Tag: north-korea
-
Breach Roundup: I’m Lovin’ McDonald’s ‘123456’ Password
Also, US Sanctions North Korean IT Worker Scammers and More Paraguay Hacks. This week, McDonald’s password mishap, North Korean IT worker sanctions, a wormable Microsoft flaw, Qantas update. Monzo fined, Flutter data breach and CyberTeam again targeted Paraguay. Anatsa Trojan reappeared, DoNot targeted a European ministry. Academics sneaked prompt injections into papers. First seen on…
-
US Sanctions Key Threat Actors Tied to North Korea’s Remote IT Worker Scheme
The Office of Foreign Assets Control (OFAC) of the U.S. Department of the Treasury has taken a strong stance against cyber-enabled financial schemes that support North Korea’s illicit weapons programs by imposing sanctions on Song Kum Hyok, a malevolent cyber actor connected to the hacking group Andariel of the Democratic People’s Republic of Korea (DPRK).…
-
US Treasury Department sanctions individuals and entities over illegal IT worker scheme
How not to hire a North Korean IT spy (Apr 14, 2025)North Korean group infiltrated 100-plus companies with imposter IT pros: CrowdStrike report (Aug 6, 2024)North Korean hackers impersonated recruiters to steal credentials from over 1,500 developer systems (Jan 30, 2025)> First seen on csoonline.com Jump to article: www.csoonline.com/article/4019820/us-treasury-department-sanctions-individuals-and-entities-over-illegal-it-worker-scheme.html
-
OFAC Sanctions Key Players in North Korea’s Remote IT Worker Scheme Funding Weapons Programs
The post OFAC Sanctions Key Players in North Korea’s Remote IT Worker Scheme Funding Weapons Programs appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/ofac-sanctions-key-players-in-north-koreas-remote-it-worker-scheme-funding-weapons-programs/
-
US sanctions alleged North Korean IT sweatshop leader
Tags: north-koreaTurns out outsourcing coders to bankroll Kim’s nukes doesn’t jibe with Uncle Sam First seen on theregister.com Jump to article: www.theregister.com/2025/07/09/us_sanctions_north_korean_it/
-
Treasury sanctions North Korean over IT worker malware scheme
The U.S. Department of the Treasury sanctioned cyber actor Song Kum Hyok for his association with North Korea’s hacking group Andariel and for facilitating IT worker schemes that generated revenue for the Pyongyang regime. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/legal/treasury-sanctions-north-korean-over-it-worker-malware-scheme/
-
Treasury sanctions North Korean over IT worker malware scheme
The U.S. Department of the Treasury sanctioned cyber actor Song Kum Hyok for his association with North Korea’s hacking group Andariel and for facilitating IT worker schemes that generated revenue for the Pyongyang regime. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/legal/treasury-sanctions-north-korean-over-it-worker-malware-scheme/
-
U.S. Sanctions North Korean Andariel Hacker Behind Fraudulent IT Worker Scheme
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) on Tuesday sanctioned a member of a North Korean hacking group called Andariel for their role in the infamous remote information technology (IT) worker scheme.The Treasury said Song Kum Hyok, a 38-year-old North Korean national with an address in the Chinese province of…
-
Treasury sanctions key player behind North Korean IT worker scheme
The United States identified and sanctioned another North Korean involved with the country’s IT worker schemes, this time for illicit operations based in China and Russia. First seen on therecord.media Jump to article: therecord.media/north-korea-it-worker-scheme-us-sanctions-song-kum-hyok
-
Treasury slaps sanctions on people, companies tied to North Korean IT worker schemes
A North Korean man was the focus of Tuesday’s announcement, which also included a Russian man, his companies and North Korean firms. First seen on cyberscoop.com Jump to article: cyberscoop.com/treasury-slaps-sanctions-on-people-companies-tied-to-north-korean-it-worker-schemes/
-
DPRK macOS ‘NimDoor’ Malware Targets Web3, Crypto Platforms
Researchers observed North Korean threat actors targeting cryptocurrency and Web3 platforms on Telegram using malicious Zoom meeting requests. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/dprk-macos-nimdoor-malware-web3-crypto-platforms
-
Security Affairs newsletter Round 531 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates Critical Sudo bugs expose…
-
North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates
North Korea-linked hackers use fake Zoom updates to spread macOS NimDoor malware, targeting crypto firms with stealthy backdoors. North Korea-linked threat actors are targeting Web3 and crypto firms with NimDoor, a rare macOS backdoor disguised as a fake Zoom update. Victims are tricked into installing the malware through phishing links sent via Calendly or Telegram.…
-
Cryptohack Roundup: Inside the $100M Nobitex Breach
Also: Dismantling a 460 Million Euro Crypto Fraud Network. This week, a peek into Iran’s largest crypto exchange blending privacy, scale and sanctions evasion, Europol and Spanish police dismantled a crypto fraud network, $9.5M Resupply hack, sentencing in a $40M ponzi scheme and a North Korean crypto theft and employment fraud ring. First seen on…
-
Microsoft shuts down 3,000 email accounts created by North Korean IT workers
Microsoft said it has spent years monitoring North Korea’s campaign to get its citizens hired in IT roles at U.S. companies and recently saw changes in how the campaign operates. First seen on therecord.media Jump to article: therecord.media/microsoft-shuts-down-3000-north-korea-it-worker-email
