Engineers With Fake Jobs to Steal Drone Secrets
Threat actors with ties to North Korea have been attributed to a new wave of attacks targeting European companies active in the defense industry as part of a long-running campaign known as Operation Dream Job.”Some of these [companies’ are heavily involved in the unmanned aerial vehicle (UAV) sector, suggesting that the operation may be linked…
-
Lazarus Group’s Operation DreamJob Targets European Defense Firms
Cyber-attacks by North Korea’s Lazarus Group target European defense firms in drone development First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/lazarus-groups-operation-dreamjob/
-
How Lazarus Group used fake job ads to spy on Europe’s drone and defense sector
ESET researchers have uncovered a fresh wave of Operation DreamJob, a long-running campaign linked to North Korea’s Lazarus Group. This latest activity targeted several … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/23/eset-lazarus-operation-dreamjob/
-
Asian Nations Ramp Up Pressure on Cybercrime ‘Scam Factories’
After a particularly gruesome murder, South Korea issues code black travel ban for several regions in Cambodia, while other nations urge more raids. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/asian-nations-ramp-up-legal-attacks-cybercrime-factories
-
Foreign hackers breached a US nuclear weapons plant via SharePoint flaws
Tags: access, attack, authentication, breach, china, control, corporate, cve, cyber, cybercrime, cybersecurity, data, defense, exploit, flaw, framework, government, group, hacker, identity, infrastructure, intelligence, Intruder, korea, microsoft, monitoring, network, ransomware, reverse-engineering, risk, russia, supply-chain, tactics, technology, theft, threat, vulnerability, zero-day, zero-trustChina or Russia? Conflicting attribution: Microsoft attributed the broader wave of SharePoint exploitations to three Chinese-linked groups: Linen Typhoon, Violet Typhoon, and a third actor it tracks as Storm-2603. The company said the attackers were preparing to deploy Warlock ransomware across affected systems.However, the source familiar with the Kansas City incident tells CSO that a…
-
North Korea’s WaterPlum APT Deploys Node.js OtterCandy RAT for Crypto Theft with Anti-Forensic Module
The post North Korea’s WaterPlum APT Deploys Node.js OtterCandy RAT for Crypto Theft with Anti-Forensic Module appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/north-koreas-waterplum-apt-deploys-node-js-ottercandy-rat-for-crypto-theft-with-anti-forensic-module/
-
North Korea’s UNC5342 APT Uses EtherHiding to Store Malware in Blockchain Smart Contracts for Stealthy C2
The post North Korea’s UNC5342 APT Uses EtherHiding to Store Malware in Blockchain Smart Contracts for Stealthy C2 appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/north-koreas-unc5342-apt-uses-etherhiding-to-store-malware-in-blockchain-smart-contracts-for-stealthy-c2/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 67
Tags: banking, control, github, international, korea, malicious, malware, north-korea, resilience, rustSecurity Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Astaroth: Banking Trojan Abusing GitHub for Resilience North Korea’s Contagious Interview Campaign Escalates: 338 Malicious npm Packages, 50,000 Downloads New Rust Malware >>ChaosBot
-
ClickFake Interview Campaign Used by Threat Actors to Deliver OtterCandy Malware
A North Korean-linked group, WaterPlum’s Cluster B, has evolved its tactics by introducing OtterCandy”, a Node.jsbased RAT and information stealer”, through the ClickFake Interview campaign, with significant enhancements observed in August 2025. This threat actor, attributed to North Korea, orchestrated two primary campaigns: Contagious Interview and ClickFake Interview. Although multiple clusters operate under the WaterPlum…
-
North Korea’s Famous Chollima APT Uses Trojanized Node.js App to Deploy OtterCookie RAT for Crypto Theft
The post North Korea’s Famous Chollima APT Uses Trojanized Node.js App to Deploy OtterCookie RAT for Crypto Theft appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/north-koreas-famous-chollima-apt-uses-trojanized-node-js-app-to-deploy-ottercookie-rat-for-crypto-theft/
-
North Korean operatives spotted using evasive techniques to steal data and cryptocurrency
Research from Cisco Talos and Google Threat Intelligence Group underscores the extent to which North Korea-aligned attackers attempt to avoid detection. First seen on cyberscoop.com Jump to article: cyberscoop.com/north-korea-attackers-evasive-techniques-malware/
-
NK’s Famous Chollima Use BeaverTail and OtterCookie Malware in Job Scam
