Tag: lazarus
-
Fake LinkedIn Interview Used by Lazarus Hackers to Target AllSecure CEO
Researchers at AllSecure have revealed how North Korean hackers from the Lazarus Group used a fake LinkedIn job interview and deepfake technology to target their CEO. First seen on hackread.com Jump to article: hackread.com/fake-linkedin-interview-lazarus-hackers-allsecure-ceo/
-
Europa im Visier von Cyber-Identitätsdieben
Deutsche Unternehmen müssen sich warm anziehen: Sowohl staatliche als auch ‘private” Akteure haben es auf sie abgesehen.ShutterstockWie die Experten von Darktrace in ihrem aktuellen Threat Report 2026 darstellen, bleiben Cloud- und E-Mail-Konten das Einfallstor Nummer Eins in Europa. Dem Bericht zufolge begannen im vergangenen Jahr in Europa 58 Prozent der Attacken mit kompromittierten Cloud-Accounts oder…
-
Lazarus-Gruppe auf Blockchain-Beutezug
Digitale Vermögenswerte auf öffentlichen Blockchains gelten als transparent, schnell und global zugänglich gleichzeitig bieten sie Angreifern klare Angriffspunkte. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/lazarus-gruppe-blockchain-beutezug
-
Lazarus-Gruppe auf Blockchain-Beutezug Wie Hacker Whitelists als Zielscheiben missbrauchen
Check Point Software Technologies warnt vor einem gefährlichen Sicherheitsirrtum im Umgang mit digitalen Vermögenswerten auf öffentlichen Blockchains. Am Beispiel der nordkoreanischen Hacker ‘Lazarus Group>> zeigt Check Point auf, dass Whitelists Angreifern als Orientierung dienen, um zu erkennen, welche Dienstleister, Gegenparteien oder Infrastrukturkomponenten kompromittiert werden müssen, um an die Assets zu gelangen. In nur sieben Monaten…
-
Lazarus-Gruppe bleibt weiter auf Blockchain-Beutezug
Jede Transaktion sollte so behandelt werden, als könnte sie manipuliert werden. Wer große Vermögenswerte auf öffentlichen Blockchains verwaltet, muss davon ausgehen, dass selbst ‘vertrauenswürdige” Partner kompromittiert werden könnten. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/lazarus-gruppe-bleibt-weiter-auf-blockchain-beutezug/a43952/
-
Lazarus APT group deployed Medusa Ransomware against Middle East target
North Korea’s Lazarus Group used Medusa ransomware in an attack on an unnamed Middle East organization, researchers report. The North Korea-linked Lazarus APT Group, also known as Diamond Sleet and Pompilus, has been spotted deploying Medusa ransomware against an unnamed organization in the Middle East, according a new report from the Symantec and Carbon Black…
-
North Korea’s Lazarus Group targets healthcare orgs with Medusa ransomware
New ransomware of choice, same critical targets First seen on theregister.com Jump to article: www.theregister.com/2026/02/24/north_koreas_lazarus_group_healthcare_medusa_ransomware/
-
North Korean Lazarus Group Expands Ransomware Activity With Medusa
Ransomware Medusa linked to North Korean hackers targets US healthcare amid ongoing attacks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/north-korean-lazarus-group-medusa/
-
North Korean Hackers Continue to Target US Healthcare
Tags: attack, extortion, group, hacker, healthcare, intelligence, lazarus, north-korea, ransomware, threatReport: Lazarus Group Pivoting to Medusa Ransomware for Extortion Attacks. North Korean-state backed Lazarus Group hackers are using Medusa ransomware in extortion attacks on U.S. healthcare entities despite a 2024 U.S. indictment of Rim Jong Hyok, an alleged member of the Lazarus subgroup Stonefly, according to a new threat intelligence report. First seen on govinfosecurity.com…
-
Lazarus Group Uses Medusa Ransomware in Middle East and U.S. Healthcare Attacks
Tags: attack, group, healthcare, intelligence, korea, lazarus, middle-east, north-korea, ransomware, threatThe North Korea-linked Lazarus Group (aka Diamond Sleet and Pompilus) has been observed using Medusa ransomware in an attack targeting an unnamed entity in the Middle East, according to a new report by the Symantec and Carbon Black Threat Hunter Team.Broadcom’s threat intelligence division said it also identified the same threat actors mounting an unsuccessful…
-
North Korean state hackers seen using Medusa ransomware in attacks on US, Middle East
