Tag: lazarus

Lazarus Targets macOS Users With New “Mach-O Man” Malware Kit

Apr 29, 2026 4:39 PM

Tags: access, corporate, credentials, crypto, cyber, fintech, group, intelligence, lazarus, macOS, malware, social-engineering, threat

Lazarus Group is abusing “ClickFix” social engineering to push a new macOS malware kit dubbed “Mach-O Man,” giving attackers a direct path to credentials, Keychain secrets, and corporate access in fintech and crypto environments. This research is authored by Mauro Eldritch, an offensive security expert and founder of BCA LTD, a company focused on threat intelligence and…
Arctic Wolf deckt BlueNoroff-Kampagne mit gefälschten Zoom-Meetings auf

Apr 28, 2026 4:38 PM

Tags: lazarus, north-korea, social-engineering

Arctic Wolf Labs hat eine gezielte Angriffskampagne identifiziert, hinter der mit hoher Wahrscheinlichkeit die Gruppe BlueNoroff, eine finanziell motivierte Subgruppierung des Lazarus-Kollektivs mit Verbindungen nach Nordkorea, steht. Ziel war ein nordamerikanisches Web3-/Kryptounternehmen. Die Kampagne macht deutlich, dass Angreifer zunehmend mehrstufige Social-Engineering-Techniken nutzen und dabei gezielt auf glaubwürdige Interaktionen setzen. Die Analyse zeigt eine mehrstufige Angriffskette,…
Arctic Wolf deckt BlueNoroff-Kampagne mit gefälschten Zoom-Meetings auf

Apr 28, 2026 4:38 PM

Tags: lazarus, north-korea, social-engineering

Arctic Wolf Labs hat eine gezielte Angriffskampagne identifiziert, hinter der mit hoher Wahrscheinlichkeit die Gruppe BlueNoroff, eine finanziell motivierte Subgruppierung des Lazarus-Kollektivs mit Verbindungen nach Nordkorea, steht. Ziel war ein nordamerikanisches Web3-/Kryptounternehmen. Die Kampagne macht deutlich, dass Angreifer zunehmend mehrstufige Social-Engineering-Techniken nutzen und dabei gezielt auf glaubwürdige Interaktionen setzen. Die Analyse zeigt eine mehrstufige Angriffskette,…
North Korean Hackers Target Crypto Firms with ClickFix and AI-Made Zoom Lures

Apr 28, 2026 10:39 AM

Tags: ai, crypto, group, hacker, lazarus, north-korea, phishing, spear-phishing

Arctic Wolf attributed this large-scale spear-phishing campaign to BlueNoroff, a financially motivated subgroup of the Lazarus Group First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/bluenoroff-dprk-hackers-target/
North Korea’s Lazarus Targets macOS Users via ClickFix

Apr 24, 2026 3:39 PM

Tags: access, data, korea, lazarus, macOS, north-korea, theft

Lazarus continues leveraging ClickFix for initial access and data theft, in this case, against Mac-centric organizations and their high-value leaders. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/north-koreas-lazarus-targets-macos-users-clickfix
Lazarus Lures Developers With Backdoored Coding Tests

Apr 23, 2026 11:39 AM

Tags: ai, crypto, cyber, data, group, hacker, korea, lazarus, malware, north-korea

North Korea-linked hackers are using AI-assisted malware and backdoored coding challenges to quietly loot millions in cryptocurrency from Web3 developers. Expel assesses with high confidence that HexagonalRodent is a DPRK state-sponsored subgroup that likely evolved from fraudulent IT worker operations before pivoting fully to malware-driven theft. In just three months, the group exfiltrated data from…
North Korea Blamed for $290m KelpDAO Crypto Heist

Apr 22, 2026 5:39 PM

Tags: crypto, group, korea, lazarus, north-korea, theft

North Korea’s Lazarus Group is pegged for a $290m crypto theft at KelpDAO First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/north-korean-blamed-290m-kelpdao/
North Korea’s Lazarus APT stole $290M from Kelp DAO

