Tag: north-korea
-
Nordkoreas Cyber-Spione: Remote-Jobs als Tarnung
Mit gefälschten Identitäten und perfekt inszenierten Lebensläufen schleusen sich nordkoreanische Hacker:innen als scheinbar qualifizierte IT-Fachkräfte in Unternehmen ein mit potenziell katastrophalen Folgen. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/nordkoreas-cyber-spione
-
Inside North Korea’s Cyber Mafia: How Hidden IT Workers Fuel Global Espionage and Crypto Theft
A recent report by DTEX sheds light on the sophisticated and complex cyber operations of the Democratic People’s First seen on securityonline.info Jump to article: securityonline.info/inside-north-koreas-cyber-mafia-how-hidden-it-workers-fuel-global-espionage-and-crypto-theft/
-
After helping Russia on the ground North Korea targets Ukraine with cyberespionage
Tags: credentials, cyber, cyberespionage, email, government, hacker, identity, intelligence, korea, microsoft, north-korea, phishing, resilience, risk, russia, ukraineCredential harvesting: Before the phishing emails, the same Ukrainian government entities were targeted with email alerts impersonating Microsoft and claiming unusual sign-in activity was detected on their accounts. The victims were asked to perform identity verification by clicking on a button, which took them to credential harvesting pages.The Proofpoint researchers didn’t manage to obtain any…
-
Breach Roundup: SAP NetWeaver Flaw Draws Hackers
Tags: breach, conference, credentials, flaw, hacker, ivanti, microsoft, north-korea, russia, sap, zero-dayAlso, DOGE Employee’s Credentials Found in Infostealer Dumps. This week, SAP NetWeaver flaw drew hackers, zero-days in Ivanti EPMM, DOGE employee’s credentials found in infostealer dumps and Nucor halted operations. North Korean hackers targeted South Koreans with fake conference invites, Russian hackers targeted webmail servers and Microsoft fixed 72 flaws. First seen on govinfosecurity.com Jump…
-
North Korea’s ‘state-run syndicate’ looks at cyber operations as a survival mechanism
A new report from DTEX Systems is the deepest look at how North Korea’s remote IT workforce schemes are the tip of the iceberg when it comes to its cyber operations. First seen on cyberscoop.com Jump to article: cyberscoop.com/north-korea-cybercrime-dtex-research-center-227/
-
North Korean Hackers Stole $88M by Posing as US Tech Workers
Flashpoint uncovers how North Korean hackers used fake identities to secure remote IT jobs in the US, siphoning… First seen on hackread.com Jump to article: hackread.com/north-korean-hackers-stole-88m-posing-us-tech-workers/
-
Xinbi Telegram Market Tied to $8.4B in Crypto Crime, Romance Scams, North Korea Laundering
Tags: blockchain, china, crime, crypto, data, data-breach, korea, marketplace, north-korea, scam, technologyA Chinese-language, Telegram-based marketplace called Xinbi Guarantee has facilitated no less than $8.4 billion in transactions since 2022, making it the second major black market to be exposed after HuiOne Guarantee.According to a report published by blockchain analytics firm Elliptic, merchants on the marketplace have been found to peddle technology, personal data, and money laundering…
-
TA406 Hackers Target Government Entities to Steal Login Credentials
Tags: attack, credentials, cyber, government, hacker, intelligence, login, malware, north-korea, phishing, russia, threat, ukraineThe North Korean state-sponsored threat actor TA406, also tracked as Opal Sleet and Konni, has set its sights on Ukrainian government entities. Proofpoint researchers have uncovered a dual-pronged offensive involving both credential harvesting and malware deployment through highly targeted phishing campaigns. The likely objective of these attacks is to gather strategic intelligence on the Russian…
-
Sie kommen aus Nordkorea: Wie Unternehmen sich gegen falsche IT-Profis schützen können
Seit einiger Zeit geben sich Bedrohungsakteure:innen aus Nordkorea als legitime IT-Profis aus. Ihr Ziel: Remote-Jobs ergattern, um primär mit ihrem Gehalt nordkoreanische Interessen zu finanzieren und sekundär monetäre Mittel via Erpressung durch Datendiebstahl zu erlangen. Sophos hat insbesondere für Personalverantwortende Tipps zu Vorstellungsgesprächen, Onboarding und Compliance zusammengestellt. ‘Die Betrüger:innen haben in der Vergangenheit mit Fähigkeiten…
-
North Korean IT Workers Are Being Exposed on a Massive Scale
