Tag: north-korea
-
Konni APT Deploys Multi-Stage Malware in Targeted Organizational Attacks
by
in SecurityNewsA sophisticated multi-stage malware campaign, potentially orchestrated by the North Korean Konni Advanced Persistent Threat (APT) group, has been identified targeting entities predominantly in South Korea. Cybersecurity experts have uncovered a meticulously crafted attack chain that leverages advanced obfuscation techniques and persistent mechanisms to compromise systems and exfiltrate sensitive data. This campaign underscores the persistent…
-
Enterprise-specific zero-day exploits on the rise, Google warns
by
in SecurityNews
Tags: access, apple, apt, attack, china, cisco, cloud, crime, crimes, cyberespionage, detection, endpoint, exploit, finance, flaw, google, group, Hardware, incident response, injection, Internet, ivanti, korea, lessons-learned, mandiant, microsoft, mitigation, network, north-korea, remote-code-execution, russia, service, strategy, technology, threat, tool, update, vpn, vulnerability, zero-daySurge in network edge device exploitation: Of the 33 zero-day vulnerabilities in enterprise-specific products, 20 targeted hardware appliances typically located at the network edge, such as VPNs, security gateways, and firewalls. Notable targets last year included Ivanti Cloud Services Appliance, Palo Alto Networks’ PAN-OS, Cisco Adaptive Security Appliance, and Ivanti Connect Secure VPN.Targeted attacks against…
-
Assessment of DPRK IT Worker Tradecraft – Nisos Research 2025
by
in SecurityNewsNisos Assessment of DPRK IT Worker Tradecraft – Nisos Research 2025 Since early 2023 Nisos has been investigating and monitoring North Korean (DPRK) IT workers, who use fake personas and stolen identities to fraudulently obtain remote employment from unwitting companies in the United States and abroad… First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/assessment-of-dprk-it-worker-tradecraft-nisos-research-2025/
-
Nordkoreas <> nutzt russische Infrastruktur
by
in SecurityNewsEine aktuelle Analyse des IT-Sicherheitsunternehmens Trend Micro zeigt, wie die nordkoreanische Hackergruppe Void Dokkaebi auch bekannt unter dem Namen Famous Chollima gezielt russische Internetressourcen einsetzt, um weltweit Cyberangriffe durchzuführen. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/nordkoreas-void-dokkaebi
-
Government hackers are leading the use of attributed zero-days, Google says
by
in SecurityNewsGovernments like China and North Korea, along with spyware makers, used the most recorded zero-days in 2024. First seen on techcrunch.com Jump to article: techcrunch.com/2025/04/29/government-hackers-are-leading-the-use-of-attributed-zero-days-google-says/
-
North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures
by
in SecurityNewsNorth Korea-linked threat actors behind the Contagious Interview have set up front companies as a way to distribute malware during the fake hiring process.”In this new campaign, the threat actor group is using three front companies in the cryptocurrency consulting industry”, BlockNovas LLC (blocknovas[.] com), Angeloper Agency (angeloper[.]com), and SoftGlide LLC (softglide[.]co)”, to spread First…
-
Lazarus-Gruppe hackt 6 Unternehmen mit Watering-Hole-Angriffen
by
in SecurityNewsDie mutmaßlich in Nordkorea beheimatete Lazarus-Gruppe hat in einer neuen Kampagne gleich mindestens sechs Unternehmen über Watering-Hole-Angriffe in Südkorea kompromittieren können. Bei dieser Art Angriff reicht der Besuch einer Webseite (Watering Hole, Wasserloch) für eine Infektion des Opfers. Ein Watering-Hole-Angriff … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/04/25/lazarus-gruppe-hackt-6-unternehmen-mit-watering-hole-angriffe/
-
Erpressungsversuche durch DVRK – Nordkorea infiltriert IT in USA und Europa
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/nordkoreanische-it-mitarbeiter-infiltrieren-westliche-unternehmen-regierungen-a-9f49841e749ce9b34e0239d930f39695/
-
North Korean Hackers Use Fake Crypto Firms in Job Malware Scam
by
in SecurityNewsSilent Push reveals a complex scheme where North Korean hackers posed as crypto companies, using AI and fake… First seen on hackread.com Jump to article: hackread.com/north-korean-hackers-fake-crypto-firms-job-malware-scam/
-
Operation SyncHole: Lazarus APT targets supply chains in South Korea
by
in SecurityNewsThe North Korea-linked Lazarus Group targeted at least six firms in South Korea in a cyber espionage campaign called Operation SyncHole. Kaspersky researchers reported that the North Korea-linked APT group Lazarus targeted at least six firms in South Korea in a cyber espionage campaign tracked as Operation SyncHole. The campaign has been active since at…
-
GenAI als Werkzeug für Cyberbetrug: Wie GenAI Nordkoreas IT-Betrügereien unterstützt
by
in SecurityNewsDer aktuelle Blogbeitrag von Okta zeigt detailliert auf, wie sich nordkoreanische Betrüger mit Hilfe von KI-gestützten Tools erfolgreich auf Remote-IT-Positionen bewerben. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/genai-als-werkzeug-fuer-cyberbetrug-wie-genai-nordkoreas-it-betruegereien-unterstuetzt/a40590/
-
Russian VPS Servers With RDP and Proxy Servers Enable North Korean Cybercrime Operations
by
in SecurityNewsTrend Research has uncovered a sophisticated network of cybercrime operations linked to North Korea, heavily utilizing Russian internet infrastructure. Specifically, IP address ranges in the towns of Khasan and Khabarovsk, Russia, assigned to organizations under TransTelecom (ASN AS20485), are pivotal in these activities. Khasan, just a mile from the North Korea-Russia border and connected via…
