Tag: north-korea

N. Korean Hackers Use PylangGhost Malware in Fake Crypto Job Scam

Jun 19, 2025 2:35 PM

Tags: access, blockchain, crypto, hacker, jobs, malware, north-korea, phishing, scam

North Korean hackers deploy PylangGhost malware through fake crypto job interviews targeting blockchain professionals with phishing and remote access tools. First seen on hackread.com Jump to article: hackread.com/n-korean-hackers-pylangghost-malware-crypo-job-scam/
BlueNoroff Deepfake Zoom Scam Hits Crypto Employee with MacOS Backdoor Malware

Jun 19, 2025 2:35 PM

Tags: apple, attack, backdoor, crypto, cyber, deep-fake, korea, macOS, malware, north-korea, scam, threat

The North Korea-aligned threat actor known as BlueNoroff has been observed targeting an employee in the Web3 sector with deceptive Zoom calls featuring deepfaked company executives to trick them into installing malware on their Apple macOS devices.Huntress, which revealed details of the cyber intrusion, said the attack targeted an unnamed cryptocurrency foundation employee, who received…
U.S. Moves to Collect $7.74 Million Tied to N. Korea IT Worker Scam

Jun 17, 2025 6:54 PM

Tags: korea, north-korea, scam

The DOJ is moving to collect $7.74 million seized two years ago in connection with a criminal case involving an IT worker scam run by North Korean operatives. The case is one of many that have been running in the United States and elsewhere for almost a decade. First seen on securityboulevard.com Jump to article:…
U.S. Seizes $7.74M in Crypto Tied to North Korea’s Global Fake IT Worker Network

Jun 16, 2025 9:54 PM

Tags: crypto, exploit, korea, network, north-korea

The U.S. Department of Justice (DoJ) said it has filed a civil forfeiture complaint in federal court that targets over $7.74 million in cryptocurrency, non-fungible tokens (NFTs), and other digital assets allegedly linked to a global IT worker scheme orchestrated by North Korea.”For years, North Korea has exploited global remote IT contracting and cryptocurrency ecosystems…
North Korean APT Hackers Target Ukrainian Government Agencies to Steal Login Credentials

Jun 16, 2025 1:54 PM

Tags: apt, attack, credentials, cyber, government, group, hacker, login, north-korea, phishing, threat, ukraine

North Korean Advanced Persistent Threat (APT) hackers, specifically the Konni group, have shifted their focus to Ukrainian government agencies in a targeted phishing campaign aimed at stealing login credentials and distributing malware. This attack, observed in February 2025, marks a notable divergence from the group’s traditional targets and raises questions about potential strategic alliances with…
Cybersecurity Snapshot: NIST Offers Zero Trust Implementation Advice, While OpenAI Shares ChatGPT Misuse Incidents

Jun 13, 2025 7:54 PM

Tags: access, ai, attack, best-practice, breach, chatgpt, china, cloud, computer, computing, control, credentials, crime, cyber, cybercrime, cybersecurity, dark-web, data, deep-fake, defense, detection, encryption, endpoint, exploit, finance, fraud, government, guide, Hardware, identity, infrastructure, intelligence, Internet, iot, korea, law, least-privilege, linkedin, malicious, malware, military, ml, mobile, monitoring, network, nist, north-korea, openai, phishing, phone, programming, ransomware, risk, russia, scam, service, social-engineering, software, supply-chain, technology, theft, threat, tool, update, vulnerability, zero-trust

Check out NIST best practices for adopting a zero trust architecture. Plus, learn how OpenAI disrupted various attempts to abuse ChatGPT. In addition, find out what Tenable webinar attendees said about their exposure management experiences. And get the latest on cyber crime trends, a new cybersecurity executive order and more! Dive into six things that…
Is attacker laziness enabled by genAI shortcuts making them easier to catch?

