Tag: lazarus
-
Kimsuky and Lazarus Hackers Deploy New Backdoor Tools for Remote Access Attacks
North Korean state-sponsored threat actors have escalated their cyber operations with the deployment of sophisticated new malware variants designed to establish persistent backdoor access to compromised systems. Recent investigations by threat intelligence researchers have uncovered two distinct toolsets from prominent DPRK-aligned hacking groups: Kimsuky’s newly identified HttpTroy backdoor and an upgraded version of Lazarus’s BLINDINGCAN…
-
Researchers Expose GhostCall and GhostHire: BlueNoroff’s New Malware Chains
Threat actors tied to North Korea have been observed targeting the Web3 and blockchain sectors as part of twin campaigns tracked as GhostCall and GhostHire.According to Kaspersky, the campaigns are part of a broader operation called SnatchCrypto that has been underway since at least 2017. The activity is attributed to a Lazarus Group sub-cluster called…
-
Lazarus group targets European drone makers in new espionage campaign
Drone-component theft meets geopolitical ambition: The targeting of firms linked to UAV design and manufacture is no coincidence. At least two of the companies compromised were tied to critical drone component supply chains and software systems.”The in-the-wild attacks successively targeted three European companies active in the defense sector,” researchers added. “Although their activities are somewhat…
-
North Korean Hackers Target UAV Industry to Steal Confidential Data
ESET researchers have uncovered a sophisticated cyberespionage campaign targeting European defense companies specializing in unmanned aerial vehicle (UAV) technology. The attacks, attributed to the North Korea-aligned Lazarus group operating under Operation DreamJob, reveal a coordinated effort to steal proprietary manufacturing data and design specifications from critical players in the drone industry. The campaign, observed beginning…
-
North Korean Hackers Target UAV Industry to Steal Confidential Data
ESET researchers have uncovered a sophisticated cyberespionage campaign targeting European defense companies specializing in unmanned aerial vehicle (UAV) technology. The attacks, attributed to the North Korea-aligned Lazarus group operating under Operation DreamJob, reveal a coordinated effort to steal proprietary manufacturing data and design specifications from critical players in the drone industry. The campaign, observed beginning…
-
North Korean hacking group targeting European drone maker with ScoringMathTea malware
Researchers at ESET said they found evidence of a new tentacle of the long-running Operation DreamJob campaign, where North Korea’s Lazarus group sends malware-laden emails purporting to be from recruiters at top companies. First seen on therecord.media Jump to article: therecord.media/north-korea-hackers-target-europe-drone-makers
-
Lazarus targets European defense firms in UAV-themed Operation DreamJob
North Korean Lazarus hackers targeted 3 European defense firms via Operation DreamJob, using fake recruitment lures to hit UAV tech staff. North Korea-linked Lazarus APT group (aka Hidden Cobra) launched Operation DreamJob, compromising three European defense companies. Threat actors used fake recruiter profiles to lure employees into UAV technology roles, aiming to gain access to…
-
Lazarus Group’s Operation DreamJob Targets European Defense Firms
Cyber-attacks by North Korea’s Lazarus Group target European defense firms in drone development First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/lazarus-groups-operation-dreamjob/
-
North Korean Lazarus hackers targeted European defense companies
North Korean Lazarus hackers compromised three European companies in the defense sector through a coordinated Operation DreamJob campaign leveraging fake recruitment lures. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-targeted-european-defense-companies/
-
North Korean Lazarus hackers targeted European defense companies
North Korean Lazarus hackers compromised three European companies in the defense sector through a coordinated Operation DreamJob campaign leveraging fake recruitment lures. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-targeted-european-defense-companies/
-
How Lazarus Group used fake job ads to spy on Europe’s drone and defense sector
ESET researchers have uncovered a fresh wave of Operation DreamJob, a long-running campaign linked to North Korea’s Lazarus Group. This latest activity targeted several … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/23/eset-lazarus-operation-dreamjob/
-
Lazarus Group Hunts European Drone Manufacturing Data
The campaign is the latest effort by the North Korean threat actor to collect data of strategic interest to Pyongyang. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/lazarus-group-hunts-european-drone-manufacturing-data
-
Lazarus Group Hunts European Drone Manufacturing Data
The campaign is the latest effort by the North Korean threat actor to collect data of strategic interest to Pyongyang. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/lazarus-group-hunts-european-drone-manufacturing-data
-
North Korean Hackers Deploy BeaverTailOtterCookie Combo for Keylogging Attacks