Tags: attack, country, cybersecurity, hacker, hacking, healthcare, lazarus, middle-east, military, north-korea, ransomwareCybersecurity researchers said they saw Medusa attacks launched by members of Lazarus, a well-known North Korean hacking operation housed within the country’s military, against a company in the Middle East and a healthcare organization in the U.S. First seen on therecord.media Jump to article: therecord.media/north-korean-hackers-using-medusa-ransomware
-
North Korean Lazarus group linked to Medusa ransomware attacks
North Korean state-backed hackers associated with the Lazarus threat group are targeting U.S. healthcare organizations in extortion attacks using the Medusa ransomware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/north-korean-lazarus-group-linked-to-medusa-ransomware-attacks/
-
The rise of the evasive adversary
Tags: access, ai, attack, authentication, breach, china, cloud, credentials, crime, crowdstrike, crypto, data, defense, endpoint, exploit, finance, firewall, group, identity, infrastructure, intelligence, korea, lazarus, leak, mail, malicious, malware, microsoft, monitoring, network, north-korea, open-source, phishing, ransomware, remote-code-execution, russia, saas, service, software, strategy, supply-chain, tactics, theft, threat, tool, update, vpn, vulnerability, windows, zero-dayBig game hunters tighten their grip: CrowdStrike’s research highlights how big game hunting (BGH) ransomware actors have remained the dominant force in the eCrime landscape.Punk Spider, a group responsible for developing and maintaining Russian-language Akira ransomware, and its associated Akira dedicated leak site, conducted 198 intrusions in 2025, a 134% increase year over year. Victim-shaming operations…
-
Top Security Incidents of 2025: Lazarus Group’s Cryptocurrency Heist
Tags: apt, attack, breach, crypto, cyber, data-breach, group, korea, lazarus, network, north-korea, security-incident, supply-chainEvent Summary In February 2025, the North Korea-linked APT group Lazarus launched a highly sophisticated supply chain attack against the prominent cryptocurrency exchange Bybit, successfully stealing over 400,000 ETH and stETH”, valued at approximately $1.5 billion. This incident marks the largest single security breach in the global cryptocurrency sector to date. The attack exposed critical…
-
Malicious npm and PyPI packages linked to Lazarus APT fake recruiter campaign
Researchers found malicious npm and PyPI packages tied to a fake recruitment campaign linked to North Korea’s Lazarus Group. ReversingLabs researcher uncovered new malicious packages on npm and PyPI connected to a fake job recruitment campaign attributed to the North Korea-linked Lazarus Group. The campaign uses deceptive hiring themes to trick developers into downloading infected…
-
Dream Job or Nightmare? Lazarus Group Hunts Crypto Devs with >>Graphalgo<< Malware
The post Dream Job or Nightmare? Lazarus Group Hunts Crypto Devs with >>Graphalgo<< Malware appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/dream-job-or-nightmare-lazarus-group-hunts-crypto-devs-with-graphalgo-malware/
-
Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems
Cybersecurity researchers have discovered a fresh set of malicious packages across npm and the Python Package Index (PyPI) repository linked to a fake recruitment-themed campaign orchestrated by the North Korea-linked Lazarus Group.The coordinated campaign has been codenamed graphalgo in reference to the first package published in the npm registry. It’s assessed to be active since…
-
Lazarus Group’s ‘Graphalgo’ Fake Recruiter Campaign Targets GitHub, npm, and PyPI to Spread Malware
Lazarus Group’s latest software supply chain operation is using fake recruiter lures and popular open”‘source ecosystems to deliver malware to cryptocurrency”‘focused developers quietly. The campaign, dubbed graphalgo, abuses GitHub, npm, and PyPI to hide multi”‘stage payloads behind seemingly legitimate coding tasks and packages. Since early May 2025, attackers have been approaching JavaScript and Python developers via…
-
Long-running North Korea threat group splits into 3 distinct operations