-
North Korean Hackers Target Crypto Firms with Novel macOS Malware
SentinelLabs observed North Korean actors deploying novel TTPs to target crypto firms, including a mix of programming languages and signal-based persistence First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/north-korea-crypto-macos-malware/
-
N Korean Hackers Drop NimDoor macOS Malware Via Fake Zoom Updates
SentinelLabs uncovers NimDoor, new North Korea-aligned macOS malware targeting Web3 and crypto firms. Exploits Nim, AppleScript, and steals Keychain, browser, shell, and Telegram data. First seen on hackread.com Jump to article: hackread.com/n-korean-hackers-nimdoor-macos-malware-fake-zoom-updates/
-
North Korean crypto thieves deploy custom Mac backdoor
North Korean threat actors are targeting companies from the Web3 and crypto industries with a backdoor designed for macOS written in niche programming language Nim. The attackers are also using AppleScript for early stage payloads, including a fake Zoom update.”North Korean-aligned threat actors have previously experimented with Go and Rust, similarly combining scripts and compiled…
-
North Korean hackers expand remote IT worker scam beyond US firms
First seen on scworld.com Jump to article: www.scworld.com/news/north-korean-hackers-expand-remote-it-worker-scam-beyond-us-firms
-
NimDoor crypto-theft macOS malware revives itself when killed
North Korean state-backed hackers have been using a new family of macOS malware called NimDoor in a campaign that targets web3 and cryptocurrency organizations. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/nimdoor-crypto-theft-macos-malware-revives-itself-when-killed/
-
North Korean Hackers Target Web3 with Nim Malware and Use ClickFix in BabyShark Campaign
Tags: communications, crypto, hacker, injection, korea, macOS, malware, north-korea, programming, threatThreat actors with ties to North Korea have been observed targeting Web3 and cryptocurrency-related businesses with malware written in the Nim programming language, underscoring a constant evolution of their tactics.”Unusually for macOS malware, the threat actors employ a process injection technique and remote communications via wss, the TLS-encrypted version of the WebSocket protocol,” First seen…
-
New macOS Malware Uses Process Injection and Remote Access to Steal Keychain Credentials
A sophisticated campaign by North Korean (DPRK)-aligned threat actors targeting Web3 and cryptocurrency businesses has been uncovered, showcasing an alarming evolution in macOS malware tactics. According to detailed analysis by SentinelLABS, alongside corroborating reports from Huntabil.IT and Huntress, the attackers deploy a multi-stage attack chain featuring Nim-compiled binaries, process injection techniques, and encrypted remote communications.…
-
U.S. Target North Korean IT Worker Scams with Raids, Indictments
The DOJ announced a far-reaching operation that aimed to knock out a substantial number of North Korean IT worker scams that have victimized more than 100 U.S. companies that unwittingly hired North Korean operatives as remote workers, who then stole data and money to support the Pyongyang regime. First seen on securityboulevard.com Jump to article:…
-
Scope, Scale of Spurious North Korean IT Workers Emerges
Microsoft warns thousands of North Korean workers have infiltrated tech, manufacturing, and transportation sectors to steal money and data. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/scope-scale-spurious-north-korean-it-workers
-
Arrests, indictments made in US crackdown of North Korean IT worker schemes
Tags: north-koreaFirst seen on scworld.com Jump to article: www.scworld.com/brief/arrests-indictments-made-in-us-crackdown-of-north-korean-it-worker-schemes
-
DoJ Disrupts North Korean IT Worker Scheme Across Multiple US States
The US also conducted searches of 29 laptop farms across 16 states and seized 29 financial accounts used to launder funds. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/doj-disrupts-north-korean-it-worker-scheme
-
Kimusky Hackers Employ ClickFix Technique to Run Malicious Scripts on Victim Devices
The North Korean state-sponsored hacker collective Kimsuky has been found to use a dishonest technique called >>ClickFix
-
US disrupts North Korean IT worker “laptop farm” scheme in 16 states
The U.S. Department of Justice (DoJ) announced coordinated law enforcement actions against North Korean government’s fund raising operations using remote IT workers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/us-disrupts-north-korean-it-worker-laptop-farm-scheme-in-16-states/
-
U.S. Arrests Facilitator in North Korean IT Worker Scheme; Seizes 29 Domains and Raids 21 Laptop Farms
The U.S. Department of Justice (DoJ) on Monday announced sweeping actions targeting the North Korean information technology (IT) worker scheme, leading to the arrest of one individual and the seizure of 29 financial accounts, 21 fraudulent websites, and nearly 200 computers.The coordinated action saw searches of 21 known or suspected “laptop farms” between June 10…
-
US-Regierung geht gegen nordkoreanische Fake-ITler vor
Nordkorea schleust Agenten als IT-Mitarbeiter mit falschen Identitäten in Unternehmen ein – in den USA wurden nun Verantwortliche hochgenommen. First seen on golem.de Jump to article: www.golem.de/news/cybercrime-us-regierung-geht-gegen-nordkoreanische-fake-itler-vor-2507-197631.html