Tag: korea
-
North Korea’s ScarCruft Targets Academics With RokRAT Malware
A new report reveals North Korea-linked ScarCruft is using RokRAT malware to target academics in a phishing campaign…. First seen on hackread.com Jump to article: hackread.com/north-korea-scarcruft-target-academics-rokrat-malware/
-
South Korea AI Act
What is the South Korea AI Act? South Korea’s Framework Act on the Development of Artificial Intelligence and Creation of a Trust Foundation, often referred to simply as the AI Framework Act or the AI Basic Act, is the country’s landmark law on artificial intelligence. It was passed by the National Assembly in December 2024,……
-
North Korea’s APT37 deploys RokRAT in new phishing campaign against academics
ScarCruft (APT37) launches Operation HanKook Phantom, a phishing campaign using RokRAT to target academics, ex-officials, and researchers. Cybersecurity firm Seqrite Labs uncovered a phishing campaign, tracked as dubbed Operation HanKook Phantom, by the North Korea-linked group APT37 (aka Ricochet Chollima, ScarCruft, Reaper, and Group123). Threat actors are using a fake “National Intelligence Research Society Newsletter…
-
ScarCruft Uses RokRAT Malware in Operation HanKook Phantom Targeting South Korean Academics
Cybersecurity researchers have discovered a new phishing campaign undertaken by the North Korea-linked hacking group called ScarCruft (aka APT37) to deliver a malware known as RokRAT.The activity has been codenamed Operation HanKook Phantom by Seqrite Labs, stating the attacks appear to target individuals associated with the National Intelligence Research Association, including academic figures First seen…
-
U.S. Treasury Sanctions North Korean IT Worker Network Funding Weapons Programs
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has imposed sanctions on Russian national Vitaliy Sergeyevich Andreyev, DPRK official Kim Ung Sun, Chinese entity Shenyang Geumpungri Network Technology Co., Ltd. DPRK-based Korea Sinjin Trading Corporation for their involvement in a sophisticated fraudulent scheme involving information technology workers orchestrated by the Democratic…
-
Treasury sanctions North Korea IT worker scheme facilitators and front organizations
As the sanctions-evading scheme has grown, so too has the U.S. government’s response. First seen on cyberscoop.com Jump to article: cyberscoop.com/treasury-department-sanctions-north-korea-worker-scheme/
-
Chinese Hacker Suspect Arrested in South Korea Over Major Financial Cyberattack
South Korean authorities have successfully extradited a key suspect in a large-scale hacking operation that resulted in the embezzlement of over 38 billion won (approximately $28.5 million USD) from high-profile victims. The individual, identified as Mr. G, a 34-year-old Chinese national, was repatriated from Thailand to Incheon International Airport on August 22, 2025, marking the…
-
US sanctions Russian national and Chinese company over North Korean IT worker schemes
The U.S. Treasury Department announced new sanctions targeting key players in North Korea’s ongoing scheme to get its citizens hired as IT workers at American companies. First seen on therecord.media Jump to article: therecord.media/us-sanctions-company-national-north
-
US sanctions fraud network used by North Korean ‘remote IT workers’ to seek jobs and steal money
Treasury officials say the North Korea government used the fraud network to generate money for the regime’s nuclear weapons program. First seen on techcrunch.com Jump to article: techcrunch.com/2025/08/27/us-sanctions-fraud-network-used-by-north-korea-to-seek-jobs-and-steal-money/
-
Governments, tech companies meet in Tokyo to share tips on fighting North Korea IT worker scheme
The U.S. State Department said it worked with the Ministries of Foreign Affairs in Japan and South Korea to organize the forum, which had more than 130 attendees from freelance work platforms, payment service providers, cryptocurrency companies, AI firms and more. First seen on therecord.media Jump to article: therecord.media/japan-us-south-korea-forum-north-korea-it-worker-scheme
-
Alleged mastermind behind K-Pop celebrity stock heist extradited to South Korea
A suspected hacker, believed to be the mastermind behind an organised campaign of attacks that stole millions of dollars worth of stocks from celebrities, including BTS singer Jung Kook, has been extradited to South Korea. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/alleged-mastermind-behind-k-pop-celebrity-stock-heist-extradited-to-south-korea
-
South Korea arrests suspected Chinese hacker accused of targeting BTS singer and other celebrities
The 34-year-old suspect, identified only by his surname Jeon, was taken into custody last Friday and appeared in court on Sunday for a pretrial detention hearing, according to the Seoul police. First seen on therecord.media Jump to article: therecord.media/south-korea-arrests-hacker-accused-of-targeting-celebrities-bts
-
Chinese APT Leverages Proxy and VPN Services to Obfuscate Infrastructure
Tags: apt, china, cyber, cybersecurity, data, group, infrastructure, korea, leak, north-korea, service, threat, vpnA significant data dump surfaced on DDoSecrets.com, purportedly extracted from a workstation belonging to a threat actor targeting organizations in South Korea and Taiwan. The leak, detailed in an accompanying article, attributes the activity to the North Korean advanced persistent threat (APT) group known as Kimsuky, a sophisticated actor previously highlighted in cybersecurity advisories for…
-
DPRK, China Suspected in South Korean Embassy Attacks