Jun 11, 2025 5:55 AM

Tags: ai, attack, chatgpt, ciso, control, cyberattack, data, defense, detection, email, fraud, gartner, group, Hardware, infrastructure, jobs, korea, malicious, malware, monitoring, north-korea, open-source, openai, risk, russia, software, strategy, tactics, threat, tool, windows

Tactics of attackers: The OpenAI report, published in June, detailed a variety of defenses the company has deployed against fraudsters. One, for example, involved bogus job applications.”We identified and banned ChatGPT accounts associated with what appeared to be multiple suspected deceptive employment campaigns. These threat actors used OpenAI’s models to develop materials supporting what may…
OpenAI’s ChatGPT a Hit With Nation-State Hackers

Jun 10, 2025 7:55 PM

Tags: ai, chatgpt, china, hacker, intelligence, iran, korea, malicious, malware, north-korea, openai, russia, tool

Malicious Accounts Linked to Malware, Influence Operations. OpenAI is using its artificial intelligence models to detect and counter abuse and has banned accounts associated with malicious state-linked operations. Hackers aligned with Russia, China, North Korea and Iran have used OpenAI’s tools for malware development and social media manipulation. First seen on govinfosecurity.com Jump to article:…
North Korean APT Hackers Target Users on Social Media to Spread Malware

Jun 10, 2025 7:55 PM

Tags: apt, cyber, email, group, hacker, hacking, korea, malware, north-korea, threat

The Genians Security Center (GSC) has uncovered a highly sophisticated Advanced Persistent Threat (APT) campaign orchestrated by the North Korean state-sponsored hacking group Kimsuky. Active between March and April 2025, this campaign, identified as part of the notorious ‘AppleSeed’ operation, targets individuals in South Korea through a multi-pronged approach using Facebook, email, and Telegram. Sophisticated…
Kimsuky’s AppleSeed Returns: North Korea-Linked APT Targets Korean Users via Social Media

Jun 10, 2025 5:55 AM

Tags: apt, korea, north-korea

The post Kimsuky’s AppleSeed Returns: North Korea-Linked APT Targets Korean Users via Social Media appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/kimsukys-appleseed-returns-north-korea-linked-apt-targets-korean-users-via-social-media/
DOJ moves to seize $7.74M in crypto linked to North Korean IT worker scam

Jun 9, 2025 9:55 PM

Tags: crypto, finance, north-korea, scam

US seeks to seize $7.74M in crypto linked to North Korean fake IT worker schemes, per a new DOJ forfeiture complaint. The DOJ filed a civil forfeiture complaint for $7.74M in crypto tied to North Korean fake IT worker schemes linked to the indictment of North Korean Foreign Trade Bank (FTB) representative Sim Hyon Sop.…
U.S. Targets $7.7M in Crypto Tied to North Korean IT Worker Scam

Jun 9, 2025 4:54 PM

Tags: crypto, cyber, north-korea, scam

On June 5, 2025, the United States Department of Justice (DOJ) filed a verified civil forfeiture complaint in the US District Court for the District of Columbia, seeking to permanently seize over $7.7 million in cryptocurrency, non-fungible tokens (NFTs), and digital assets linked to a sophisticated global laundering operation orchestrated by North Korea. The assets…
US Tries to Claw Back $7m Taken by North Korean IT Workers

Jun 9, 2025 11:55 AM

Tags: north-korea

The Justice Department has filed a civil forfeiture complaint alleging North Korean IT workers amassed $7m+ First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/us-7m-taken-by-north-korean-it/
Kimsuky Strikes Again Coordinated Attacks Target Facebook, Email, and Telegram

Jun 9, 2025 8:54 AM

Tags: attack, crypto, cyber, defense, email, espionage, group, korea, north-korea, threat

A recent investigation by Genians Security Center (GSC) has uncovered a highly sophisticated, multi-channel cyber espionage campaign attributed to the North Korea-aligned advanced persistent threat (APT) group known as Kimsuky. Between March and April 2025, the group leveraged Facebook, email, and Telegram to infiltrate targets primarily within the defense sector, North Korea-related activists, and cryptocurrency…
Over $7.7M in crypto sequestered from North Korean IT worker scam

