Collecting Cyber-News from over 60 sources

Tag: north-korea

Verdacht des systematischen Missbrauchs von Zahlungsdienstleistern

Nov 7, 2025 2:20 PM

Tags: credit-card, cybercrime, finance, fraud, germany, mail, north-korea, password, phishing, software

Die Beschuldigten sollen zur Abwicklung von Zahlungen vier große deutsche Zahlungsdienstleister kompromittiert haben.Bei der Razzia gegen mutmaßliche Betrugs- und Geldwäschenetzwerke auf drei Kontinenten sind auch 29 Objekte in Deutschland durchsucht worden. In Baden-Württemberg, Bayern, Berlin, Hessen, Rheinland-Pfalz, Sachsen, Hamburg und Schleswig-Holstein waren mehr als 250 Einsatzkräfte im Einsatz, wie das Bundeskriminalamt (BKA) und andere Behörden…
Verdacht des systematischen Missbrauchs von Zahlungsdienstleistern

Nov 7, 2025 2:20 PM

Tags: credit-card, cybercrime, finance, fraud, germany, mail, north-korea, password, phishing, software

Die Beschuldigten sollen zur Abwicklung von Zahlungen vier große deutsche Zahlungsdienstleister kompromittiert haben.Bei der Razzia gegen mutmaßliche Betrugs- und Geldwäschenetzwerke auf drei Kontinenten sind auch 29 Objekte in Deutschland durchsucht worden. In Baden-Württemberg, Bayern, Berlin, Hessen, Rheinland-Pfalz, Sachsen, Hamburg und Schleswig-Holstein waren mehr als 250 Einsatzkräfte im Einsatz, wie das Bundeskriminalamt (BKA) und andere Behörden…
Threat Actors Exploit VS Code Extensions for Ransomware via GitHub C2

Nov 6, 2025 2:19 PM

Tags: attack, control, cyber, espionage, exploit, github, government, group, infrastructure, malware, north-korea, ransomware, threat

Security researchers have uncovered a sophisticated attack campaign attributed to Kimsuky, the North Korean-backed threat group known for conducting espionage operations against government entities and think tanks. Recent analysis reveals that threat actors are leveraging Visual Studio Code extensions and GitHub as command-and-control infrastructure to deliver multi-stage malware payloads capable of deploying ransomware and conducting…
Threat Actors Exploit VS Code Extensions for Ransomware via GitHub C2

Nov 6, 2025 2:19 PM

Tags: attack, control, cyber, espionage, exploit, github, government, group, infrastructure, malware, north-korea, ransomware, threat

Security researchers have uncovered a sophisticated attack campaign attributed to Kimsuky, the North Korean-backed threat group known for conducting espionage operations against government entities and think tanks. Recent analysis reveals that threat actors are leveraging Visual Studio Code extensions and GitHub as command-and-control infrastructure to deliver multi-stage malware payloads capable of deploying ransomware and conducting…
EndClient RAT Leverages Compromised Code-Signing to Slip Past Antivirus

Nov 6, 2025 9:19 AM

Tags: access, antivirus, breach, cyber, malicious, microsoft, north-korea, rat, threat

A sophisticated Remote Access Trojan (RAT) is actively targeting North Korean Human Rights Defenders (HRDs) through a campaign leveraging stolen code-signing certificates to evade antivirus detection. The newly discovered >>EndClient RAT,>StressClear.msi,
EndClient RAT Leverages Compromised Code-Signing to Slip Past Antivirus

Nov 6, 2025 9:19 AM

Tags: access, antivirus, breach, cyber, malicious, microsoft, north-korea, rat, threat

A sophisticated Remote Access Trojan (RAT) is actively targeting North Korean Human Rights Defenders (HRDs) through a campaign leveraging stolen code-signing certificates to evade antivirus detection. The newly discovered >>EndClient RAT,>StressClear.msi,
Unpatched Windows Flaw a Boon for Nation-State Hackers

Nov 6, 2025 1:19 AM

Tags: china, exploit, flaw, hacker, korea, microsoft, north-korea, vulnerability, windows

Chinese Hackers Target European Diplomats with LNK File Flaw. Chinese nation-state hackers are exploiting a Windows vulnerability to hack European diplomatic outposts, say security researchers – but operating system giant Microsoft says the flaw doesn’t merit a patch. Hackers used a flaw already compromised by North Korea and Russia. First seen on govinfosecurity.com Jump to…
U.S. sanctioned North Korea bankers for laundering funds linked to cyberattacks and peapons program