The trio, which share lineage with the more broadly defined Lazarus Group, are focused on espionage and cryptocurrency theft, according to CrowdStrike. First seen on cyberscoop.com Jump to article: cyberscoop.com/north-korea-labyrinth-chollima-splits-crowdstrike/
-
Lazarus Hackers Target European Drone Manufacturers in Active Campaign
The North Korean state-sponsored Lazarus hacking group has launched a sophisticated cyberespionage campaign targeting European defense contractors involved in uncrewed aerial vehicle (UAV) manufacturing. The attacks appear directly linked to North Korea’s efforts to accelerate its domestic drone production capabilities through industrial espionage. The targeted organizations include a metal engineering firm, an aircraft component manufacturer,…
-
Amazon blocked 1,800 suspected North Korean scammers seeking jobs
Plus: Lazarus Group has a brand new BeaverTail First seen on theregister.com Jump to article: www.theregister.com/2025/12/18/amazon_blocked_fake_dprk_workers/
-
New Lazarus and Kimsuky Infrastructure Discovered with Active Tools and Tunneling Nodes
Tags: control, credentials, cyber, group, infrastructure, lazarus, network, north-korea, theft, threat, toolSecurity researchers from Hunt.io and Acronis Threat Research Unit have uncovered a sophisticated network of operational infrastructure controlled by North Korean state-sponsored threat actors Lazarus and Kimsuky. The collaborative investigation revealed previously undocumented connections between these groups’ campaigns, exposing active command-and-control servers, credential-theft environments, tunneling nodes, and certificate-linked infrastructure that had remained hidden from public…
-
New Lazarus and Kimsuky Infrastructure Discovered with Active Tools and Tunneling Nodes
Tags: control, credentials, cyber, group, infrastructure, lazarus, network, north-korea, theft, threat, toolSecurity researchers from Hunt.io and Acronis Threat Research Unit have uncovered a sophisticated network of operational infrastructure controlled by North Korean state-sponsored threat actors Lazarus and Kimsuky. The collaborative investigation revealed previously undocumented connections between these groups’ campaigns, exposing active command-and-control servers, credential-theft environments, tunneling nodes, and certificate-linked infrastructure that had remained hidden from public…
-
Lazarus Group Embed New BeaverTail Variant in Developer Tools
North Korea’s Lazarus Group deploys a new BeaverTail variant to steal credentials and crypto using fake job lures, dev tools, and smart contracts. First seen on hackread.com Jump to article: hackread.com/lazarus-embed-beavertail-variant-developer-tools/
-
Lazarus Group Embed New BeaverTail Variant in Developer Tools
North Korea’s Lazarus Group deploys a new BeaverTail variant to steal credentials and crypto using fake job lures, dev tools, and smart contracts. First seen on hackread.com Jump to article: hackread.com/lazarus-embed-beavertail-variant-developer-tools/
-
New BeaverTail Malware Variant Linked to Lazarus Group
A new variant of the BeaverTail malware linked to North Korean hackers has been identified targeting cryptocurrency traders and developers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/beavertail-variant-linked-lazarus/
-
Cryptohack Roundup: Authorities Shutter Cryptomixer
Also: Anthropic Warns of Autonomous AI Exploits on Blockchain. This week, authorities shutter Cryptomixer, Anthropic warns about autonomous AI exploits, U.K. plans ban on crypto political donations, Do Kwon seeks leniency, Lazarus Group suspected in Upbit theft, Balancer’s post-exploit plans and Yearn recovers some hacked amount. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/cryptohack-roundup-authorities-shutter-cryptomixer-a-30192
-
Researchers Capture Lazarus APT’s Remote-Worker Scheme Live on Camera
A joint investigation led by Mauro Eldritch, founder of BCA LTD, conducted together with threat-intel initiative NorthScan and ANY.RUN, a solution for interactive malware analysis and threat intelligence, has uncovered one of North Korea’s most persistent infiltration schemes: a network of remote IT workers tied to Lazarus Group’s Famous Chollima division.For the first time, researchers…