Tag: north-korea

Hackers Leak 9GB of Data from Alleged North Korean Hacker’s Computer

Aug 11, 2025 4:12 PM

Tags: breach, computer, data, hacker, leak, north-korea, tool

Hackers release 9GB of stolen files from the computer of an alleged North Korean hacker, revealing tools, logs,… First seen on hackread.com Jump to article: hackread.com/hackers-leak-9gb-data-north-korean-hacker-computer/
North Korean Group ScarCruft Expands From Spying to Ransomware Attacks

Aug 11, 2025 2:12 PM

Tags: attack, group, hacker, malware, north-korea, phishing, ransomware

North Korean hackers ScarCruft shift from spying to ransomware, using VCD malware in phishing attacks, targeting South Korea… First seen on hackread.com Jump to article: hackread.com/north-korean-group-scarcruft-spying-ransomware-attacks/
North Korean Group ScarCruft Expands From Spying to Ransomware Attacks

Aug 11, 2025 2:12 PM

Tags: attack, group, hacker, malware, north-korea, phishing, ransomware

North Korean hackers ScarCruft shift from spying to ransomware, using VCD malware in phishing attacks, targeting South Korea… First seen on hackread.com Jump to article: hackread.com/north-korean-group-scarcruft-spying-ransomware-attacks/
North Korean Group ScarCruft Expands From Spying to Ransomware Attacks

Aug 11, 2025 2:12 PM

Tags: attack, group, hacker, malware, north-korea, phishing, ransomware

North Korean hackers ScarCruft shift from spying to ransomware, using VCD malware in phishing attacks, targeting South Korea… First seen on hackread.com Jump to article: hackread.com/north-korean-group-scarcruft-spying-ransomware-attacks/
North Korean cyber-espionage group ScarCruft adds ransomware in recent attack

Aug 8, 2025 5:11 PM

Tags: attack, cyber, espionage, group, hacking, north-korea, ransomware

A North Korean state-linked hacking group known for spying added some “newly observed” ransomware to its kit in a campaign targeting South Koreans, researchers said. First seen on therecord.media Jump to article: therecord.media/scarcruft-north-korea-hackers-add-ransomware
Leak Reveals the Workaday Lives of North Korean IT Scammers

Aug 8, 2025 5:11 AM

Tags: group, jobs, leak, north-korea, scam

Spreadsheets, Slack messages, and files linked to an alleged group of North Korean IT workers expose their meticulous job-planning and targeting”, and the constant surveillance they’re under. First seen on wired.com Jump to article: www.wired.com/story/leaked-data-reveals-the-workaday-lives-of-north-korean-it-scammers/
ScarCruft Hacker Group Launches New Rust-Based Malware Attack Leveraging PubNub

Aug 7, 2025 6:11 PM

Tags: attack, cyber, group, hacker, infection, intelligence, malware, north-korea, rust, threat, update

The North Korean state-sponsored advanced persistent threat (APT) group known as ScarCruft has been linked to a sophisticated malware campaign targeting South Korean users. Disguised as a postal-code update notice, this infection chain was uncovered by S2W’s Threat Analysis and Intelligence Center (TALON), revealing a subgroup dubbed ChinopuNK that distributes the Chinotto malware. First identified…
Lazarus Hackers Use Fake Camera/Microphone Alerts to Deploy PyLangGhost RAT

Aug 6, 2025 11:11 PM

Tags: access, ai, cyber, group, hacker, lazarus, malware, north-korea, rat, tactics, threat

North Korean state-sponsored threat actors associated with the Lazarus Group, specifically the subgroup known as Famous Chollima, have evolved their tactics by deploying a new Python-based remote access trojan (RAT) dubbed PyLangGhost. This malware represents a reimplementation of the earlier GoLangGhost RAT, exhibiting code structures indicative of AI-assisted porting, including Go-like logic patterns and extensive…
North Korean Hackers Exploit NPM Packages to Steal Cryptocurrency and Sensitive Data

