Tag: north-korea
-
macOS Backdoor Uses Prompt Injection to Evade AI Triage
SentinelLabs found a North Korea-linked macOS backdoor using prompt injection on AI triage tools First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/macos-gaslight-rust-backdoor/
-
North Korean Hackers Poison Mastra AI Framework
Tags: ai, attack, backdoor, credentials, framework, hacker, malicious, microsoft, north-korea, software, supply-chain, theft, toolMore Than 140 npm Packages Carried Credential-Stealing Code. Microsoft says North Korean-linked BlueNoroff compromised a Mastra npm maintainer account and published more than 140 malicious packages, using a software supply-chain attack to distribute infostealers, backdoors and credential theft tools through AI development environments. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/north-korean-hackers-poison-mastra-ai-framework-a-32042
-
Microsoft Attributes Mastra AI Supply Chain Attack to North Korea
North Korean threat actor Sapphire Sleet has been linked to a supply chain attack targeting Mastra, according to Microsoft security researchers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/mastra-ai-supply-chain-attack/
-
Sapphire Sleet Hijacks npm Maintainer Account to Publish Poisoned Mastra Packages
A widespread npm supply”‘chain compromise to Sapphire Sleet, a North Korean state actor, after the takeover of an npm maintainer account enabled the mass publication of poisoned Mastra packages that silently delivered a multi”‘stage implant. The campaign, disclosed June 19, 2026, began when the attacker gained control of the ehindero maintainer identity an account with…
-
Microsoft links Mastra AI supply chain attack to North Korean hackers
Microsoft has attributed a recent Mastra AI supply chain attack that compromised more than 140 npm packages to the North Korean hacking group Sapphire Sleet, also known as BlueNoroff. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-links-mastra-ai-supply-chain-attack-to-north-korean-hackers/
-
North Korean IT Workers Try, Try, Try Again
Nisos Links 166K Applications, 21K Interviews and 76 Job Offers to North Korea. North Korean IT worker scammers flooded hundreds of thousands of U.S. companies with applications in 2024 and 2025, appropriating identities and using AI to infiltrate technology sector. Nisos began looking into the scam after a suspected North Korean applied for a lead…
-
North Korean Hiring Fraud Runs on AI and US Laptop Farms
Nisos infiltrated a North Korean IT-worker fraud cell running on AI interviews and a US laptop farm First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/north-korea-it-worker-fraud-ai/
-
North Korean hackers use fake Microsoft alerts to deploy NarwhalRAT malware
First seen on scworld.com Jump to article: www.scworld.com/brief/north-korean-hackers-use-fake-microsoft-alerts-to-deploy-narwhalrat-malware
-
Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware
The North Korean state-sponsored hacking group known as ScarCruft (aka APT37) has been observed using spear-phishing messages impersonating Microsoft Account security notifications to deliver malware called NarwhalRAT.”The attack email contained a message impersonating an MS account security alert,” the Genians Security Center (GSC) said. “It was designed to create concern over possible First seen on…
-
North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels
Cybersecurity researchers have flagged two malicious cyber campaigns that exhibit similarities with a persistent North Korean threat cluster known as Contagious Interview (aka Famous Chollima, HexagonalRodent, and Void Dokkaebi).According to a report published by Proofpoint, the threat actor has been found orchestrating phishing campaigns using developer role recruitment or code review themes First seen on…
-
Chinese, N. Korean Threat Groups Build on Asia-Pacific Success
North Korea’s gross domestic product (GDP) has grown, in part because of the cybercrime gains of groups linked to the nation, which target business and financial firms. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/chinese-korean-threat-groups-asia-pacific-success
-
North Koreans behind nearly half of US tech industry hacks, says CrowdStrike
North Korean hackers posing as remote IT workers and recruiters remain a major threat to U.S., European, and Asian companies, accounting for about half of all attacks over the past 12 months. First seen on techcrunch.com Jump to article: techcrunch.com/2026/06/10/north-koreans-behind-nearly-half-of-us-tech-industry-hacks-says-crowdstrike/
-
IT sector faces growing threats from IP-hungry China, AI-enabled cybercriminals
Businesses also need to watch out for North Korean remote IT worker schemes, according to a new CrowdStrike report. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/china-cyberattacks-it-sector-crowdstrike-report/822366/
-
North Korea Hackers Weaponize GitHub to Target Developers
A sustained phishing campaign that leverages developer recruitment and code-review lures to deliver cross”‘platform malware via attacker-controlled GitHub repositories. Tracked as UNK_DeadDrop and attributed with high confidence to a North Korea”‘aligned actor, the operation targeted nearly 100 organizations across finance, cryptocurrency, education and technology by sending more than 250 tailored emails over six weeks. The…
-
North Korean Hackers Use Fake Coding Tasks to Steal Crypto
North Korean actor UNK_DeadDrop targeted developers with fake coding tasks to steal crypto First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/north-korean-hackers-developers/
-
Lazarus Group Uses npm Brandjacking Campaign to Target Developers
North Korean Lazarus Group targets npm developers with brandjacking packages that mimic trusted tools, drop malware and put credentials at risk. First seen on hackread.com Jump to article: hackread.com/lazarus-group-npm-brandjacking-target-developers/