Apr 21, 2026 9:39 PM

Tags: apt, crypto, finance, group, hacker, korea, lazarus, north-korea, theft

North Korea-linked Lazarus Group stole $290M from Kelp DAO by abusing LayerZero. A second $95M attempt was stopped. Hackers tied to the North-Korea linked group Lazarus APT carried out a $290M crypto theft targeting Kelp DAO. Kelp DAO is a decentralized finance (DeFi) protocol built on the Ethereum ecosystem that focuses on a concept called…
North Korean Blamed for $290m KelpDAO Crypto Heist

Apr 21, 2026 11:39 AM

Tags: crypto, group, korea, lazarus, north-korea, theft

North Korea’s Lazarus Group is pegged for a $290m crypto theft at KelpDAO First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/north-korean-blamed-290m-kelpdao/
KelpDAO suffers $290 million heist tied to Lazarus hackers

Apr 21, 2026 1:39 AM

Tags: crypto, hacker, lazarus, north-korea

State-sponsored North Korean hackers are likely behind the $290 million crypto-heist that impacted the KelpDAO DeFi project on Saturday. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/kelpdao-suffers-290-million-heist-tied-to-lazarus-hackers/
GraphAlgo Scam: Lazarus Hackers Register Real US LLCs to Spread Malware

Apr 10, 2026 7:52 PM

Tags: blockchain, github, hacker, lazarus, malware, north-korea, scam

ReversingLabs has discovered a fresh wave of the graphalgo campaign in which North Korean Lazarus hackers are using fake Florida LLCs, mimicking SWFT Blockchain, and using GitHub typo-squatting to target developers with malware. First seen on hackread.com Jump to article: hackread.com/graphalgo-scam-lazarus-hackers-us-llcs-malware/
Cryptohack Roundup: Hacker Mints $24M From Resolv

Mar 26, 2026 5:46 PM

Tags: hacker, law, lazarus, phishing, scam

Also: SEC Drops BitClout Founder Case, BlockFills Files for Chapter 11. This week, a hacker minted $24M from Resolv, SEC dropped its case against BitClout founder, BlockFills filed for Chapter 11, Bitrefill linked hack to Lazarus, OpenClaw phishing scam hit devs, global law enforcement crackdown on scams and Balancer Labs to wind down after $128M…
Bitrefill blames North Korean Lazarus group for cyberattack

Mar 19, 2026 7:10 PM

Tags: attack, crypto, cyberattack, group, hacker, lazarus, north-korea

Crypto-powered gift card store Bitrefill says that the attack it suffered at the beginning of the month was likely perpetrated by North Korean hackers of the Bluenoroff group. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/bitrefill-blames-north-korean-lazarus-group-for-cyberattack/
ClickFix treibt neue Infostealer-Kampagnen an

Mar 18, 2026 11:11 AM

Tags: api, captcha, control, cyberattack, encryption, exploit, framework, github, infrastructure, intelligence, lazarus, login, malware, microsoft, powershell, rat, social-engineering, threat, windows, wordpress

ClickFix-Kampagnen werden immer raffinierter und zielen verstärkt auf WordPress-Webseiten.Cyberkriminelle kombinieren kompromittierte Websites mit immer raffinierteren Social-Engineering-Köder-Methoden, um neue Infostealer-Malware zu verbreiten. Bekannt ist das Ganze unter dem Namen ClickFix und zudem effektiv: In einer einzigen Kampagne wurden über 250 WordPress-Websites in zwölf Ländern infiziert.Während diese Kampagne zu unauffälligen, im Arbeitsspeicher ausgeführten Schadprogrammen führt, beobachtete Microsoft…
Crypto e-commerce platform Bitrefill accuses North Korea of stealing 18,500 purchase records

Mar 18, 2026 5:10 AM

Tags: crypto, email, group, hacker, korea, lazarus, north-korea

Bitrefill said hackers allegedly tied to North Korea’s Lazarus group accessed around 18,500 purchase records that contained email addresses, crypto payment addresses, and metadata including IP addresses. First seen on therecord.media Jump to article: therecord.media/crypto-platform-accuses-north-korea-hack
Crypto e-commerce platform Bitrefill accuses North Korea of stealing 18,500 purchase records