Jun 6, 2025 9:54 PM

Tags: crypto, north-korea, scam

First seen on scworld.com Jump to article: www.scworld.com/brief/over-7-7m-in-crypto-sequestered-from-north-korean-it-worker-scam
Microsoft startet neues europäisches Sicherheitsprogramm

Jun 6, 2025 3:55 PM

Tags: ai, china, crime, crimes, cyber, cyberattack, cybercrime, cyberespionage, cyersecurity, deep-fake, governance, government, guide, infrastructure, intelligence, iran, LLM, microsoft, north-korea, open-source, ransomware, resilience, service, social-engineering, supply-chain, threat, ukraine, update, usa, vulnerability

Microsoft will die Cybersicherheit in Europa stärken.Microsoft warnt davor, dass sich Ransomware-Gruppen und staatlich geförderte Akteure aus Russland, China, dem Iran und Nordkorea in Umfang und Raffinesse stetig weiterentwickeln. Europa dürfe daher nicht zögern, seine Verteidigungsmechanismen zu stärken. Der Tech-Konzern will deshalb mit einer neuen Initiative bestehende Schutzprogramme erweitern und gezielt auf europäische Bedürfnisse eingehen.Das…
Uncle Sam moves to seize $7.7M laundered by North Korean IT worker ring

Jun 6, 2025 3:55 PM

Tags: north-korea

The cash has been frozen for more than two years First seen on theregister.com Jump to article: www.theregister.com/2025/06/06/north_korea_it_worker_cash/
New phishing campaign hijacks clipboard via fake CAPTCHA for malware delivery

Jun 6, 2025 2:54 PM

Tags: attack, captcha, endpoint, exploit, Internet, korea, malware, north-korea, phishing, spam, tactics, tool

Fail-proof exploit of ‘verification fatigue’: SlashNext highlighted that the campaign’s success stems largely from its exploitation of human psychology.”Modern internet users are inundated with spam checks, CAPTCHAs, and security prompts on websites, and they’ve been conditioned to click through these as quickly as possible,” Kelley added. “Attackers exploit this ‘verification fatigue,’ knowing that many users…
DOJ moves to claim $7.74 million tied to North Korean IT worker scheme

Jun 6, 2025 2:54 PM

Tags: government, north-korea

The U.S. government wants to confiscate millions of dollars in funds tied to illegal employment of North Korean IT workers at American companies. First seen on therecord.media Jump to article: therecord.media/north-korea-it-worker-scams-doj-civil-forfeiture-claim
DOJ seizes $7.7M from crypto funds linked to North Korea’s IT worker scheme

Jun 6, 2025 12:55 AM

Tags: crypto, korea, north-korea

Authorities said they froze and seized the allegedly illegally obtained funds when North Korean nationals attempted to launder money linked to the long-running conspiracy. First seen on cyberscoop.com Jump to article: cyberscoop.com/doj-seizure-crypto-north-korea-it-workers/
Breach Roundup: Ukraine Hacks Russian Warplane Maker

Jun 5, 2025 10:55 PM

Tags: breach, data, data-breach, hacking, north-korea, russia, threat, ukraine

Also, Crypter Takedown, Threat Intel Naming Accord and Regulators Ping CrowdStrike. This week, Ukraine hacked Tupelov, Russian hacking, crypter sites seized and the U.S. will seize North Korean IT worker crypto. Regulators probed CrowdStrike. A Rosetta Stone for intel. A Romanian man admitted to swatting, Lee Enterprises hack exposed data and an FBI vet joined…
The Ramifications of Ukraine’s Drone Attack

Jun 4, 2025 2:55 PM

Tags: attack, china, india, military, north-korea, russia, threat, ukraine, warfare

You can read the details of Operation Spiderweb elsewhere. What interests me are the implications for future warfare: If the Ukrainians could sneak drones so close to major air bases in a police state such as Russia, what is to prevent the Chinese from doing the same with U.S. air bases? Or the Pakistanis with…
APT37 Hackers Fake Academic Forum Invites to Deliver Malicious LNK Files via Dropbox Platform

