Tag: korea

Top Security Incidents of 2025: Lazarus Group’s Cryptocurrency Heist

Feb 16, 2026 12:58 PM

Tags: apt, attack, breach, crypto, cyber, data-breach, group, korea, lazarus, network, north-korea, security-incident, supply-chain

Event Summary In February 2025, the North Korea-linked APT group Lazarus launched a highly sophisticated supply chain attack against the prominent cryptocurrency exchange Bybit, successfully stealing over 400,000 ETH and stETH”, valued at approximately $1.5 billion. This incident marks the largest single security breach in the global cryptocurrency sector to date. The attack exposed critical…
Malicious npm and PyPI packages linked to Lazarus APT fake recruiter campaign

Feb 15, 2026 7:58 PM

Tags: apt, jobs, korea, lazarus, malicious, north-korea, pypi

Researchers found malicious npm and PyPI packages tied to a fake recruitment campaign linked to North Korea’s Lazarus Group. ReversingLabs researcher uncovered new malicious packages on npm and PyPI connected to a fake job recruitment campaign attributed to the North Korea-linked Lazarus Group. The campaign uses deceptive hiring themes to trick developers into downloading infected…
Louis Vuitton, Dior, and Tiffany fined $25 million over data breaches

Feb 13, 2026 7:58 PM

Tags: access, breach, data, korea, unauthorized

South Korea has fined luxury fashion brands Louis Vuitton, Christian Dior Couture, and Tiffany $25 million for failing to implement adequate security measures, which facilitated unauthorized access and the exposure of data belonging to more than 5.5 million customers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/louis-vuitton-dior-and-tiffany-fined-25-million-over-data-breaches/
State Hackers Turn Google AI Into Attack Acceleration Tool

Feb 13, 2026 7:58 PM

Tags: ai, attack, china, cyberattack, exploit, google, hacker, intelligence, iran, korea, malware, north-korea, social-engineering, tool

China, Iran, North Korea Hackers Exploit Gemini Across Attack Life Cycle. State-backed hackers weaponized Google’s artificial intelligence model Gemini to accelerate cyberattacks, using the productivity tool as an offensive asset for reconnaissance, social engineering and malware development. Google said it has disabled accounts and strengthened defenses. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/state-hackers-turn-google-ai-into-attack-acceleration-tool-a-30751
State Hackers Turn Google AI Into Attack Acceleration Tool

Feb 13, 2026 7:58 PM

Tags: ai, attack, china, cyberattack, exploit, google, hacker, intelligence, iran, korea, malware, north-korea, social-engineering, tool

China, Iran, North Korea Hackers Exploit Gemini Across Attack Life Cycle. State-backed hackers weaponized Google’s artificial intelligence model Gemini to accelerate cyberattacks, using the productivity tool as an offensive asset for reconnaissance, social engineering and malware development. Google said it has disabled accounts and strengthened defenses. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/state-hackers-turn-google-ai-into-attack-acceleration-tool-a-30751
Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations

Feb 13, 2026 6:58 PM

Tags: china, cyber, defense, google, group, intelligence, iran, korea, north-korea, russia, threat

Several state-sponsored actors, hacktivist entities, and criminal groups from China, Iran, North Korea, and Russia have trained their sights on the defense industrial base (DIB) sector, according to findings from Google Threat Intelligence Group (GTIG).The tech giant’s threat intelligence division said the adversarial targeting of the sector is centered around four key themes: striking defense…
Google fears massive attempt to clone Gemini AI through model extraction

Feb 13, 2026 1:58 PM

Tags: access, ai, api, attack, china, ciso, cybercrime, cybersecurity, defense, exploit, google, government, group, hacker, intelligence, iran, jobs, korea, LLM, malicious, malware, north-korea, phishing, russia, service, social-engineering, threat, vulnerability

Nation-state groups used Gemini to accelerate attack operations: Google sees itself not just as a potential victim of AI cybercrime, but also an unwilling enabler. Its report documented how government-backed threat actors from China, Iran, North Korea, and Russia integrated Gemini into their operations in late 2025. The company said it disabled accounts and assets…
Google Reports State-Backed Hackers Using Gemini AI for Recon and Attack Support

Feb 12, 2026 7:58 PM

Tags: ai, attack, cyber, google, group, hacker, hacking, intelligence, korea, north-korea, threat, tool

Google on Thursday said it observed the North Korea-linked threat actor known as UNC2970 using its generative artificial intelligence (AI) model Gemini to conduct reconnaissance on its targets, as various hacking groups continue to weaponize the tool for accelerating various phases of the cyber attack life cycle, enabling information operations, and even conducting model extraction…
Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems

Feb 12, 2026 7:58 PM

Tags: cybersecurity, korea, lazarus, malicious, north-korea, pypi

Cybersecurity researchers have discovered a fresh set of malicious packages across npm and the Python Package Index (PyPI) repository linked to a fake recruitment-themed campaign orchestrated by the North Korea-linked Lazarus Group.The coordinated campaign has been codenamed graphalgo in reference to the first package published in the npm registry. It’s assessed to be active since…
North Korea’s UNC1069 Hammers Crypto Firms With AI