Mar 18, 2026 5:10 AM

Tags: crypto, email, group, hacker, korea, lazarus, north-korea

Bitrefill said hackers allegedly tied to North Korea’s Lazarus group accessed around 18,500 purchase records that contained email addresses, crypto payment addresses, and metadata including IP addresses. First seen on therecord.media Jump to article: therecord.media/crypto-platform-accuses-north-korea-hack
ClickFix techniques evolve in new infostealer campaigns

Mar 16, 2026 8:09 AM

Tags: api, attack, communications, control, credentials, data, data-breach, detection, encryption, framework, github, group, intelligence, iran, korea, lazarus, login, microsoft, north-korea, russia, social-engineering, threat, windows, wordpress

New payloads: The DoubleDonut Loader was observed delivering a new variant of Vidar Stealer, a well-known infostealer, that uses a dead drop resolver technique to retrieve its command-and-control configuration and dynamic API resolution.In addition to Vidar, two previously undocumented infostealers have been observed, one written in .NET and one in C++. Rapid7 has named these…
Fake LinkedIn Interview Used by Lazarus Hackers to Target AllSecure CEO

Mar 10, 2026 2:47 PM

Tags: ceo, deep-fake, group, hacker, jobs, lazarus, linkedin, north-korea, technology

Researchers at AllSecure have revealed how North Korean hackers from the Lazarus Group used a fake LinkedIn job interview and deepfake technology to target their CEO. First seen on hackread.com Jump to article: hackread.com/fake-linkedin-interview-lazarus-hackers-allsecure-ceo/
Europa im Visier von Cyber-Identitätsdieben

Mar 6, 2026 5:47 AM

Tags: ai, authentication, china, cloud, cve, cyber, cyberattack, exploit, germany, google, korea, lazarus, mail, malware, mfa, microsoft, phishing, ransomware, saas, sap, service, strategy, threat, vpn, vulnerability

Deutsche Unternehmen müssen sich warm anziehen: Sowohl staatliche als auch ‘private” Akteure haben es auf sie abgesehen.ShutterstockWie die Experten von Darktrace in ihrem aktuellen Threat Report 2026 darstellen, bleiben Cloud- und E-Mail-Konten das Einfallstor Nummer Eins in Europa. Dem Bericht zufolge begannen im vergangenen Jahr in Europa 58 Prozent der Attacken mit kompromittierten Cloud-Accounts oder…
Lazarus-Gruppe auf Blockchain-Beutezug

Mar 5, 2026 3:48 PM

Tags: blockchain, lazarus

Digitale Vermögenswerte auf öffentlichen Blockchains gelten als transparent, schnell und global zugänglich gleichzeitig bieten sie Angreifern klare Angriffspunkte. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/lazarus-gruppe-blockchain-beutezug
Lazarus-Gruppe auf Blockchain-Beutezug Wie Hacker Whitelists als Zielscheiben missbrauchen

Mar 5, 2026 3:48 PM

Tags: blockchain, hacker, lazarus, software

Check Point Software Technologies warnt vor einem gefährlichen Sicherheitsirrtum im Umgang mit digitalen Vermögenswerten auf öffentlichen Blockchains. Am Beispiel der nordkoreanischen Hacker ‘Lazarus Group>> zeigt Check Point auf, dass Whitelists Angreifern als Orientierung dienen, um zu erkennen, welche Dienstleister, Gegenparteien oder Infrastrukturkomponenten kompromittiert werden müssen, um an die Assets zu gelangen. In nur sieben Monaten…
Lazarus-Gruppe bleibt weiter auf Blockchain-Beutezug

Mar 5, 2026 1:47 PM

Tags: blockchain, lazarus

Jede Transaktion sollte so behandelt werden, als könnte sie manipuliert werden. Wer große Vermögenswerte auf öffentlichen Blockchains verwaltet, muss davon ausgehen, dass selbst ‘vertrauenswürdige” Partner kompromittiert werden könnten. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/lazarus-gruppe-bleibt-weiter-auf-blockchain-beutezug/a43952/
Lazarus APT group deployed Medusa Ransomware against Middle East target