North Korea’s Famous Chollima is back, merging BeaverTail and OtterCookie malware to target job seekers. Cisco Talos details the new threat. Keylogging, screen recording, and cryptocurrency wallet theft detected in an attack. First seen on hackread.com Jump to article: hackread.com/nk-famous-chollima-beavertail-ottercookie-malware/
-
NK’s Famous Chollima Use BeaverTail and OtterCookie Malware in Job Scam
North Korea’s Famous Chollima is back, merging BeaverTail and OtterCookie malware to target job seekers. Cisco Talos details the new threat. Keylogging, screen recording, and cryptocurrency wallet theft detected in an attack. First seen on hackread.com Jump to article: hackread.com/nk-famous-chollima-beavertail-ottercookie-malware/
-
Hackers Use Blockchain to Hide Malware in Plain Sight
Tags: attack, blockchain, google, group, hacker, hacking, intelligence, korea, malware, north-korea, threatState, Criminal Hackers Use Blockchain Technique to Evade Takedowns. Google’s Threat Intelligence Group found hacking groups like North Korea’s UNC5342 and criminal group UNC5142 using a public blockchain technique called EtherHiding to distribute malware. The method makes attacks tougher to trace, block or dismantle. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/hackers-use-blockchain-to-hide-malware-in-plain-sight-a-29741
-
Hackers Use Blockchain to Hide Malware in Plain Sight
Tags: attack, blockchain, google, group, hacker, hacking, intelligence, korea, malware, north-korea, threatState, Criminal Hackers Use Blockchain Technique to Evade Takedowns. Google’s Threat Intelligence Group found hacking groups like North Korea’s UNC5342 and criminal group UNC5142 using a public blockchain technique called EtherHiding to distribute malware. The method makes attacks tougher to trace, block or dismantle. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/hackers-use-blockchain-to-hide-malware-in-plain-sight-a-29741
-
North Korean Hackers Use EtherHiding to Hide Malware Inside Blockchain Smart Contracts
Tags: blockchain, crypto, google, group, hacker, hacking, intelligence, korea, malware, north-korea, theft, threatA threat actor with ties to the Democratic People’s Republic of Korea (aka North Korea) has been observed leveraging the EtherHiding technique to distribute malware and enable cryptocurrency theft, marking the first time a state-sponsored hacking group has embraced the method.The activity has been attributed by Google Threat Intelligence Group (GTIG) to a threat cluster…
-
Hackers Use Blockchain to Hide Malware in Plain Sight
Tags: attack, blockchain, google, group, hacker, hacking, intelligence, korea, malware, north-korea, threatState, Criminal Hackers Use Blockchain Technique to Evade Takedowns. Google’s Threat Intelligence Group found hacking groups like North Korea’s UNC5342 and criminal group UNC5142 using a public blockchain technique called EtherHiding to distribute malware. The method makes attacks tougher to trace, block or dismantle. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/hackers-use-blockchain-to-hide-malware-in-plain-sight-a-29741
-
BeaverTail and OtterCookie evolve with a new Javascript module
Cisco Talos has uncovered a new attack linked to Famous Chollima, a threat group aligned with North Korea (DPRK). First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/beavertail-and-ottercookie/
-
OpenAI Blocks Global Hackers Misusing ChatGPT for Cyberattacks
OpenAI halts hackers from Russia, North Korea, and China exploiting ChatGPT for malware and phishing attacks. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/chatgpt-cyberattacks/
-
OpenAI Blocks Global Hackers Misusing ChatGPT for Cyberattacks
OpenAI halts hackers from Russia, North Korea, and China exploiting ChatGPT for malware and phishing attacks. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/chatgpt-cyberattacks/
-
OpenAI Blocks Global Hackers Misusing ChatGPT for Cyberattacks
OpenAI halts hackers from Russia, North Korea, and China exploiting ChatGPT for malware and phishing attacks. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/chatgpt-cyberattacks/
-
Bybit Theft Drives Record-Breaking $2bn Haul for North Korea
North Korean hackers have stolen over $2bn in cryptocurrency already this year, says Elliptic First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/bybit-recordbreaking-2bn-north/
-
Bybit Theft Drives Record-Breaking $2bn Haul for North Korea
North Korean hackers have stolen over $2bn in cryptocurrency already this year, says Elliptic First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/bybit-recordbreaking-2bn-north/
-
North Korea IT worker scheme swells beyond US companies
Okta Threat Intelligence uncovered a large-scale and sustained operation, reflecting the North Korean regime’s pursuit of any opportunity that allows for remote employment. First seen on cyberscoop.com Jump to article: cyberscoop.com/north-korea-it-worker-global-scheme-okta/