Aug 5, 2025 2:28 PM

Tags: cloud, crypto, cyber, data, exploit, hacker, malicious, monitoring, north-korea, theft, threat

Veracode Threat Research has uncovered a sophisticated North Korean cryptocurrency theft operation that continues to evolve, building on campaigns previously reported in February and June 2024. This latest iteration involves twelve malicious NPM packages, including cloud-binary, json-cookie-csv, cloudmedia, and nodemailer-enhancer, which were flagged by automated monitoring systems and subsequently removed from the NPM registry. The…
Chollima APT Group Targets Job Seekers and Organizations with JavaScript-Based Malware

Aug 5, 2025 11:28 AM

Tags: apt, cyber, espionage, group, jobs, malware, north-korea, programming, social-engineering, software, threat

The North Korean-linked Chollima advanced persistent threat (APT) group, also known as Famous Chollima, has been orchestrating a persistent cyber espionage campaign since at least December 2022, primarily targeting job seekers in the software development and IT sectors to infiltrate a wide array of United States-based organizations. This operation leverages intricate social engineering techniques, where…
Ransomware goes cloud native to target your backup infrastructure

Aug 5, 2025 10:28 AM

Tags: access, api, authentication, backup, cloud, container, control, credentials, cybercrime, data, defense, exploit, google, group, identity, infrastructure, least-privilege, linkedin, linux, malicious, malware, mfa, north-korea, ransomware, social-engineering, strategy, threat, vulnerability, vulnerability-management

Credential compromise and misconfiguration woes: More sophisticated threat groups have developed social engineering techniques to the point where they reliably trick targets into helping them to bypass multi-factor authentication (MFA) controls before ransacking compromised cloud-hosted environments.For example, threat actors are using compromised OAuth tokens to bypass MFA and inject malicious code into developer ecosystems via…
North Korean spies posing as remote workers have infiltrated hundreds of companies, says CrowdStrike

Aug 4, 2025 3:28 PM

Tags: ai, crowdstrike, korea, north-korea

North Korean IT workers are increasingly using generative AI to draft resumes and “deepfake” their appearances to make money for North Korea’s sanctioned nuclear weapons program. First seen on techcrunch.com Jump to article: techcrunch.com/2025/08/04/north-korean-spies-posing-as-remote-workers-have-infiltrated-hundreds-of-companies-says-crowdstrike/
Ransomware attacks: The evolving extortion threat to US financial institutions

Aug 4, 2025 2:28 PM

Tags: access, ai, antivirus, attack, backup, banking, breach, business, cloud, communications, compliance, control, credentials, crime, crimes, cyber, cybercrime, cybersecurity, dark-web, data, ddos, defense, detection, edr, email, encryption, endpoint, extortion, finance, firewall, governance, group, identity, incident response, infrastructure, insurance, intelligence, international, korea, law, leak, least-privilege, lessons-learned, linkedin, linux, lockbit, login, malicious, mfa, monitoring, network, north-korea, organized, phishing, ransom, ransomware, resilience, risk, rust, service, soc, social-engineering, software, startup, strategy, supply-chain, tactics, theft, threat, tool, training, update, usa, vmware, vulnerability, warfare, windows, zero-trust

Before sunrise on a chilly November morning, I got the kind of call no security leader ever wants. A mid-sized U.S. bank had been hit overnight hard. Customers couldn’t access their accounts, ATMs were non-functional and every screen in the company’s environment glowed with the same ominous message: their systems were encrypted, and data had…
North Korea Hiding Malware Within JPEG Files to Attack Windows Systems Bypassing Detections

Aug 4, 2025 12:41 PM

Tags: antivirus, attack, cyber, data, detection, group, korea, malicious, malware, north-korea, threat, windows

Security researchers at Genians Security Center have uncovered a sophisticated new variant of the RoKRAT malware, attributed to the North Korean-linked APT37 threat group, which employs steganography to conceal malicious payloads within seemingly innocuous JPEG image files. This technique allows the malware to evade traditional antivirus detections by embedding encrypted shellcode in image data, which…
CrowdStrike investigated 320 North Korean IT worker cases in the past year