Jun 4, 2025 1:55 PM

Tags: cyber, email, group, hacker, hacking, korea, malicious, north-korea, phishing, spear-phishing

The North Korean state-sponsored hacking group APT37 has launched a sophisticated spear phishing campaign in March 2025, targeting activists focused on North Korean issues. Disguised as invitations to an academic forum hosted by a South Korean national security think tank, these emails cleverly referenced a real event titled “Trump 2.0 Era: Prospects and South Korea’s…
North Korean IT Workers Exploit Legitimate Software and Network Tactics to Evade EDR

May 30, 2025 10:55 AM

Tags: control, cyber, data-breach, detection, edr, endpoint, exploit, identity, network, north-korea, software, tactics

A North Korean IT worker, operating under a false identity, was uncovered infiltrating a Western organization with a sophisticated remote-control system. This incident, exposed during a U.S. federal raid on a suspected laptop farm, showcases a chilling trend where adversaries leverage legitimate software and low-level network protocols to evade traditional Endpoint Detection and Response (EDR)…
North Korea’s Laptop Farm Scam: ‘Something We’d Never Seen Before’

May 29, 2025 11:55 PM

Tags: breach, corporate, korea, north-korea, scam

Officials uncover how North Korean operatives used stolen identities and remote-controlled tech to infiltrate American companies and steal corporate data. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-north-korea-laptop-farm-remote-job-scam/
BSI warnt vor Cyberattacken auf Energieversorgung

May 26, 2025 9:54 AM

Tags: bsi, china, cyberattack, germany, infrastructure, north-korea, risk

Die BSI-Präsidentin Claudia Plattner fordert einen besseren IT-Schutz für die Energieversorgung in Deutschland. Die Energieversorgung in Deutschland braucht aus Sicht der Präsidentin des Bundesamtes für Sicherheit in der Informationstechnik (BSI), Claudia Plattner, einen besseren Schutz. Die Behörde sehe hier eine wachsende Angriffsfläche für Cyberkriminelle, sagte Plattner der Funke-Mediengruppe. Derzeit gelte das Stromnetz als sicher und…
Asia Produces More APT Actors, As Focus Expands Globally

May 21, 2025 5:54 AM

Tags: apt, attack, china, cyber, group, korea, north-korea

China and North Korea-aligned groups account for more than half of global attacks, and an increasing number of countries look to cyber to balance power in the region. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/asia-apt-actors-focus-expands-globally
Let’s Talk About SaaS Risk Again”¦ This Time, Louder.

May 20, 2025 9:54 PM

Tags: access, ai, attack, breach, ceo, ciso, cloud, credentials, data, detection, email, endpoint, exploit, identity, infrastructure, malicious, mandiant, monitoring, network, north-korea, risk, saas, siem, software, supply-chain, threat, tool

By Kevin Hanes, CEO of Reveal Security A few weeks ago, I shared a thought that sparked a lot of discussion: SaaS is not a black box we can ignore. It’s a rich, dynamic attack surface and one that attackers are increasingly targeting. That urgency was echoed powerfully in JPMorgan CISO Patrick Opet’s open letter…
North Korean cyber operations run deep, report finds

May 16, 2025 10:54 PM

Tags: cyber, north-korea

First seen on scworld.com Jump to article: www.scworld.com/brief/north-korean-cyber-operations-run-deep-report-finds
APT Group 123 Targets Windows Systems in Ongoing Malicious Payload Campaign

May 16, 2025 9:54 PM

Tags: apt, cyber, group, korea, malicious, middle-east, north-korea, threat, windows

Group123, a North Korean state-sponsored Advanced Persistent Threat (APT) group also known by aliases such as APT37, Reaper, and ScarCruft, continues to target Windows-based systems across multiple regions. Active since at least 2012, the group has historically focused on South Korea but has broadened its operations since 2017 to include Japan, Vietnam, the Middle East,…