Tag: lazarus
-
Lazarus Group’s Operation DreamJob Targets European Defense Firms
Cyber-attacks by North Korea’s Lazarus Group target European defense firms in drone development First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/lazarus-groups-operation-dreamjob/
-
North Korean Lazarus hackers targeted European defense companies
North Korean Lazarus hackers compromised three European companies in the defense sector through a coordinated Operation DreamJob campaign leveraging fake recruitment lures. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-targeted-european-defense-companies/
-
North Korean Lazarus hackers targeted European defense companies
North Korean Lazarus hackers compromised three European companies in the defense sector through a coordinated Operation DreamJob campaign leveraging fake recruitment lures. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-targeted-european-defense-companies/
-
How Lazarus Group used fake job ads to spy on Europe’s drone and defense sector
ESET researchers have uncovered a fresh wave of Operation DreamJob, a long-running campaign linked to North Korea’s Lazarus Group. This latest activity targeted several … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/23/eset-lazarus-operation-dreamjob/
-
Lazarus Group Hunts European Drone Manufacturing Data
The campaign is the latest effort by the North Korean threat actor to collect data of strategic interest to Pyongyang. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/lazarus-group-hunts-european-drone-manufacturing-data
-
Lazarus Group Hunts European Drone Manufacturing Data
The campaign is the latest effort by the North Korean threat actor to collect data of strategic interest to Pyongyang. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/lazarus-group-hunts-european-drone-manufacturing-data
-
North Korean Hackers Deploy BeaverTailOtterCookie Combo for Keylogging Attacks
Researchers at Cisco Talos have uncovered a sophisticated campaign by the Famous Chollima subgroup of Lazarus, wherein attackers deploy blended JavaScript tools”, BeaverTail and OtterCookie”, to carry out stealthy keylogging, screenshot capture, and data exfiltration. This cluster of activity, part of the broader “Contagious Interview” operation, has evolved significantly since first noted, blurring lines between…
-
North Korean Hackers Deploy BeaverTailOtterCookie Combo for Keylogging Attacks
Researchers at Cisco Talos have uncovered a sophisticated campaign by the Famous Chollima subgroup of Lazarus, wherein attackers deploy blended JavaScript tools”, BeaverTail and OtterCookie”, to carry out stealthy keylogging, screenshot capture, and data exfiltration. This cluster of activity, part of the broader “Contagious Interview” operation, has evolved significantly since first noted, blurring lines between…
-
North Korean Hackers Deploy BeaverTailOtterCookie Combo for Keylogging Attacks
Researchers at Cisco Talos have uncovered a sophisticated campaign by the Famous Chollima subgroup of Lazarus, wherein attackers deploy blended JavaScript tools”, BeaverTail and OtterCookie”, to carry out stealthy keylogging, screenshot capture, and data exfiltration. This cluster of activity, part of the broader “Contagious Interview” operation, has evolved significantly since first noted, blurring lines between…
-
North Korea Fake Job Recruiters Up Their Backdoor Game
Eset: Lazarus Group Shares Backdoor With Newer Pyongyang Threat Actor. A gang of North Korean hackers behind fake IT job recruitment scams now have access to a remote access Trojan favored by their more technically advanced counterparts tracked collectively as the Lazarus Group, say security researchers. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/north-korea-fake-job-recruiters-up-their-backdoor-game-a-29586
-
North Korea’s Lazarus Group shares its malware with IT work scammers
Keeping Pyongyang’s coffers full First seen on theregister.com Jump to article: www.theregister.com/2025/09/25/lazarus_group_shares_malware_with_it_scammers/
-
Lazarus Group Is Exploiting CVE-2025-48384 in New Phishing Campaign
The post Lazarus Group Is Exploiting CVE-2025-48384 in New Phishing Campaign appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/lazarus-group-is-exploiting-cve-2025-48384-in-new-phishing-campaign/
-
Lazarus Hackers Abuse Git Symlink Vulnerability in Stealthy Phishing Campaign
KuCoin’s security team has uncovered a new phishing campaign orchestrated by the Lazarus Group (APT38), the notorious state-sponsored collective renowned for financially motivated cyberespionage. Armed with government resources and a history of high-profile breaches, Lazarus continues to evolve its tactics to target cryptocurrency and financial institutions worldwide. Over the last decade, Lazarus has homed in…
-
Lazarus Hackers Abuse Git Symlink Vulnerability in Stealthy Phishing Campaign
KuCoin’s security team has uncovered a new phishing campaign orchestrated by the Lazarus Group (APT38), the notorious state-sponsored collective renowned for financially motivated cyberespionage. Armed with government resources and a history of high-profile breaches, Lazarus continues to evolve its tactics to target cryptocurrency and financial institutions worldwide. Over the last decade, Lazarus has homed in…
-
Lazarus Hackers Abuse Git Symlink Vulnerability in Stealthy Phishing Campaign