Feb 25, 2026 10:37 AM

Tags: apt, attack, group, korea, lazarus, middle-east, north-korea, ransomware

North Korea’s Lazarus Group used Medusa ransomware in an attack on an unnamed Middle East organization, researchers report. The North Korea-linked Lazarus APT Group, also known as Diamond Sleet and Pompilus, has been spotted deploying Medusa ransomware against an unnamed organization in the Middle East, according a new report from the Symantec and Carbon Black…
North Korea’s Lazarus Group targets healthcare orgs with Medusa ransomware

Feb 24, 2026 8:02 PM

Tags: group, healthcare, korea, lazarus, north-korea, ransomware

New ransomware of choice, same critical targets First seen on theregister.com Jump to article: www.theregister.com/2026/02/24/north_koreas_lazarus_group_healthcare_medusa_ransomware/
North Korean Lazarus Group Expands Ransomware Activity With Medusa

Feb 24, 2026 4:01 PM

Tags: attack, group, hacker, healthcare, lazarus, north-korea, ransomware

Ransomware Medusa linked to North Korean hackers targets US healthcare amid ongoing attacks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/north-korean-lazarus-group-medusa/
North Korean Hackers Continue to Target US Healthcare

Feb 24, 2026 3:02 PM

Tags: attack, extortion, group, hacker, healthcare, intelligence, lazarus, north-korea, ransomware, threat

Report: Lazarus Group Pivoting to Medusa Ransomware for Extortion Attacks. North Korean-state backed Lazarus Group hackers are using Medusa ransomware in extortion attacks on U.S. healthcare entities despite a 2024 U.S. indictment of Rim Jong Hyok, an alleged member of the Lazarus subgroup Stonefly, according to a new threat intelligence report. First seen on govinfosecurity.com…
Lazarus Group Uses Medusa Ransomware in Middle East and U.S. Healthcare Attacks

Feb 24, 2026 2:02 PM

Tags: attack, group, healthcare, intelligence, korea, lazarus, middle-east, north-korea, ransomware, threat

The North Korea-linked Lazarus Group (aka Diamond Sleet and Pompilus) has been observed using Medusa ransomware in an attack targeting an unnamed entity in the Middle East, according to a new report by the Symantec and Carbon Black Threat Hunter Team.Broadcom’s threat intelligence division said it also identified the same threat actors mounting an unsuccessful…
North Korean state hackers seen using Medusa ransomware in attacks on US, Middle East

Feb 24, 2026 1:02 PM

Tags: attack, country, cybersecurity, hacker, hacking, healthcare, lazarus, middle-east, military, north-korea, ransomware

Cybersecurity researchers said they saw Medusa attacks launched by members of Lazarus, a well-known North Korean hacking operation housed within the country’s military, against a company in the Middle East and a healthcare organization in the U.S. First seen on therecord.media Jump to article: therecord.media/north-korean-hackers-using-medusa-ransomware
North Korean Lazarus group linked to Medusa ransomware attacks

Feb 24, 2026 1:02 PM

Tags: attack, extortion, group, hacker, healthcare, lazarus, north-korea, ransomware, threat

North Korean state-backed hackers associated with the Lazarus threat group are targeting U.S. healthcare organizations in extortion attacks using the Medusa ransomware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/north-korean-lazarus-group-linked-to-medusa-ransomware-attacks/
The rise of the evasive adversary

Feb 24, 2026 8:01 AM

Tags: access, ai, attack, authentication, breach, china, cloud, credentials, crime, crowdstrike, crypto, data, defense, endpoint, exploit, finance, firewall, group, identity, infrastructure, intelligence, korea, lazarus, leak, mail, malicious, malware, microsoft, monitoring, network, north-korea, open-source, phishing, ransomware, remote-code-execution, russia, saas, service, software, strategy, supply-chain, tactics, theft, threat, tool, update, vpn, vulnerability, windows, zero-day

Big game hunters tighten their grip: CrowdStrike’s research highlights how big game hunting (BGH) ransomware actors have remained the dominant force in the eCrime landscape.Punk Spider, a group responsible for developing and maintaining Russian-language Akira ransomware, and its associated Akira dedicated leak site, conducted 198 intrusions in 2025, a 134% increase year over year. Victim-shaming operations…