Feb 11, 2026 11:58 PM

Tags: ai, crypto, deep-fake, finance, korea, LLM, north-korea, threat

In moving away from traditional banks to focus on Web3 companies, the threat actor is leveraging LLMs, deepfakes, legitimate platforms, and ClickFix. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/north-koreas-unc1069-hammers-crypto-firms
North Korea’s UNC1069 Hammers Crypto Firms With AI

Feb 11, 2026 11:58 PM

Tags: ai, crypto, deep-fake, finance, korea, LLM, north-korea, threat

In moving away from traditional banks to focus on Web3 companies, the threat actor is leveraging LLMs, deepfakes, legitimate platforms, and ClickFix. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/north-koreas-unc1069-hammers-crypto-firms
North Korea’s UNC1069 Hammers Crypto Firms With AI

Feb 11, 2026 11:58 PM

Tags: ai, crypto, deep-fake, finance, korea, LLM, north-korea, threat

In moving away from traditional banks to focus on Web3 companies, the threat actor is leveraging LLMs, deepfakes, legitimate platforms, and ClickFix. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/north-koreas-unc1069-hammers-crypto-firms
DPRK Operatives Impersonate Professionals on LinkedIn to Infiltrate Companies

Feb 10, 2026 7:13 PM

Tags: email, identity, korea, linkedin, technology

The information technology (IT) workers associated with the Democratic People’s Republic of Korea (DPRK) are now applying to remote positions using real LinkedIn accounts of individuals they’re impersonating, marking a new escalation of the fraudulent scheme.”These profiles often have verified workplace emails and identity badges, which DPRK operatives hope will make their fraudulent First seen…
International sting dismantles illegal streaming empire serving millions

Feb 5, 2026 1:24 PM

Tags: international, korea

Actions by authorities from Italy, Romania, Spain, the United Kingdom, Canada, Kosovo and South Korea, supported by Eurojust and Europol, led to the seizure of multiple … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/05/eurojust-illegal-streaming-services-seizure/
Chollima APT Hackers Weaponize LNK Files to Deploy Sophisticated Malware

Feb 3, 2026 11:13 AM

Tags: apt, attack, cyber, email, group, hacker, korea, malware, north-korea, phishing, spear-phishing, threat

In March 2025, the Ricochet Chollima APT group, widely recognized as APT37 and linked to North Korean state-sponsored operations, launched a targeted spear-phishing campaign against activists focused on North Korean affairs. The threat actors initiated the attack chain via spear-phishing emails impersonating a North Korea-focused security expert based in South Korea. The emails referenced legitimate…
Hydra Tactics: North Korea’s LABYRINTH CHOLLIMA Splits to Hunt Crypto Secrets

Feb 3, 2026 5:13 AM

Tags: crypto, korea, north-korea, tactics

The post Hydra Tactics: North Korea’s LABYRINTH CHOLLIMA Splits to Hunt Crypto Secrets appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/hydra-tactics-north-koreas-labyrinth-chollima-splits-to-hunt-crypto-secrets/
Long-running North Korea threat group splits into 3 distinct operations

Jan 29, 2026 1:23 PM

Tags: crypto, espionage, group, korea, lazarus, north-korea, theft, threat

The trio, which share lineage with the more broadly defined Lazarus Group, are focused on espionage and cryptocurrency theft, according to CrowdStrike. First seen on cyberscoop.com Jump to article: cyberscoop.com/north-korea-labyrinth-chollima-splits-crowdstrike/
Lazarus Hackers Target European Drone Manufacturers in Active Campaign

Jan 26, 2026 4:21 PM

Tags: attack, cyber, cyberespionage, defense, group, hacker, hacking, korea, lazarus, north-korea

The North Korean state-sponsored Lazarus hacking group has launched a sophisticated cyberespionage campaign targeting European defense contractors involved in uncrewed aerial vehicle (UAV) manufacturing. The attacks appear directly linked to North Korea’s efforts to accelerate its domestic drone production capabilities through industrial espionage. The targeted organizations include a metal engineering firm, an aircraft component manufacturer,…
Konni Hackers Deploy AI-Generated PowerShell Backdoor Against Blockchain Developers

Jan 26, 2026 11:21 AM

Tags: ai, backdoor, blockchain, hacker, india, intelligence, korea, malware, north-korea, phishing, powershell, russia, threat, tool, ukraine

The North Korean threat actor known as Konni has been observed using PowerShell malware generated using artificial intelligence (AI) tools to target developers and engineering teams in the blockchain sector.The phishing campaign has targeted Japan, Australia, and India, highlighting the adversary’s expansion of the targeting scope beyond South Korea, Russia, Ukraine, and European nations, Check…
The Developer’s Backdoor: North Korea Weaponizes Visual Studio Code