Researchers at Cisco Talos have uncovered a sophisticated campaign by the Famous Chollima subgroup of Lazarus, wherein attackers deploy blended JavaScript tools”, BeaverTail and OtterCookie”, to carry out stealthy keylogging, screenshot capture, and data exfiltration. This cluster of activity, part of the broader “Contagious Interview” operation, has evolved significantly since first noted, blurring lines between…
-
North Korean Hackers Deploy BeaverTailOtterCookie Combo for Keylogging Attacks
Researchers at Cisco Talos have uncovered a sophisticated campaign by the Famous Chollima subgroup of Lazarus, wherein attackers deploy blended JavaScript tools”, BeaverTail and OtterCookie”, to carry out stealthy keylogging, screenshot capture, and data exfiltration. This cluster of activity, part of the broader “Contagious Interview” operation, has evolved significantly since first noted, blurring lines between…
-
North Korean Hackers Deploy BeaverTailOtterCookie Combo for Keylogging Attacks
Researchers at Cisco Talos have uncovered a sophisticated campaign by the Famous Chollima subgroup of Lazarus, wherein attackers deploy blended JavaScript tools”, BeaverTail and OtterCookie”, to carry out stealthy keylogging, screenshot capture, and data exfiltration. This cluster of activity, part of the broader “Contagious Interview” operation, has evolved significantly since first noted, blurring lines between…
-
North Korea Fake Job Recruiters Up Their Backdoor Game
Eset: Lazarus Group Shares Backdoor With Newer Pyongyang Threat Actor. A gang of North Korean hackers behind fake IT job recruitment scams now have access to a remote access Trojan favored by their more technically advanced counterparts tracked collectively as the Lazarus Group, say security researchers. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/north-korea-fake-job-recruiters-up-their-backdoor-game-a-29586
-
North Korea’s Lazarus Group shares its malware with IT work scammers
Keeping Pyongyang’s coffers full First seen on theregister.com Jump to article: www.theregister.com/2025/09/25/lazarus_group_shares_malware_with_it_scammers/
-
Lazarus Group Is Exploiting CVE-2025-48384 in New Phishing Campaign
The post Lazarus Group Is Exploiting CVE-2025-48384 in New Phishing Campaign appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/lazarus-group-is-exploiting-cve-2025-48384-in-new-phishing-campaign/
-
Lazarus Hackers Abuse Git Symlink Vulnerability in Stealthy Phishing Campaign
KuCoin’s security team has uncovered a new phishing campaign orchestrated by the Lazarus Group (APT38), the notorious state-sponsored collective renowned for financially motivated cyberespionage. Armed with government resources and a history of high-profile breaches, Lazarus continues to evolve its tactics to target cryptocurrency and financial institutions worldwide. Over the last decade, Lazarus has homed in…
-
Lazarus Hackers Abuse Git Symlink Vulnerability in Stealthy Phishing Campaign
KuCoin’s security team has uncovered a new phishing campaign orchestrated by the Lazarus Group (APT38), the notorious state-sponsored collective renowned for financially motivated cyberespionage. Armed with government resources and a history of high-profile breaches, Lazarus continues to evolve its tactics to target cryptocurrency and financial institutions worldwide. Over the last decade, Lazarus has homed in…
-
Lazarus Hackers Abuse Git Symlink Vulnerability in Stealthy Phishing Campaign
KuCoin’s security team has uncovered a new phishing campaign orchestrated by the Lazarus Group (APT38), the notorious state-sponsored collective renowned for financially motivated cyberespionage. Armed with government resources and a history of high-profile breaches, Lazarus continues to evolve its tactics to target cryptocurrency and financial institutions worldwide. Over the last decade, Lazarus has homed in…
-
Lazarus Group Deploys Malware With ClickFix Scam in Fake Job Interviews
North Korea’s Lazarus Group uses the ClickFix scam in fake crypto job interviews to deploy malware, steal data,… First seen on hackread.com Jump to article: hackread.com/lazarus-group-malware-clickfix-scam-fake-job-interview/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 61
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Operation HanKook Phantom: North Korean APT37 targeting South Korea Three Lazarus RATs coming for your cheese Malvertising Campaign on Meta Expands to Android, Pushing Advanced Crypto-Stealing Malware to Users Worldwide Android Droppers: The Silent…
-
Lazarus Hackers Exploit 0-Day to Deploy Three Remote Access Trojans
Over the past two years, Fox-IT and NCC Group have tracked a sophisticated Lazarus subgroup targeting financial and cryptocurrency firms. This actor overlaps with AppleJeus, Citrine Sleet, UNC4736 and Gleaming Pisces campaigns and leverages three distinct remote access trojans (RATs)”, PondRAT, ThemeForestRAT and RemotePE”, to infiltrate and control compromised systems. In a 2024 incident response…
-
Lazarus Subgroup Deploys Three Custom RATs in Targeted Crypto Attacks
The post Lazarus Subgroup Deploys Three Custom RATs in Targeted Crypto Attacks appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/lazarus-subgroup-deploys-three-custom-rats-in-targeted-crypto-attacks/