Tag: north-korea
-
Treasury Moves to Ban Huione Group for Laundering $4 Billion
The Treasury Department is moving to cut off Huione Group, a Cambodian conglomerate, from the U.S. financial system, saying the firm and its multiple entities laundered billions of dollars for North Korea’s Lazarus Group and criminal gangs running pig-butchering scams from Southeast Asia. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/treasury-moves-to-ban-huione-group-for-laundering-4-billion/
-
US wants to cut off key player in Southeast Asian cybercrime industry
The Treasury Department issued the proposed rulemaking Thursday, stating that Huione Group has helped launder funds from North Korean state-backed cybercrime operations and investment scams originating in Southeast Asia. First seen on therecord.media Jump to article: therecord.media/us-fincen-cut-off-huione-group-southeast-asia-cyber-scam
-
North Korean IT worker scam is now a threat to all companies, cybersecurity experts say
One cybersecurity expert even said he recently found evidence that a U.S. political campaign in Oregon hired a North Korean IT worker. First seen on therecord.media Jump to article: therecord.media/north-korean-it-worker-scam-expands-rsa
-
North Korea Stole Your Job
For years, North Korea has been secretly placing young IT workers inside Western companies. With AI, their schemes are now more devious”, and effective”, than ever. First seen on wired.com Jump to article: www.wired.com/story/north-korea-stole-your-tech-job-ai-interviews/
-
North Korean operatives have infiltrated hundreds of Fortune 500 companies
Security leaders at Mandiant and Google Cloud say nearly every major company has hired or received applications from North Korean nationals working on behalf of the country’s regime. First seen on cyberscoop.com Jump to article: cyberscoop.com/north-korea-workers-infiltrate-fortune-500/
-
Maryland man pleads guilty to outsourcing US govt work to North Korean dev in China
Feds say $970K scheme defrauded 13+ companies First seen on theregister.com Jump to article: www.theregister.com/2025/04/30/maryland_man_farming_web_dev/
-
Konni APT Deploys Multi-Stage Malware in Targeted Organizational Attacks
A sophisticated multi-stage malware campaign, potentially orchestrated by the North Korean Konni Advanced Persistent Threat (APT) group, has been identified targeting entities predominantly in South Korea. Cybersecurity experts have uncovered a meticulously crafted attack chain that leverages advanced obfuscation techniques and persistent mechanisms to compromise systems and exfiltrate sensitive data. This campaign underscores the persistent…
-
Enterprise-specific zero-day exploits on the rise, Google warns
Tags: access, apple, apt, attack, china, cisco, cloud, crime, crimes, cyberespionage, detection, endpoint, exploit, finance, flaw, google, group, Hardware, incident response, injection, Internet, ivanti, korea, lessons-learned, mandiant, microsoft, mitigation, network, north-korea, remote-code-execution, russia, service, strategy, technology, threat, tool, update, vpn, vulnerability, zero-daySurge in network edge device exploitation: Of the 33 zero-day vulnerabilities in enterprise-specific products, 20 targeted hardware appliances typically located at the network edge, such as VPNs, security gateways, and firewalls. Notable targets last year included Ivanti Cloud Services Appliance, Palo Alto Networks’ PAN-OS, Cisco Adaptive Security Appliance, and Ivanti Connect Secure VPN.Targeted attacks against…
-
Assessment of DPRK IT Worker Tradecraft – Nisos Research 2025
Nisos Assessment of DPRK IT Worker Tradecraft – Nisos Research 2025 Since early 2023 Nisos has been investigating and monitoring North Korean (DPRK) IT workers, who use fake personas and stolen identities to fraudulently obtain remote employment from unwitting companies in the United States and abroad… First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/assessment-of-dprk-it-worker-tradecraft-nisos-research-2025/
-
Nordkoreas <> nutzt russische Infrastruktur
Eine aktuelle Analyse des IT-Sicherheitsunternehmens Trend Micro zeigt, wie die nordkoreanische Hackergruppe Void Dokkaebi auch bekannt unter dem Namen Famous Chollima gezielt russische Internetressourcen einsetzt, um weltweit Cyberangriffe durchzuführen. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/nordkoreas-void-dokkaebi
-
Government hackers are leading the use of attributed zero-days, Google says
Governments like China and North Korea, along with spyware makers, used the most recorded zero-days in 2024. First seen on techcrunch.com Jump to article: techcrunch.com/2025/04/29/government-hackers-are-leading-the-use-of-attributed-zero-days-google-says/
-
North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures
North Korea-linked threat actors behind the Contagious Interview have set up front companies as a way to distribute malware during the fake hiring process.”In this new campaign, the threat actor group is using three front companies in the cryptocurrency consulting industry”, BlockNovas LLC (blocknovas[.] com), Angeloper Agency (angeloper[.]com), and SoftGlide LLC (softglide[.]co)”, to spread First…
-
Lazarus-Gruppe hackt 6 Unternehmen mit Watering-Hole-Angriffen
Die mutmaßlich in Nordkorea beheimatete Lazarus-Gruppe hat in einer neuen Kampagne gleich mindestens sechs Unternehmen über Watering-Hole-Angriffe in Südkorea kompromittieren können. Bei dieser Art Angriff reicht der Besuch einer Webseite (Watering Hole, Wasserloch) für eine Infektion des Opfers. Ein Watering-Hole-Angriff … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/04/25/lazarus-gruppe-hackt-6-unternehmen-mit-watering-hole-angriffe/