KuCoin’s security team has uncovered a new phishing campaign orchestrated by the Lazarus Group (APT38), the notorious state-sponsored collective renowned for financially motivated cyberespionage. Armed with government resources and a history of high-profile breaches, Lazarus continues to evolve its tactics to target cryptocurrency and financial institutions worldwide. Over the last decade, Lazarus has homed in…
-
Lazarus Group Deploys Malware With ClickFix Scam in Fake Job Interviews
North Korea’s Lazarus Group uses the ClickFix scam in fake crypto job interviews to deploy malware, steal data,… First seen on hackread.com Jump to article: hackread.com/lazarus-group-malware-clickfix-scam-fake-job-interview/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 61
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Operation HanKook Phantom: North Korean APT37 targeting South Korea Three Lazarus RATs coming for your cheese Malvertising Campaign on Meta Expands to Android, Pushing Advanced Crypto-Stealing Malware to Users Worldwide Android Droppers: The Silent…
-
Lazarus Hackers Exploit 0-Day to Deploy Three Remote Access Trojans
Over the past two years, Fox-IT and NCC Group have tracked a sophisticated Lazarus subgroup targeting financial and cryptocurrency firms. This actor overlaps with AppleJeus, Citrine Sleet, UNC4736 and Gleaming Pisces campaigns and leverages three distinct remote access trojans (RATs)”, PondRAT, ThemeForestRAT and RemotePE”, to infiltrate and control compromised systems. In a 2024 incident response…
-
Lazarus Subgroup Deploys Three Custom RATs in Targeted Crypto Attacks
The post Lazarus Subgroup Deploys Three Custom RATs in Targeted Crypto Attacks appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/lazarus-subgroup-deploys-three-custom-rats-in-targeted-crypto-attacks/
-
Lazarus Hackers Use Fake Camera/Microphone Alerts to Deploy PyLangGhost RAT
North Korean state-sponsored threat actors associated with the Lazarus Group, specifically the subgroup known as Famous Chollima, have evolved their tactics by deploying a new Python-based remote access trojan (RAT) dubbed PyLangGhost. This malware represents a reimplementation of the earlier GoLangGhost RAT, exhibiting code structures indicative of AI-assisted porting, including Go-like logic patterns and extensive…
-
Lazarus Hackers Weaponize 234 npm and PyPI Packages to Infect Developers
Sonatype’s automated detection systems have uncovered an expansive and ongoing infiltration of the global open-source ecosystem by the notorious Lazarus Group, a threat actor believed to be backed by North Korea’s Reconnaissance General Bureau. Between January and July 2025, Sonatype identified and blocked 234 malicious software packages deployed through both the npm and PyPI open-source…
-
North Korean hackers target open-source repositories in new espionage campaign
In its latest operation, Lazarus took advantage of major gaps in the open-source software supply chain, like developers depending on unvetted packages and the lack of oversight for popular tools that are often maintained by just one or two people. First seen on therecord.media Jump to article: therecord.media/north-korean-hackers-targeting-open-source-repositories
-
Over 200 Malicious Open Source Packages Traced to Lazarus Campaign
North Korea’s Lazarus Group has been blamed for a cyber-espionage campaign using open source packages First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/200-malicious-open-source-lazarus/
-
North Korean APT Hackers Compromise CI/CD Pipelines to Steal Sensitive Data
Tags: apt, cyber, data, data-breach, detection, group, hacker, korea, lazarus, malicious, malware, north-korea, open-source, threatSonatype’s automated malware detection systems have exposed a large-scale and ongoing cyber infiltration campaign orchestrated by the North Korea-backed Lazarus Group, also known as Hidden Cobra. Between January and July 2025, Sonatype identified and blocked 234 unique malware packages attributed to this state-sponsored threat actor across popular open-source registries like npm and PyPI. These malicious…
-
Lazarus Group Enhances Malware with New OtterCookie Payload Delivery Technique
The Contagious Interview campaign conducted by the Lazarus Group continues to expand its capabilities. We have observed an exponential evolution in the delivery mechanisms for the campaign’s main payloads: BeaverTail, InvisibleFerret, and OtterCookie. In this article, we will discuss the innovations related to the delivery techniques used by the group and demonstrate the preservation of…
-
Lazarus Subgroup ‘TraderTraitor’ Targets Cloud Platforms and Contaminates Supply Chains
Tags: cloud, cyber, cybersecurity, group, lazarus, mandiant, microsoft, north-korea, supply-chain, threatThe North Korean state-sponsored advanced persistent threat (APT) known as TraderTraitor, a subgroup of the notorious Lazarus Group, has emerged as a formidable actor specializing in digital asset heists. Tracked under aliases such as UNC4899, Jade Sleet, TA444, and Slow Pisces by various cybersecurity firms including Mandiant, Microsoft, Proofpoint, and Unit42, TraderTraitor operates under the…
-
Cryptohack Roundup: Malware Targets Wallets Via Photos
Also: CoinMarketCap Attack, BitPro Blames Lazarus for $11M Hack. This week, a new malware targeted crypto wallets via photos, CoinMarketCap faced attack, BitoPro blamed Lazarus for heist, Trezor warned of phishing scam, France saw another crypto kidnapping, cops re-arrested teen after second theft, Hacken blamed human error for exploit and Self Chain ousted CEO. First…