Tag: korea
-
Over 200 Malicious Open Source Packages Traced to Lazarus Campaign
North Korea’s Lazarus Group has been blamed for a cyber-espionage campaign using open source packages First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/200-malicious-open-source-lazarus/
-
North Korean APT Hackers Compromise CI/CD Pipelines to Steal Sensitive Data
Tags: apt, cyber, data, data-breach, detection, group, hacker, korea, lazarus, malicious, malware, north-korea, open-source, threatSonatype’s automated malware detection systems have exposed a large-scale and ongoing cyber infiltration campaign orchestrated by the North Korea-backed Lazarus Group, also known as Hidden Cobra. Between January and July 2025, Sonatype identified and blocked 234 unique malware packages attributed to this state-sponsored threat actor across popular open-source registries like npm and PyPI. These malicious…
-
32% of exploited vulnerabilities are now zero-days or 1-days
Russian and Iranian threat activity rises: The security industry attributes only some of the newly discovered exploits to known attacker groups, and only some of those groups have known countries of origin. As a result, statistics on the origin of attacks are not perfect.During the first half of 2025, 181 of CVEs added to the…
-
Researchers Reveal North Korean Threat Actors’ Tactics for Uncovering Illicit Access
Cybersecurity researchers from Flashpoint have exposed the intricate tactics employed by North Korean threat actors to infiltrate global organizations through remote work vulnerabilities. These operatives, affiliated with the Democratic People’s Republic of Korea (DPRK), masquerade as legitimate freelance developers, IT specialists, and contractors, embedding themselves in corporate workflows to siphon off at least $88 million…
-
Cybercriminals Use Fake Apps to Steal Data and Blackmail Users Across Asia’s Mobile Networks
Cybersecurity researchers have discovered a new, large-scale mobile malware campaign that’s targeting Android and iOS platforms with fake dating, social networking, cloud storage, and car service apps to steal sensitive personal data.The cross-platform threat has been codenamed SarangTrap by Zimperium zLabs. Users in South Korea appear to be the primary focus.”This extensive campaign involved First…
-
Arizona Woman Jailed for Helping North Korea in $17M IT Job Scam
Arizona woman jailed 8.5 years for aiding North Korea’s $17 million IT job scam, defrauding over 300 US companies. Learn how to protect your business from such sophisticated cybersecurity threats. First seen on hackread.com Jump to article: hackread.com/arizona-woman-jailed-help-north-korea-it-job-scam/
-
Security Affairs newsletter Round 534 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Law enforcement operations seized BlackSuit ransomware gang’s darknet sites Arizona woman sentenced for aiding North Korea…
-
Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme
Arizona woman gets 8 years for helping North Korea-linked threat actors to infiltrate 309 U.S. firms with fake IT jobs. Christina Marie Chapman (50) from Arizona, was sentenced to 102 months in prison for aiding North Korean IT workers in infiltrating 309 U.S. companies. She pleaded guilty to charges including aggravated identity theft, conspiracy to…
-
North Korean hackers ran US-based “laptop farm” from Arizona woman’s home
North Korea made millions from the scheme. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/07/north-korean-hackers-ran-us-based-laptop-farm-from-arizona-womans-home/
-
North Korea’s IT Worker Rampage Continues Amid DoJ Action
Arrests and indictments keep coming, but the North Korean fake IT worker scheme is only snowballing, and businesses can’t afford to assume their applicant-screening processes are up to the task of weeding the imposters out. First seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/north-korea-it-worker-rampage-doj
-
U.S. Sanctions Firm Behind N. Korean IT Scheme; Arizona Woman Jailed for Running Laptop Farm
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned a North Korean front company and three associated individuals for their involvement in the fraudulent remote information technology (IT) worker scheme designed to generate illicit revenues for Pyongyang.The sanctions target Korea Sobaeksu Trading Company (aka Sobaeksu United Corporation), and Kim Se Un,…
-
US sanctions North Korean firm, nationals behind IT worker schemes
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned three North Korean nationals and a company for supporting fraudulent IT worker schemes that generated illicit revenue for the Democratic People’s Republic of Korea (DPRK) government. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/us-sanctions-north-korean-firm-nationals-behind-it-worker-schemes/
-
US hits senior North Korean officials with sanctions, $3 million bounties
Kim Se Un, Jo Kyong Hun and Myong Chol Min are accused of helping North Korea evade U.S. and United Nations sanctions through an IT worker plot that involved tricking companies into hiring North Koreans using stolen identities. First seen on therecord.media Jump to article: therecord.media/us-sanctions-north-korean-officers-it-worker-scheme
-
Cyberattacks Surging Across Indo-Pacific, Researchers Warn
Report Urges Indo-Pacific Cyber Shield Strategy Amid Increased Nation-State Threats. A Center for a New American Security study found China and North Korea are accelerating cyberattacks, influence operations and infrastructure breaches across the Indo-Pacific, as researchers urge the U.S. to help develop a regional cyber shield, and deploy forward cyber teams. First seen on govinfosecurity.com…
-
North Korea Floods npm Registry with Malware
67 Malicious Packages, XORIndex Loader Target JavaScript Code-Sharing Platform. North Korean threat actors escalated their software supply chain attacks by uploading 67 new malicious packages to the npm Registry as part of the ongoing Contagious Interview campaign. The malware targets open-source JavaScript developers with malware loaders. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/north-korea-floods-npm-registry-malware-a-28990
-
Louis Vuitton says regional data breaches tied to same cyberattack