-
Erpressungsversuche durch DVRK – Nordkorea infiltriert IT in USA und Europa
First seen on security-insider.de Jump to article: www.security-insider.de/nordkoreanische-it-mitarbeiter-infiltrieren-westliche-unternehmen-regierungen-a-9f49841e749ce9b34e0239d930f39695/
-
North Korean Hackers Use Fake Crypto Firms in Job Malware Scam
Silent Push reveals a complex scheme where North Korean hackers posed as crypto companies, using AI and fake… First seen on hackread.com Jump to article: hackread.com/north-korean-hackers-fake-crypto-firms-job-malware-scam/
-
Operation SyncHole: Lazarus APT targets supply chains in South Korea
The North Korea-linked Lazarus Group targeted at least six firms in South Korea in a cyber espionage campaign called Operation SyncHole. Kaspersky researchers reported that the North Korea-linked APT group Lazarus targeted at least six firms in South Korea in a cyber espionage campaign tracked as Operation SyncHole. The campaign has been active since at…
-
GenAI als Werkzeug für Cyberbetrug: Wie GenAI Nordkoreas IT-Betrügereien unterstützt
Der aktuelle Blogbeitrag von Okta zeigt detailliert auf, wie sich nordkoreanische Betrüger mit Hilfe von KI-gestützten Tools erfolgreich auf Remote-IT-Positionen bewerben. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/genai-als-werkzeug-fuer-cyberbetrug-wie-genai-nordkoreas-it-betruegereien-unterstuetzt/a40590/
-
Russian VPS Servers With RDP and Proxy Servers Enable North Korean Cybercrime Operations
Trend Research has uncovered a sophisticated network of cybercrime operations linked to North Korea, heavily utilizing Russian internet infrastructure. Specifically, IP address ranges in the towns of Khasan and Khabarovsk, Russia, assigned to organizations under TransTelecom (ASN AS20485), are pivotal in these activities. Khasan, just a mile from the North Korea-Russia border and connected via…
-
Web3, cryptocurrency sectors targeted by North Korean hackers
First seen on scworld.com Jump to article: www.scworld.com/brief/web3-cryptocurrency-sectors-targeted-by-north-korean-hackers
-
North Korean IT workers seen using AI tools to scam firms into hiring them
North Korean IT workers illicitly gaining employment at U.S. and European tech companies are increasingly using generative artificial intelligence in a variety of ways to assist them throughout the job application and interview process. First seen on therecord.media Jump to article: therecord.media/north-korean-it-workers-seen-using-ai-recruitment-scams
-
Lazarus hackers breach six companies in watering hole attacks
In a recent espionage campaign, the infamous North Korean threat group Lazarus targeted multiple organizations in the software, IT, finance, and telecommunications sectors in South Korea. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/lazarus-hackers-breach-six-companies-in-watering-hole-attacks/
-
Breach Roundup: Cookie Bite Exposes MFA Achilles Heel
Tags: attack, breach, cyberattack, data, data-breach, google, mfa, microsoft, north-korea, ransomwareAlso, Blue Shield Breach Exposes 4.7M, Cyberattack Disrupts City Systems in Texas. This week, Cookie Bite bypasses MFA in Azure Entra ID, Microsoft fixed RDP Freezes, a ransomware attack in Catalonia, Blue Shield exposed data to Google, a cyberattack disrupted city systems in Texas, South Korean telecom breach exposed USIM data and a warning about…
-
Lazarus Hits 6 South Korean Firms via Cross EX, Innorix Flaws and ThreatNeedle Malware
At least six organizations in South Korea have been targeted by the prolific North Korea-linked Lazarus Group as part of a campaign dubbed Operation SyncHole.The activity targeted South Korea’s software, IT, financial, semiconductor manufacturing, and telecommunications industries, according to a report from Kaspersky published today. The earliest evidence of compromise was first detected in First…
-
Lazarus Hits 6 South Korean Firms via Cross EX, Innorix Zero-Day and ThreatNeedle Malware
At least six organizations in South Korea have been targeted by the prolific North Korea-linked Lazarus Group as part of a campaign dubbed Operation SyncHole.The activity targeted South Korea’s software, IT, financial, semiconductor manufacturing, and telecommunications industries, according to a report from Kaspersky published today. The earliest evidence of compromise was first detected in First…
-
Erodiert die Security-Reputation der USA?
Tags: business, ceo, china, cisa, ciso, cybersecurity, cyersecurity, endpoint, exploit, germany, governance, government, intelligence, iran, kaspersky, north-korea, service, strategy, threat, usaTrump stiftet Verunsicherung auch wenn’s um Cybersicherheit geht.Nachdem US-Präsident Donald Trump nun auch Cybersicherheitsunternehmen per Executive Order für abweichende politische Positionen abstraft, befürchten nicht wenige Branchenexperten, dass US-Sicherheitsunternehmen künftig ähnlich in Verruf geraten könnten wie ihre russischen und chinesischen Konkurrenten. Die zentralen Fragen sind dabei:Können sich CISOs beziehungsweise ihre Unternehmen künftig noch auf US-amerikanische Bedrohungsinformationen…
-
The TraderTraitor Crypto Heist: Nation-State Tactics Meet Financial Cybercrime
The cryptocurrency sector has always been a magnet for cybercriminals, but the TraderTraitor campaign marks a different kind of threat”, one backed by state-sponsored actors with long-term goals and surgical precision. Allegedly linked to North Korea’s Lazarus Group, this campaign wasn’t just about breaking into wallets. It was about exploiting trust, manipulating human behavior, and…