Security researchers are publishing 1,000 email addresses they claim are linked to North Korean IT worker scams that infiltrated Western companies”, along with photos of men allegedly involved in the schemes. First seen on wired.com Jump to article: www.wired.com/story/north-korean-it-worker-scams-exposed/
-
Nordkoreas Cyberkrieg in der Ukraine: Hackergruppe wechselt die Seiten
In der Ukraine ist eine neue Cyberbedrohung aufgetaucht: Die staatlich gesteuerte Hackergruppe TA406 aus Nordkorea greift gezielt politische Einrichtungen an. Die Aktion wirft Fragen zur Rolle Nordkoreas im digitalen Schattenkrieg des Russland-Ukraine-Konflikts auf. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/nordkoreas-cyberkrieg-ukraine
-
TA406 Cyber Campaign: North Korea’s Focus on Ukraine Intelligence
In a recently disclosed campaign, TA406, a North Korean state-aligned threat actor, has expanded its cyber-espionage efforts by First seen on securityonline.info Jump to article: securityonline.info/ta406-cyber-campaign-north-koreas-focus-on-ukraine-intelligence/
-
North Korea ramps up cyberspying in Ukraine to assess war risk
The state-backed North Korean threat group Konni (Opal Sleet, TA406) was observed targeting Ukrainian government entities in intelligence collection operations. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/north-korea-ramps-up-cyberspying-in-ukraine-to-assess-war-risk/
-
China helps North Korean operatives land IT roles, bypassing sanctions
One Chinese company with at least 35 affiliates has shipped IT equipment to a North Korean government-backed organization. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/north-korea-it-worker-scam-china-research/748009/
-
DPRK-Backed TA406 Targets Ukraine With Malware Campaigns
Cyber espionage campaign linked to North Korean actor TA406 targeted Ukrainian government entities First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/dprk-backed-ta406-targets-ukraine/
-
North Korean hackers target Ukrainian government in new espionage campaign
The latest wave of activity in Ukraine suggests that Pyongyang is seeking to “better understand the appetite to continue fighting against the Russian invasion” and “the medium-term outlook of the conflict,” according to the latest report by cybersecurity firm Proofpoint. First seen on therecord.media Jump to article: therecord.media/north-korea-hackers-target-ukraine-to-understand-russian-war-efforts
-
North Korean Konni APT Targets Ukraine with Malware to track Russian Invasion Progress
Tags: apt, government, group, intelligence, korea, malware, north-korea, phishing, russia, threat, ukraineThe North Korea-linked threat actor known as Konni APT has been attributed to a phishing campaign targeting government entities in Ukraine, indicating the threat actor’s targeting beyond Russia.Enterprise security firm Proofpoint said the end goal of the campaign is to collect intelligence on the “trajectory of the Russian invasion.””The group’s interest in Ukraine follows historical…
-
North Korea Targets Ukraine With Cyberespionage Operations
Tags: cyber, cyberespionage, cybersecurity, hacker, intelligence, korea, north-korea, phishing, risk, ukrainePhishing Campaigns Appear to Be Solely Intelligence-Gathering for DPRK Leadership. North Korea nation-state hackers appear to have entered the Ukrainian cyber operations fray, albeit solely for cyberespionage purposes for gathering intelligence to help North Korean leadership determine the current risk to its forces already in the theater, cybersecurity researchers report. First seen on govinfosecurity.com Jump…
-
North Korea’s TA406 Targets Ukraine for Intel
The threat group’s goal is to help Pyongyang assess risk to its troops deployed in Ukraine and to figure out if Moscow might want more. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/north-koreas-ta406-targets-ukraine
-
Researchers Uncover Remote IT Job Fraud Scheme Involving North Korean Nationals
The United States indicted fourteen North Korean nationals for orchestrating a sophisticated scheme to secure remote IT jobs at American companies and nonprofits using stolen identities. This operation, which has funneled at least $88 million USD to the North Korean government (DPRK) over the past six years, has raised alarm across industries, with Fortune 500…
-
Deepfake attacks are inevitable. CISOs can’t prepare soon enough.