-
Web3, cryptocurrency sectors targeted by North Korean hackers
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/web3-cryptocurrency-sectors-targeted-by-north-korean-hackers
-
North Korean IT workers seen using AI tools to scam firms into hiring them
by
in SecurityNewsNorth Korean IT workers illicitly gaining employment at U.S. and European tech companies are increasingly using generative artificial intelligence in a variety of ways to assist them throughout the job application and interview process. First seen on therecord.media Jump to article: therecord.media/north-korean-it-workers-seen-using-ai-recruitment-scams
-
Lazarus hackers breach six companies in watering hole attacks
by
in SecurityNewsIn a recent espionage campaign, the infamous North Korean threat group Lazarus targeted multiple organizations in the software, IT, finance, and telecommunications sectors in South Korea. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/lazarus-hackers-breach-six-companies-in-watering-hole-attacks/
-
Breach Roundup: Cookie Bite Exposes MFA Achilles Heel
by
in SecurityNews
Tags: attack, breach, cyberattack, data, data-breach, google, mfa, microsoft, north-korea, ransomwareAlso, Blue Shield Breach Exposes 4.7M, Cyberattack Disrupts City Systems in Texas. This week, Cookie Bite bypasses MFA in Azure Entra ID, Microsoft fixed RDP Freezes, a ransomware attack in Catalonia, Blue Shield exposed data to Google, a cyberattack disrupted city systems in Texas, South Korean telecom breach exposed USIM data and a warning about…
-
Lazarus Hits 6 South Korean Firms via Cross EX, Innorix Flaws and ThreatNeedle Malware
by
in SecurityNewsAt least six organizations in South Korea have been targeted by the prolific North Korea-linked Lazarus Group as part of a campaign dubbed Operation SyncHole.The activity targeted South Korea’s software, IT, financial, semiconductor manufacturing, and telecommunications industries, according to a report from Kaspersky published today. The earliest evidence of compromise was first detected in First…
-
Lazarus Hits 6 South Korean Firms via Cross EX, Innorix Zero-Day and ThreatNeedle Malware
by
in SecurityNewsAt least six organizations in South Korea have been targeted by the prolific North Korea-linked Lazarus Group as part of a campaign dubbed Operation SyncHole.The activity targeted South Korea’s software, IT, financial, semiconductor manufacturing, and telecommunications industries, according to a report from Kaspersky published today. The earliest evidence of compromise was first detected in First…
-
Erodiert die Security-Reputation der USA?
by
in SecurityNews
Tags: business, ceo, china, cisa, ciso, cybersecurity, cyersecurity, endpoint, exploit, germany, governance, government, intelligence, iran, kaspersky, north-korea, service, strategy, threat, usaTrump stiftet Verunsicherung auch wenn’s um Cybersicherheit geht.Nachdem US-Präsident Donald Trump nun auch Cybersicherheitsunternehmen per Executive Order für abweichende politische Positionen abstraft, befürchten nicht wenige Branchenexperten, dass US-Sicherheitsunternehmen künftig ähnlich in Verruf geraten könnten wie ihre russischen und chinesischen Konkurrenten. Die zentralen Fragen sind dabei:Können sich CISOs beziehungsweise ihre Unternehmen künftig noch auf US-amerikanische Bedrohungsinformationen…
-
The TraderTraitor Crypto Heist: Nation-State Tactics Meet Financial Cybercrime
by
in SecurityNewsThe cryptocurrency sector has always been a magnet for cybercriminals, but the TraderTraitor campaign marks a different kind of threat”, one backed by state-sponsored actors with long-term goals and surgical precision. Allegedly linked to North Korea’s Lazarus Group, this campaign wasn’t just about breaking into wallets. It was about exploiting trust, manipulating human behavior, and…
-
North Korean Hackers Exploit LinkedIn to Infect Crypto Developers with Infostealers
by
in SecurityNewsPosing as potential employers, Slow Pisces hackers conceal malware in coding challenges sent to cryptocurrency developers on LinkedIn First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/north-korea-hackers-linkedin/
-
Crypto Developers Targeted by Python Malware Disguised as Coding Challenges
by
in SecurityNewsThe North Korea-linked threat actor assessed to be behind the massive Bybit hack in February 2025 has been linked to a malicious campaign that targets developers to deliver new stealer malware under the guise of a coding assignment.The activity has been attributed by Palo Alto Networks Unit 42 to a hacking group it tracks as…
-
Slow Pisces Group Targets Developers Using Coding Challenges Laced with Python Malware
by
in SecurityNewsA North Korean state-sponsored threat group known as >>Slow Pisces
-
TraderTraitor: The Kings of the Crypto Heist
by
in SecurityNewsAllegedly responsible for the theft of $1.5 billion in cryptocurrency from a single exchange, North Korea’s TraderTraitor is one of the most sophisticated cybercrime groups in the world. First seen on wired.com Jump to article: www.wired.com/story/tradertraitor-north-korea-crypto-theft/
-
Lazarus Expands NPM Campaign With Trojan Loaders
by
in SecurityNewsNorth Korea’s Lazarus Deploys Malicious NPM Packages to Steal Data. North Korea’s Lazarus Group expanded a malicious campaign of uploading malicious code to the JavaScript runtime environment npm repository, publishing 11 packages embedded with Trojan loaders. Researchers identified 11 malicious packages in the repository, a hotspot for supply chain attacks. First seen on govinfosecurity.com Jump…