Aug 4, 2025 9:29 AM

Tags: crowdstrike, north-korea, threat

Threat hunters saw North Korean operatives almost daily, reflecting a 220% year-over-year increase in activity, CrowdStrike said in a new report. First seen on cyberscoop.com Jump to article: cyberscoop.com/crowdstrike-north-korean-operatives/
Ninety laptops, millions of dollars: US woman jailed over North Korea remote-work scam

Aug 3, 2025 2:28 PM

Tags: fraud, identity, jobs, korea, linkedin, north-korea, scam, technology

Christine Chapman apologizes for role in identity fraud that amassed millions to allegedly aid nuclear weapons programIn March 2020, about the time the Covid pandemic started, Christina Chapman, a woman who lived in Arizona and Minnesota, received a message on LinkedIn asking her to “be the US face” of a company and help overseas IT…
Social engineering attacks surged this past year, Palo Alto Networks report finds

Aug 1, 2025 8:28 PM

Tags: attack, group, network, north-korea, social-engineering

Unit 42 said social engineering, the method of choice for groups as diverse as Scattered Spider and North Korean tech workers, was the top initial attack vector over the past year. First seen on cyberscoop.com Jump to article: cyberscoop.com/social-engineering-top-attack-vector-unit-42/
Lazarus Hackers Weaponize 234 npm and PyPI Packages to Infect Developers

Aug 1, 2025 6:28 PM

Tags: cyber, detection, group, hacker, korea, lazarus, malicious, north-korea, open-source, pypi, software, threat

Sonatype’s automated detection systems have uncovered an expansive and ongoing infiltration of the global open-source ecosystem by the notorious Lazarus Group, a threat actor believed to be backed by North Korea’s Reconnaissance General Bureau. Between January and July 2025, Sonatype identified and blocked 234 malicious software packages deployed through both the npm and PyPI open-source…
North Korean hackers target open-source repositories in new espionage campaign

Jul 31, 2025 5:28 PM

Tags: espionage, hacker, lazarus, north-korea, open-source, software, supply-chain, tool

In its latest operation, Lazarus took advantage of major gaps in the open-source software supply chain, like developers depending on unvetted packages and the lack of oversight for popular tools that are often maintained by just one or two people. First seen on therecord.media Jump to article: therecord.media/north-korean-hackers-targeting-open-source-repositories
N. Korean Hackers Used Job Lures, Cloud Account Access, and Malware to Steal Millions in Crypto

Jul 31, 2025 4:28 PM

Tags: access, attack, cloud, container, crypto, docker, hacker, jobs, korea, linkedin, malicious, malware, north-korea, programming, social-engineering, software, threat

The North Korea-linked threat actor known as UNC4899 has been attributed to attacks targeting two different organizations by approaching their employees via LinkedIn and Telegram.”Under the guise of freelance opportunities for software development work, UNC4899 leveraged social engineering techniques to successfully convince the targeted employees to execute malicious Docker containers in their First seen on…
Over 200 Malicious Open Source Packages Traced to Lazarus Campaign

Jul 31, 2025 11:28 AM

Tags: cyber, espionage, group, korea, lazarus, malicious, north-korea, open-source

North Korea’s Lazarus Group has been blamed for a cyber-espionage campaign using open source packages First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/200-malicious-open-source-lazarus/
North Korean APT Hackers Compromise CI/CD Pipelines to Steal Sensitive Data

Jul 31, 2025 10:28 AM

Tags: apt, cyber, data, data-breach, detection, group, hacker, korea, lazarus, malicious, malware, north-korea, open-source, threat

Sonatype’s automated malware detection systems have exposed a large-scale and ongoing cyber infiltration campaign orchestrated by the North Korea-backed Lazarus Group, also known as Hidden Cobra. Between January and July 2025, Sonatype identified and blocked 234 unique malware packages attributed to this state-sponsored threat actor across popular open-source registries like npm and PyPI. These malicious…
32% of exploited vulnerabilities are now zero-days or 1-days