Nov 5, 2025 10:19 PM

Tags: country, cyberattack, cybercrime, finance, government, korea, north-korea

U.S. sanctions North Korea bankers and firms accused of laundering cybercrime funds used to finance the country’s nuclear weapons program. The U.S. Government has imposed sanctions on several North Korea bankers, financial institutions, and individuals accused of laundering funds obtained from cybercrime operations. According to the U.S. Treasury Department, these illicit financial activities directly support…
U.S. Sanctions 10 North Korean Entities for Laundering $12.7M in Crypto and IT Fraud

Nov 5, 2025 1:19 PM

Tags: crypto, cybercrime, finance, fraud, hacker, korea, network, north-korea, technology

The U.S. Treasury Department on Tuesday imposed sanctions against eight individuals and two entities within North Korea’s global financial network for laundering money for various illicit schemes, including cybercrime and information technology (IT) worker fraud.”North Korean state-sponsored hackers steal and launder money to fund the regime’s nuclear weapons program,” said Under Secretary of First seen…
U.S. Sanctions 10 North Korean Entities for Laundering $12.7M in Crypto and IT Fraud

Nov 5, 2025 1:19 PM

Tags: crypto, cybercrime, finance, fraud, hacker, korea, network, north-korea, technology

The U.S. Treasury Department on Tuesday imposed sanctions against eight individuals and two entities within North Korea’s global financial network for laundering money for various illicit schemes, including cybercrime and information technology (IT) worker fraud.”North Korean state-sponsored hackers steal and launder money to fund the regime’s nuclear weapons program,” said Under Secretary of First seen…
US sanctions North Korean bankers linked to cybercrime, IT worker fraud

Nov 5, 2025 12:19 PM

Tags: breach, crypto, cybercrime, finance, fraud, north-korea

The U.S. Treasury Department imposed sanctions on two North Korean financial institutions and eight individuals involved in laundering cryptocurrency stolen in cybercrime and fraudulent IT worker schemes. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/us-treasury-sanctions-north-korean-bankers-linked-to-cybercrime-it-worker-fraud/
Kimsuky Debuts HTTPTroy Backdoor Against South Korea Users

Nov 5, 2025 5:19 AM

Tags: attack, backdoor, group, korea, north-korea, threat

The well-known North Korean threat group continues to improve the obfuscation and anti-analysis features of its attack toolchain. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/kimsuky-httptroy-backdoor-south-korea-users
North Korean companies, people sanctioned for money laundering from cybercrime, IT worker schemes

Nov 4, 2025 10:20 PM

Tags: breach, cybercrime, government, korea, north-korea

The Treasury Department on Tuesday sanctioned eight people and two companies it accused of laundering money obtained from cybercrime and IT worker schemes to fund North Korean government objectives. According to the department, over the last three years North Korea-linked cybercriminals have stolen over $3 billion, mostly in cryptocurrency. In addition, it said, North Korean…
North Korean companies, people sanctioned for money laundering from cybercrime, IT worker schemes

Nov 4, 2025 10:20 PM

Tags: breach, cybercrime, government, korea, north-korea

The Treasury Department on Tuesday sanctioned eight people and two companies it accused of laundering money obtained from cybercrime and IT worker schemes to fund North Korean government objectives. According to the department, over the last three years North Korea-linked cybercriminals have stolen over $3 billion, mostly in cryptocurrency. In addition, it said, North Korean…
Treasury sanctions 8 for laundering North Korea earnings from cybercrime, IT worker scheme

Nov 4, 2025 8:19 PM

Tags: cybercrime, finance, government, korea, north-korea, scam

An IT company, a financial institution and eight men accused of aiding cybercrime and IT worker scams are now on the U.S. government’s list of sanctioned North Korean entities. First seen on therecord.media Jump to article: therecord.media/north-korea-us-sanctions-it-worker-scams-cybercrime
Modern supply-chain attacks and their real-world impact