Luxury fashion giant Louis Vuitton confirmed that breaches impacting customers in the UK, South Korea, and Turkey stem from the same security incident, which is believed to be linked to the ShinyHunters extortion group. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/louis-vuitton-says-regional-data-breaches-tied-to-same-cyberattack/
-
Louis Vuitton says customers in Turkey, South Korea and UK impacted by data breaches
A statement from Louis Vuitton South Korea said the breach involved names, contact information and other data provided by customers. No financial information was included in the breach. First seen on therecord.media Jump to article: therecord.media/louis-vuitton-says-customers-impacted-by-data-breaches
-
North Korea-linked actors spread XORIndex malware via 67 malicious npm packages
North Korea-linked hackers uploaded 67 malicious npm packages with XORIndex malware, hitting 17K+ downloads in ongoing supply chain attacks. North Korea-linked threat actors behind the Contagious Interview campaign have uploaded 67 malicious npm packages with XORIndex malware loader, hitting over 17,000 downloads in ongoing supply chain attacks. XORIndex was built to evade detection and deploy…
-
Global Louis Vuitton data breach impacts UK, South Korea, and Turkey
Louis Vuitton data breach affects customers in the UK, South Korea, Turkey, and possibly more countries, with notifications underway. Customers of French luxury retailer Louis Vuitton are being notified of a data breach affecting multiple countries, including the UK, South Korea, and Turkey. The security breach was discovered on July 2nd, 2025, and exposed customer…
-
US Sanctions Key Threat Actors Tied to North Korea’s Remote IT Worker Scheme
The Office of Foreign Assets Control (OFAC) of the U.S. Department of the Treasury has taken a strong stance against cyber-enabled financial schemes that support North Korea’s illicit weapons programs by imposing sanctions on Song Kum Hyok, a malevolent cyber actor connected to the hacking group Andariel of the Democratic People’s Republic of Korea (DPRK).…
-
OFAC Sanctions Key Players in North Korea’s Remote IT Worker Scheme Funding Weapons Programs
The post OFAC Sanctions Key Players in North Korea’s Remote IT Worker Scheme Funding Weapons Programs appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/ofac-sanctions-key-players-in-north-koreas-remote-it-worker-scheme-funding-weapons-programs/
-
Treasury sanctions North Korean over IT worker malware scheme
The U.S. Department of the Treasury sanctioned cyber actor Song Kum Hyok for his association with North Korea’s hacking group Andariel and for facilitating IT worker schemes that generated revenue for the Pyongyang regime. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/legal/treasury-sanctions-north-korean-over-it-worker-malware-scheme/
-
Treasury sanctions North Korean over IT worker malware scheme
The U.S. Department of the Treasury sanctioned cyber actor Song Kum Hyok for his association with North Korea’s hacking group Andariel and for facilitating IT worker schemes that generated revenue for the Pyongyang regime. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/legal/treasury-sanctions-north-korean-over-it-worker-malware-scheme/
-
Security Affairs newsletter Round 531 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates Critical Sudo bugs expose…
-
North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates
North Korea-linked hackers use fake Zoom updates to spread macOS NimDoor malware, targeting crypto firms with stealthy backdoors. North Korea-linked threat actors are targeting Web3 and crypto firms with NimDoor, a rare macOS backdoor disguised as a fake Zoom update. Victims are tricked into installing the malware through phishing links sent via Calendly or Telegram.…
-
Microsoft shuts down 3,000 email accounts created by North Korean IT workers
Microsoft said it has spent years monitoring North Korea’s campaign to get its citizens hired in IT roles at U.S. companies and recently saw changes in how the campaign operates. First seen on therecord.media Jump to article: therecord.media/microsoft-shuts-down-3000-north-korea-it-worker-email
-
N Korean Hackers Drop NimDoor macOS Malware Via Fake Zoom Updates
SentinelLabs uncovers NimDoor, new North Korea-aligned macOS malware targeting Web3 and crypto firms. Exploits Nim, AppleScript, and steals Keychain, browser, shell, and Telegram data. First seen on hackread.com Jump to article: hackread.com/n-korean-hackers-nimdoor-macos-malware-fake-zoom-updates/
-
North Korean Hackers Target Web3 with Nim Malware and Use ClickFix in BabyShark Campaign
Tags: communications, crypto, hacker, injection, korea, macOS, malware, north-korea, programming, threatThreat actors with ties to North Korea have been observed targeting Web3 and cryptocurrency-related businesses with malware written in the Nim programming language, underscoring a constant evolution of their tactics.”Unusually for macOS malware, the threat actors employ a process injection technique and remote communications via wss, the TLS-encrypted version of the WebSocket protocol,” First seen…
-
North Korean IT Workers Employ New Tactics to Infiltrate Global Organizations
Tags: ai, china, cyber, intelligence, korea, microsoft, north-korea, russia, tactics, technology, threat, toolMicrosoft Threat Intelligence has uncovered a sophisticated operation by North Korean remote IT workers who are leveraging cutting-edge artificial intelligence (AI) tools to infiltrate organizations worldwide. Since at least 2020, these highly skilled individuals, often based in North Korea, China, and Russia, have been targeting technology-related roles across various industries to generate revenue for the…
-
U.S. DOJ Cracks Down on North Korean Remote IT Workforce Operating Illegally
The U.S. Department of Justice (DOJ) has announced a major crackdown on North Korea’s covert use of remote information technology (IT) workers to siphon millions from American companies and fund its weapons programs. The coordinated law enforcement actions, resulted in the arrest of a New Jersey man, the seizure of 29 financial accounts, 21 fraudulent…