Jul 30, 2025 10:28 PM

Tags: attack, china, country, cve, cyber, espionage, exploit, government, group, iran, kev, korea, north-korea, russia, threat, vulnerability, zero-day

Russian and Iranian threat activity rises: The security industry attributes only some of the newly discovered exploits to known attacker groups, and only some of those groups have known countries of origin. As a result, statistics on the origin of attacks are not perfect.During the first half of 2025, 181 of CVEs added to the…
Researchers Reveal North Korean Threat Actors’ Tactics for Uncovering Illicit Access

Jul 30, 2025 4:28 PM

Tags: access, corporate, cyber, cybersecurity, data-breach, korea, north-korea, tactics, threat

Cybersecurity researchers from Flashpoint have exposed the intricate tactics employed by North Korean threat actors to infiltrate global organizations through remote work vulnerabilities. These operatives, affiliated with the Democratic People’s Republic of Korea (DPRK), masquerade as legitimate freelance developers, IT specialists, and contractors, embedding themselves in corporate workflows to siphon off at least $88 million…
Lazarus Subgroup ‘TraderTraitor’ Targets Cloud Platforms and Contaminates Supply Chains

Jul 29, 2025 5:27 PM

Tags: cloud, cyber, cybersecurity, group, lazarus, mandiant, microsoft, north-korea, supply-chain, threat

The North Korean state-sponsored advanced persistent threat (APT) known as TraderTraitor, a subgroup of the notorious Lazarus Group, has emerged as a formidable actor specializing in digital asset heists. Tracked under aliases such as UNC4899, Jade Sleet, TA444, and Slow Pisces by various cybersecurity firms including Mandiant, Microsoft, Proofpoint, and Unit42, TraderTraitor operates under the…
US Woman Gets Eight Years for Part in $17m North Korean Scheme

Jul 28, 2025 12:27 PM

Tags: north-korea

Arizonan woman sentenced to 102 months for operating laptop farm for North Korean IT workers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/woman-eight-years-17m-north-korean/
Arizona Woman Jailed for Helping North Korea in $17M IT Job Scam

Jul 27, 2025 8:27 PM

Tags: business, cybersecurity, jobs, korea, north-korea, scam

Arizona woman jailed 8.5 years for aiding North Korea’s $17 million IT job scam, defrauding over 300 US companies. Learn how to protect your business from such sophisticated cybersecurity threats. First seen on hackread.com Jump to article: hackread.com/arizona-woman-jailed-help-north-korea-it-job-scam/
Security Affairs newsletter Round 534 by Pierluigi Paganini INTERNATIONAL EDITION

Jul 27, 2025 8:27 AM

Tags: dark-web, email, international, korea, law, north-korea, ransomware, WeeklyReview

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Law enforcement operations seized BlackSuit ransomware gang’s darknet sites Arizona woman sentenced for aiding North Korea…
Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme

Jul 26, 2025 1:27 PM

Tags: fraud, identity, jobs, korea, north-korea, theft, threat

Arizona woman gets 8 years for helping North Korea-linked threat actors to infiltrate 309 U.S. firms with fake IT jobs. Christina Marie Chapman (50) from Arizona, was sentenced to 102 months in prison for aiding North Korean IT workers in infiltrating 309 U.S. companies. She pleaded guilty to charges including aggravated identity theft, conspiracy to…
Arizona Woman Sentenced for Aiding North Korean IT Workers in Cyber Operations

Jul 26, 2025 11:27 AM

Tags: cyber, fraud, north-korea

Christina Marie Chapman, a 50-year-old Arizona woman, has been sentenced to 102 months in prison for her role in an elaborate fraud scheme that helped North Korean IT workers pose as U.S. citizens to obtain remote positions at over 300 American companies. The scheme generated more than $17 million in illicit revenue for both Chapman…