Nov 4, 2025 9:19 AM

Tags: access, ai, apache, attack, authentication, backdoor, breach, china, control, credentials, crowdstrike, crypto, cybersecurity, data, defense, email, espionage, exploit, github, group, infection, infosec, injection, intelligence, korea, lazarus, LLM, malicious, malware, marketplace, mfa, microsoft, network, north-korea, open-source, password, phishing, pypi, qr, risk, social-engineering, software, supply-chain, tactics, theft, threat, tool, worm, zero-day

This is what modern software supply-chain attacks look like. Since the industry-shaking SolarWinds compromise of 2020, the threat landscape has changed dramatically. Early high-profile incidents targeted build servers or tampered software updates. Today’s attackers prefer a softer entry point: the humans maintaining open-source projects.In the last two years, the majority of large-scale supply-chain intrusions have…
Modern supply-chain attacks and their real-world impact

Nov 4, 2025 9:19 AM

Tags: access, ai, apache, attack, authentication, backdoor, breach, china, control, credentials, crowdstrike, crypto, cybersecurity, data, defense, email, espionage, exploit, github, group, infection, infosec, injection, intelligence, korea, lazarus, LLM, malicious, malware, marketplace, mfa, microsoft, network, north-korea, open-source, password, phishing, pypi, qr, risk, social-engineering, software, supply-chain, tactics, theft, threat, tool, worm, zero-day

This is what modern software supply-chain attacks look like. Since the industry-shaking SolarWinds compromise of 2020, the threat landscape has changed dramatically. Early high-profile incidents targeted build servers or tampered software updates. Today’s attackers prefer a softer entry point: the humans maintaining open-source projects.In the last two years, the majority of large-scale supply-chain intrusions have…
Modern supply-chain attacks and their real-world impact

Nov 4, 2025 9:19 AM

Tags: access, ai, apache, attack, authentication, backdoor, breach, china, control, credentials, crowdstrike, crypto, cybersecurity, data, defense, email, espionage, exploit, github, group, infection, infosec, injection, intelligence, korea, lazarus, LLM, malicious, malware, marketplace, mfa, microsoft, network, north-korea, open-source, password, phishing, pypi, qr, risk, social-engineering, software, supply-chain, tactics, theft, threat, tool, worm, zero-day

This is what modern software supply-chain attacks look like. Since the industry-shaking SolarWinds compromise of 2020, the threat landscape has changed dramatically. Early high-profile incidents targeted build servers or tampered software updates. Today’s attackers prefer a softer entry point: the humans maintaining open-source projects.In the last two years, the majority of large-scale supply-chain intrusions have…
Drohn-Gebärden aus Nordkorea: Lazarus greift europäische UAV-Hersteller an

Nov 4, 2025 5:19 AM

Tags: cyberespionage, lazarus, north-korea

ESET Forscher analysieren eine aktuelle Cyberspionage-Kampagne der berüchtigten nordkoreanischen Hackergruppe First seen on welivesecurity.com Jump to article: www.welivesecurity.com/drohn-gebarden-aus-nordkorea-lazarus-greift-europaische-uav-hersteller-an/
North Korean Hackers Caught on Video Using AI Filters in Fake Job Interviews

Nov 3, 2025 2:19 PM

Tags: ai, breach, crypto, deep-fake, group, hacker, jobs, north-korea

North Korean hackers from the Famous Chollima group used AI deepfakes and stolen identities in fake job interviews to infiltrate crypto and Web3 companies. First seen on hackread.com Jump to article: hackread.com/north-korean-hackers-video-ai-filter-fake-job-interview/
North Korean Hackers Caught on Video Using AI Filters in Fake Job Interviews

Nov 3, 2025 2:19 PM

Tags: ai, breach, crypto, deep-fake, group, hacker, jobs, north-korea

North Korean hackers from the Famous Chollima group used AI deepfakes and stolen identities in fake job interviews to infiltrate crypto and Web3 companies. First seen on hackread.com Jump to article: hackread.com/north-korean-hackers-video-ai-filter-fake-job-interview/
New HttpTroy Backdoor Poses as VPN Invoice in Targeted Cyberattack on South Korea

Nov 3, 2025 12:19 PM

Tags: attack, backdoor, cyberattack, email, korea, north-korea, phishing, spear-phishing, threat, vpn