-
North Korean APT Targets macOS to Steal Crypto Wallets and SSH Keys
A newly uncovered macOS intrusion campaign attributed to the North Korean state-sponsored threat group Sapphire Sleet, also known as BlueNoroff or UNC1069, is targeting high-value organizations in the financial and cryptocurrency sectors. The operation focuses on venture capital firms, Web3 developers, and crypto platforms, highlighting a continued shift in North Korean cyber operations toward financially…
-
Lazarus APT unveils fileless remote access Trojan designed to evade detection
North Korea-linked Lazarus APT Group is using a stealthy memory-only RAT that leaves almost no forensic traces behind. North Korea-linked APT group Lazarus has never been shy about its ambitions, the threat actor has been tied to some of the most audacious financial heists in recent memory, draining hundreds of millions from cryptocurrency exchanges and…
-
InvisibleFerret Malware Uses .pyd and .so Files to Evade Script Detection
A North Korea-linked threat group, Void Dokkaebi, also known as Famous Chollima, has significantly upgraded its malware delivery techniques by converting its Python-based InvisibleFerret malware into compiled binary modules. InvisibleFerret was previously deployed as readable Python scripts, making it easier for defenders to detect through static analysis and signature-based tools. The latest campaign leverages Cython,…
-
Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms
Cybersecurity researchers have shed light on a cross-platform malware called RemotePE that has been put to use by the North Korea-linked Lazarus Group in attacks targeting financial and cryptocurrency organizations.RemotePE, per NCC Group subsidiary Fox-IT, is part of a multi-stage attack chain that involves two loaders tracked as DPAPILoader and RemotePELoader.”DPAPILoader decrypts and First seen…
-
Hackers Abuse Hugging Face to Deliver npm Malware
A newly uncovered supply chain attack targeting the npm ecosystem has been linked to North Korean (DPRK)-aligned threat actors. The campaign centers around a malicious npm package named terminal-logger-utils, which embeds a sophisticated multi-stage malware capable of keylogging, data exfiltration, and remote system control. The package was distributed through three dependent libraries pretty-logger-utils, ts-logger-pack, and pinno-loggers which automatically…
-
Kimsuky Uses LNK, JSE Lures to Target Recruiters, Crypto Users, Defense Officials
Kimsuky Hackers Use LNK and JSE Lures to Target Recruiters, Crypto Users, and Defense Officials. North Korea-linked threat group Kimsuky has launched at least four distinct spear-phishing campaigns in early 2026, targeting recruiters, cryptocurrency users, developers, defense personnel, and academic administrators. Despite using different themes and delivery methods, all campaigns follow a consistent attack chain:…
-
Nordkoreas Hacker-Offensive eskaliert: Shifty Corsair greift gezielt Entwickler und Krypto-Assets an
Da die Angreifer statische Schlüssel direkt in ihre Angriffsketten integrieren, reichen klassische SSH-Sicherheitsmechanismen laut BlueVoyant inzwischen nicht mehr aus. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/nordkoreas-hacker-offensive-eskaliert-shifty-corsair-greift-gezielt-entwickler-und-krypto-assets-an/a45077/
-
Two US Men Jailed for Helping North Korean Hackers Infiltrate US Firms
Matthew Knoot and Erick Prince have been jailed for 18 months each for helping North Korean hackers infiltrate US firms through remote laptop farms. First seen on hackread.com Jump to article: hackread.com/us-men-sentenced-north-korean-hackers-hack-us-firms/
-
Breach Roundup: Microsoft Edge Turns Passwords Into Targets
Tags: attack, breach, data, data-breach, ddos, government, ivanti, microsoft, north-korea, password, scamAlso, Taiwan Rail Hack, Massive DDoS Attack and Karakurt Jail Sentence. This week, Microsoft Edge exposed passwords, Taiwan police make arrests in high-speed rail hack and a 2.45 billion-request DDoS attack. A Karakurt negotiator jailed, North Korean IT worker scams led to prison terms and France detained a teen over a government data breach. Another…
-
Cryptohack Roundup: Bitcoin Core Reveals High-Severity Flaw
Also: TrustedVolumes, Wasabi Protocol and Ekubo Hacks. This week, Bitcoin Core revealed a memory safety flaw, hackers exploited TrustedVolumes, Wasabi Protocol and Ekubo, Bithumb suspension paused, sentencing in U.S. theft case, prosecutors seek 20-year sentence for Delio CEO and North Korea denied that it’s a thief. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/cryptohack-roundup-bitcoin-core-reveals-high-severity-flaw-a-31625
-
American duo sentenced for hosting laptop farms for North Korean IT workers
Tags: north-koreaThe men’s separate schemes impacted almost 70 U.S. companies and generated a combined $1.2 million in revenue for the North Korean regime. First seen on cyberscoop.com Jump to article: cyberscoop.com/north-korea-it-worker-scheme-laptop-farm-facilitators-sentenced/
-
Americans sentenced for running ‘laptop farms’ for North Korea
Two U.S. nationals were sentenced to 18 months in prison each for operating so-called laptop farms that helped North Korean IT workers fraudulently obtain remote employment at nearly 70 American companies. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/americans-sentenced-for-running-laptop-farms-for-north-korea/
-
North Korean hackers targeted ethnic Koreans in China with Android ‘BirdCall’ malware
Researchers at cybersecurity firm ESET attributed the campaign to APT37 and said the hackers used a backdoor attached to a suite of card games from a company called Sqgame. First seen on therecord.media Jump to article: therecord.media/north-korean-hackers-target-ethnic-koreans-in-china