Jan 26, 2026 5:21 AM

Tags: backdoor, korea, north-korea

The post The Developer’s Backdoor: North Korea Weaponizes Visual Studio Code appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/the-developers-backdoor-north-korea-weaponizes-visual-studio-code/
Threat Actors Exploit LNK Files to Deploy MoonPeak Malware on Windows Systems

Jan 23, 2026 4:34 PM

Tags: attack, cyber, exploit, finance, korea, malware, social-engineering, threat, windows

A sophisticated three-stage malware attack campaign against Windows users in South Korea using specially crafted LNK (shortcut) files. The attack begins with a deceptive LNK file named >>ì‹¤ì „ íŠ¸ë ˆì´ë, © í•µì‹¬ ë¹„ë²•ì„œ.pdf.lnk<>Practical Trading Core Secret Book<<), specifically crafted to target South Korean investors seeking financial guidance. This social engineering approach exploits users' trust […] The…
Cryptohack Roundup: South Korea Busts $102M Laundering Ring

Jan 22, 2026 6:46 PM

Tags: exploit, finance, flaw, fraud, korea, software

Also: $7 Million Saga and $5 Million Makina Finance Exploits. This week, South Korea dismantled a million money laundering ring, Saga paused SagaEVM after a $7 million exploit, Makina Finance lost $5 million, a Utah man sentenced to three years for fraud and illegal cash conversion and a software flaw let traders win Ethereum transaction…
Cryptohack Roundup: South Korea Busts $102M Laundering Ring

Jan 22, 2026 6:46 PM

Tags: exploit, finance, flaw, fraud, korea, software

Also: $7 Million Saga and $5 Million Makina Finance Exploits. This week, South Korea dismantled a million money laundering ring, Saga paused SagaEVM after a $7 million exploit, Makina Finance lost $5 million, a Utah man sentenced to three years for fraud and illegal cash conversion and a software flaw let traders win Ethereum transaction…
DPRK Actors Deploy VS Code Tunnels for Remote Hacking

Jan 22, 2026 4:30 PM

Tags: hacking, infrastructure, korea, microsoft, phishing, spear-phishing

A spear-phishing campaign tied to the Democratic People’s Republic of Korea (DPRK) uses trusted Microsoft infrastructure to avoid detection. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/dprk-vs-code-tunnels-remote-hacking
Germany and Israel Pledge Cybersecurity Alliance

Jan 21, 2026 12:13 AM

Tags: china, cyberattack, cybersecurity, defense, germany, iran, korea, north-korea, russia

Berlin Readies Legislation Authorizing More Aggressive Stance in Cyberspace. Germany wants to drastically step up defenses against cyberattacks from foes such as Russia, China, Iran and North Korea, and it’s looking to key ally Israel for lessons and cooperation. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/germany-israel-pledge-cybersecurity-alliance-a-30568
North Korea-Linked Hackers Target Developers via Malicious VS Code Projects

Jan 20, 2026 8:29 PM

Tags: backdoor, hacker, korea, malicious, microsoft, north-korea, threat

The North Korean threat actors associated with the long-running Contagious Interview campaign have been observed using malicious Microsoft Visual Studio Code (VS Code) projects as lures to deliver a backdoor on compromised endpoints.The latest finding demonstrates continued evolution of the new tactic that was first discovered in December 2025, Jamf Threat Labs said.”This activity involved…
More than 40 countries impacted by North Korea IT worker scams, crypto thefts

Jan 13, 2026 11:02 PM

Tags: crypto, cyber, korea, north-korea, scam, theft

Eleven countries led a session at the UN headquarters in New York centered around a 140-page report released last fall that covered North Korea’s extensive cyber-focused efforts to fund its nuclear and ballistic weapons program. First seen on therecord.media Jump to article: therecord.media/40-countries-impacted-nk-it-thefts-united-nations
Suspected ransomware attack threatens one of South Korea’s largest companies

Jan 13, 2026 5:02 PM

Tags: attack, cyber, group, korea, ransomware

Kyowon Group, a conglomerate owned by one of South Korea’s richest people, is the latest company there to report suspicious cyber activity to authorities. First seen on therecord.media Jump to article: therecord.media/kyowon-group-south-korea-suspected-ransomware-attack
FBI Warns of North Korean QR Phishing Campaigns

Jan 9, 2026 12:01 PM

Tags: apt, group, korea, north-korea, phishing, qr, spear-phishing

The FBI says North Korea’s Kimsuky APT group is using QR codes in spear phishing campaigns First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fbi-warns-north-korean-qr-phishing/
FBI Warns of North Korean QR Phishing Campaigns

Jan 9, 2026 12:01 PM

Tags: apt, group, korea, north-korea, phishing, qr, spear-phishing

The FBI says North Korea’s Kimsuky APT group is using QR codes in spear phishing campaigns First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fbi-warns-north-korean-qr-phishing/