The North Korea-linked threat actor known as Kimsuky has distributed a previously undocumented backdoor codenamed HttpTroy as part of a likely spear-phishing attack targeting a single victim in South Korea.Gen Digital, which disclosed details of the activity, did not reveal any details on when the incident occurred, but noted that the phishing email contained a…
North Korean APTs Upgrade Arsenal: Kimsuky Uses Stealthy HttpTroy, Lazarus Deploys New BLINDINGCAN RAT

Nov 3, 2025 5:19 AM

Tags: apt, lazarus, north-korea, rat

The post North Korean APTs Upgrade Arsenal: Kimsuky Uses Stealthy HttpTroy, Lazarus Deploys New BLINDINGCAN RAT appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/north-korean-apts-upgrade-arsenal-kimsuky-uses-stealthy-httptroy-lazarus-deploys-new-blindingcan-rat/
Kimsuky and Lazarus Hackers Deploy New Backdoor Tools for Remote Access Attacks

Oct 31, 2025 9:19 AM

Tags: access, attack, backdoor, cyber, group, hacker, hacking, intelligence, lazarus, malware, north-korea, threat, tool

North Korean state-sponsored threat actors have escalated their cyber operations with the deployment of sophisticated new malware variants designed to establish persistent backdoor access to compromised systems. Recent investigations by threat intelligence researchers have uncovered two distinct toolsets from prominent DPRK-aligned hacking groups: Kimsuky’s newly identified HttpTroy backdoor and an upgraded version of Lazarus’s BLINDINGCAN…
How to Block North Korean IT Worker Scams in Remote Hiring

Oct 31, 2025 12:19 AM

Tags: jobs, north-korea, scam

Attorney Jonathan Armstrong on Vetting Job Applicants, Red Flags and Compliance. North Korean operatives are using fake identities and remote job listings to bypass sanctions and infiltrate companies. But employers can avoid becoming unwitting accomplices, said legal expert Jonathan Armstrong, who advises firms to adopt stronger vetting practices and structured investigations. First seen on govinfosecurity.com…
North Korea’s BlueNoroff Expands Scope of Crypto Heists

Oct 28, 2025 6:27 PM

Tags: apt, business, crypto, fintech, jobs, korea, north-korea

Two campaigns targeting fintech execs and Web3 developers show the APT going cross-platform in financially motivated campaigns that use fake business collaboration and job recruitment lures. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/north-korea-bluenoroff-expands-crypto-heists
Researchers Expose GhostCall and GhostHire: BlueNoroff’s New Malware Chains

Oct 28, 2025 6:27 PM

Tags: blockchain, group, kaspersky, korea, lazarus, malware, north-korea, threat

Threat actors tied to North Korea have been observed targeting the Web3 and blockchain sectors as part of twin campaigns tracked as GhostCall and GhostHire.According to Kaspersky, the campaigns are part of a broader operation called SnatchCrypto that has been underway since at least 2017. The activity is attributed to a Lazarus Group sub-cluster called…
BlueNoroff Shifts Tactics: Targets C-Suite and Managers with New Infiltration Methods

Oct 28, 2025 10:26 AM

Tags: attack, blockchain, cyber, finance, group, north-korea, strategy, tactics, threat

The North Korean-linked threat group BlueNoroff, also known by aliases including Sapphire Sleet, APT38, and Alluring Pisces, continues to evolve its attack tactics while maintaining its primary focus on financial gain. The group has shifted its strategy to employ sophisticated new infiltration methods targeting high-value victims including C-level executives, managers, and blockchain developers within the…
North Korean Chollima Actors Added BeaverTail and OtterCookie to its Arsenal

Oct 27, 2025 8:26 AM

Tags: credentials, crypto, cyber, group, jobs, malicious, north-korea, threat

Famous Chollima, a DPRK-aligned threat group, has evolved its arsenal, with BeaverTail and OtterCookie increasingly merging functionalities to steal credentials and cryptocurrency via deceptive job offers. A recent campaign involved a trojanized Node.js application distributed through a malicious NPM package, highlighting the group’s adaptation in delivery methods. In the campaign, Famous Chollima notes merged BeaverTail…
North Korea led the world in nation-state hacking in Q2 and Q3

Oct 24, 2025 3:26 PM

Tags: detection, hacking, korea, north-korea, zero-trust

Security leaders should prioritize anomalous-activity detection and zero-trust principles, a new report recommends. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/north-korea-hacking-trellix-report/803641/