Detailed spear-phishing emails sent to European government entities in Seoul are being tied to North Korea, China, or both. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/china-dprk-south-korean-embassy-attacks
-
North Korea Uses GitHub in Diplomat Cyber Attacks as IT Worker Scheme Hits 320+ Firms
North Korean threat actors have been attributed to a coordinated cyber espionage campaign targeting diplomatic missions in their southern counterpart between March and July 2025.The activity manifested in the form of at least 19 spear-phishing emails that impersonated trusted diplomatic contacts with the goal of luring embassy staff and foreign ministry personnel with convincing meeting…
-
North Korea-linked hackers target embassies in Seoul in new espionage campaign
North Korea-linked hackers were seen targeting more than a dozen embassies in Seoul with phishing emails. First seen on therecord.media Jump to article: therecord.media/north-korean-hackers-target-foreign-embassies
-
XenoRAT malware campaign hits multiple embassies in South Korea
A state-sponsored espionage campaign is targeting foreign embassies in South Korea to deploy XenoRAT malware from malicious GitHub repositories. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/xenorat-malware-campaign-hits-multiple-embassies-in-south-korea/
-
XenoRAT malware campaign hits multiple embassies in South Korea
A state-sponsored espionage campaign is targeting foreign embassies in South Korea to deploy XenoRAT malware from malicious GitHub repositories. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/xenorat-malware-campaign-hits-multiple-embassies-in-south-korea/
-
North Korea Attacks South Koreans With Ransomware
DPRK hackers are throwing every kind of malware at the wall and seeing what sticks, deploying stealers, backdoors, and ransomware all at once. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/north-korea-attacks-south-koreans-ransomware
-
Second ransomware attack in two months disrupts South Korean ticketing giant
Yes24, the largest ticket retailer in South Korea, faced its second ransomware attack this summer, affecting a tour for K-pop band Day6 and other events. First seen on therecord.media Jump to article: therecord.media/yes24-second-ransomware-attack-kpop-ticketing-affected
-
North Korean Kimsuky Hackers Suffer Data Breach as Insiders Leak Information Online
A member of North Korea’s notorious Kimsuky espionage group has experienced a significant data breach after insiders leaked hundreds of gigabytes of internal files and tools to the public. The breach, which emerged in early June 2025, exposed the group’s sophisticated backdoors, phishing frameworks, and reconnaissance operations, marking a rare setback for the state-sponsored threat…
-
North Korean Kimsuky Hackers Suffer Data Breach as Insiders Leak Information Online
A member of North Korea’s notorious Kimsuky espionage group has experienced a significant data breach after insiders leaked hundreds of gigabytes of internal files and tools to the public. The breach, which emerged in early June 2025, exposed the group’s sophisticated backdoors, phishing frameworks, and reconnaissance operations, marking a rare setback for the state-sponsored threat…
-
DARPA announces $4 million winner of AI code review competition at DEF CON
The winner announced on Friday at the DEF CON cybersecurity conference, known as Team Atlanta, is composed of tech experts from Georgia Tech, Samsung Research, the Korea Advanced Institute of Science & Technology (KAIST) and the Pohang University of Science and Technology (POSTECH). First seen on therecord.media Jump to article: therecord.media/darpa-ai-code-competition-winner-def-con
-
North Korean spies posing as remote workers have infiltrated hundreds of companies, says CrowdStrike
North Korean IT workers are increasingly using generative AI to draft resumes and “deepfake” their appearances to make money for North Korea’s sanctioned nuclear weapons program. First seen on techcrunch.com Jump to article: techcrunch.com/2025/08/04/north-korean-spies-posing-as-remote-workers-have-infiltrated-hundreds-of-companies-says-crowdstrike/
-
North Korea Hiding Malware Within JPEG Files to Attack Windows Systems Bypassing Detections
Security researchers at Genians Security Center have uncovered a sophisticated new variant of the RoKRAT malware, attributed to the North Korean-linked APT37 threat group, which employs steganography to conceal malicious payloads within seemingly innocuous JPEG image files. This technique allows the malware to evade traditional antivirus detections by embedding encrypted shellcode in image data, which…
-
Ninety laptops, millions of dollars: US woman jailed over North Korea remote-work scam
Christine Chapman apologizes for role in identity fraud that amassed millions to allegedly aid nuclear weapons programIn March 2020, about the time the Covid pandemic started, Christina Chapman, a woman who lived in Arizona and Minnesota, received a message on LinkedIn asking her to “be the US face” of a company and help overseas IT…
-
Lazarus Hackers Weaponize 234 npm and PyPI Packages to Infect Developers
Sonatype’s automated detection systems have uncovered an expansive and ongoing infiltration of the global open-source ecosystem by the notorious Lazarus Group, a threat actor believed to be backed by North Korea’s Reconnaissance General Bureau. Between January and July 2025, Sonatype identified and blocked 234 malicious software packages deployed through both the npm and PyPI open-source…
-
Over 200 Malicious Open Source Packages Traced to Lazarus Campaign
North Korea’s Lazarus Group has been blamed for a cyber-espionage campaign using open source packages First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/200-malicious-open-source-lazarus/