Tags: advisory, ai, attack, authentication, awareness, blockchain, business, ciso, compliance, control, cybersecurity, data, deep-fake, defense, detection, espionage, finance, fraud, governance, grc, identity, incident response, jobs, law, mfa, north-korea, password, privacy, resilience, risk, scam, software, strategy, tactics, technology, threat, tool, training, updateReal-world fabrications: Even security vendors have been victimized. Last year, the governance risk and compliance (GRC) lead at cybersecurity company Exabeam was hiring for an analyst, and human resources (HR) qualified a candidate that looked very good on paper with a few minor concerns, says Kevin Kirkwood, CISO.”There were gaps in how the education represented…
-
North Korea’s OtterCookie Malware Added a New Feature to Attack Windows, Linux, and macOS
A North Korea-linked attack group, known as WaterPlum (also referred to as Famous Chollima or PurpleBravo), has been actively targeting financial institutions, cryptocurrency operators, and FinTech companies globally. Since 2023, their infamous Contagious Interview campaign has utilized malware such as BeaverTail and InvisibleFerret to infiltrate systems. However, in September 2024, WaterPlum introduced a sophisticated new…
-
OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities
The North Korean threat actors behind the Contagious Interview campaign have been observed using updated versions of a cross-platform malware called OtterCookie with capabilities to steal credentials from web browsers and other files.NTT Security Holdings, which detailed the new findings, said the attackers have “actively and continuously” updated the malware, introducing versions v3 and v4…
-
North Korean hackers show telltale signs, researchers say
First seen on scworld.com Jump to article: www.scworld.com/news/north-korean-hackers-show-telltale-signs-researchers-say
-
Cryptohack Roundup: Trump’s Crypto Wealth
Also: Mango Markets Hacker Sentenced in CSAM Case. This week, Trump’s crypto wealth, Mango Markets hacker sentenced for CSAM, Solana’s zero-day fix, French police rescued a crypto millionaire’s father from kidnappers, stolen bitcoin frozen, US FTC sued IML and Kraken spotted a North Korean job applicant. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/cryptohack-roundup-trumps-crypto-wealth-a-28351
-
US Readies Huione Group Ban Over Cybercrime Links
Huione Group Helped Criminals Launder Over $4 Billion Worth of Cybercrime Proceeds. The U.S. Department of Treasury set in motion a process to ban a Cambodian company’s access to the dollar financial system for running a vast illicit marketplace for cybercrime tools and laundering billions of dollars on behalf of North Korean and other cybercrime…
-
North Korean Hacker Tries to Infiltrate Kraken Through Job Application
Leading cryptocurrency exchange Kraken has disclosed that it recently thwarted an infiltration attempt by a suspected North Korean hacker posing as a job applicant. The attempted breach highlights the increasing sophistication of state-backed cyber operations targeting the digital assets sector. According to Kraken’s security team, the incident unfolded when a highly convincing applicant submitted a…
-
How China and North Korea Are Industrializing Zero-Days
Tags: china, cloud, corporate, cyberattack, exploit, google, group, hacker, intelligence, korea, north-korea, organized, threat, zero-dayGoogle Cloud’s Hultquist on How State Hackers Exploit Code and Corporate Hiring. John Hultquist, chief analyst at Google Threat Intelligence Group, Google Cloud, discussed how China and North Korea are transforming cyberattacks into organized, factory-like operations. Alongside zero-day exploits, North Korean IT operatives are quietly infiltrating Fortune 500 companies under false identities. First seen on…
-
Hundreds of Fortune 500 Companies Have Unknowingly Employed North Korean IT Operatives
North Korean nationals have successfully infiltrated the employee ranks of major global corporations at a scale previously underestimated, creating a pervasive threat to IT infrastructure and sensitive data worldwide. Security experts revealed at the RSAC 2025 Conference that the infiltration extends across virtually every major corporation, with hundreds of Fortune 500 companies unknowingly employing North…
-
Widespread Fortune 500 firm infiltration conducted by North Koreans
Tags: north-koreaFirst seen on scworld.com Jump to article: www.scworld.com/brief/widespread-fortune-500-firm-infiltration-conducted-by-north-koreans