Tag: north-korea
-
Phishing Alert: Kimusky Hackers Masquerade as Tax Authority with ‘September Tax Return Due Date’ Email
South Korean internet users are being targeted by a sophisticated phishing campaign attributed to the North Korean threat actor known as Kimsuky. The malicious emails, masquerading as official notices from the National Tax Service (NTS), inform recipients of a “September Tax Return Payment Due Notice” and urge them to click a link to view an…
-
Phishing Alert: Kimusky Hackers Masquerade as Tax Authority with ‘September Tax Return Due Date’ Email
South Korean internet users are being targeted by a sophisticated phishing campaign attributed to the North Korean threat actor known as Kimsuky. The malicious emails, masquerading as official notices from the National Tax Service (NTS), inform recipients of a “September Tax Return Payment Due Notice” and urge them to click a link to view an…
-
Phishing Alert: Kimusky Hackers Masquerade as Tax Authority with ‘September Tax Return Due Date’ Email
South Korean internet users are being targeted by a sophisticated phishing campaign attributed to the North Korean threat actor known as Kimsuky. The malicious emails, masquerading as official notices from the National Tax Service (NTS), inform recipients of a “September Tax Return Payment Due Notice” and urge them to click a link to view an…
-
APT37 Deploys New Rust and Python Malware Targeting Windows Systems
The North Korean-aligned threat group APT37, also known as ScarCruft, Ruby Sleet, and Velvet Chollima, has evolved its cyber warfare capabilities by deploying sophisticated Rust and Python-based malware in recent campaigns targeting Windows systems. Active since 2012, this advanced persistent threat group continues to focus on South Korean individuals connected to the North Korean regime…
-
Lazarus Group Deploys Malware With ClickFix Scam in Fake Job Interviews
North Korea’s Lazarus Group uses the ClickFix scam in fake crypto job interviews to deploy malware, steal data,… First seen on hackread.com Jump to article: hackread.com/lazarus-group-malware-clickfix-scam-fake-job-interview/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 61
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Operation HanKook Phantom: North Korean APT37 targeting South Korea Three Lazarus RATs coming for your cheese Malvertising Campaign on Meta Expands to Android, Pushing Advanced Crypto-Stealing Malware to Users Worldwide Android Droppers: The Silent…
-
ICE Has Spyware Now
Plus: An AI chatbot system is linked to a widespread hack, details emerge of a US plan to plant a spy device in North Korea, your job’s security training isn’t working, and more. First seen on wired.com Jump to article: www.wired.com/story/ice-has-spyware-now/
-
North Korean Hackers Expose Their Playbook for Swapping Infrastructure
Tags: cyber, cybersecurity, data-breach, hacker, infrastructure, intelligence, malicious, north-korea, threatA sophisticated North Korean cyber operation has been exposed, revealing how state-sponsored hackers systematically monitor cybersecurity intelligence platforms to detect when their malicious infrastructure is discovered and rapidly deploy replacement assets to maintain operations. The analysis, conducted by SentinelLABS in collaboration with Validin, provides unprecedented insight into the operational practices of threat actors behind the…
-
North Korean Hackers Exploit Threat Intel Platforms For Phishing
North Korean hackers have been observed exploiting cyber threat intelligence platforms in a campaign targeting job seekers with malware-laced lures First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/north-korea-exploit-threat-intel/
-
Japan, South Korea Take Aim at North Korean IT Worker Scam
With the continued success of North Korea’s IT worker scams, Asia-Pacific nations are working with private firms to blunt the scheme’s effectiveness. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/japan-south-korea-north-korean-it-worker-scam
-
North Korea’s ScarCruft Targets Academics With RokRAT Malware
A new report reveals North Korea-linked ScarCruft is using RokRAT malware to target academics in a phishing campaign…. First seen on hackread.com Jump to article: hackread.com/north-korea-scarcruft-target-academics-rokrat-malware/
-
North Korea’s APT37 deploys RokRAT in new phishing campaign against academics
ScarCruft (APT37) launches Operation HanKook Phantom, a phishing campaign using RokRAT to target academics, ex-officials, and researchers. Cybersecurity firm Seqrite Labs uncovered a phishing campaign, tracked as dubbed Operation HanKook Phantom, by the North Korea-linked group APT37 (aka Ricochet Chollima, ScarCruft, Reaper, and Group123). Threat actors are using a fake “National Intelligence Research Society Newsletter…
-
ScarCruft Uses RokRAT Malware in Operation HanKook Phantom Targeting South Korean Academics
Cybersecurity researchers have discovered a new phishing campaign undertaken by the North Korea-linked hacking group called ScarCruft (aka APT37) to deliver a malware known as RokRAT.The activity has been codenamed Operation HanKook Phantom by Seqrite Labs, stating the attacks appear to target individuals associated with the National Intelligence Research Association, including academic figures First seen…
-
North Korean Hackers Weaponize Seoul Intelligence Files to Target South Koreans
Pyongyang-backed hacking group APT37 leveraged an internal South Korean intelligence briefing in a spear phishing campaign First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/north-korea-apt37-spear-phishing/
-
DPRK Remote Work Tactics: Leveraging Code-Sharing Platforms
DPRK IT workers have leveraged popular code-sharing platforms such as GitHub, CodeSandbox, and Medium to cultivate convincing developer portfolios and land remote positions under fabricated identities. Investigations reveal approximately 50 active GitHub profiles operated by North Korean actors, supplemented by dozens of profiles across niche freelancing and forum sites. These operatives employ deepfake profile photos,…
-
US targets North Korean IT worker army with new sanctions
The U.S. Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned two individuals and two companies associated with North Korean IT worker schemes that operate at the expense of American organizations. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/legal/us-targets-north-korean-it-worker-army-with-new-sanctions/
-
Anthropic Warns of AI-Powered Cybercrime in New Threat Report
Anthropic’s August report reveals hackers, North Korean operatives, and state actors misused its Claude AI for extortion, fraud, and espionage. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-anthropic-warns-ai-powered-cyber-crime/
-
U.S. Treasury Sanctions North Korean IT Worker Network Funding Weapons Programs
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has imposed sanctions on Russian national Vitaliy Sergeyevich Andreyev, DPRK official Kim Ung Sun, Chinese entity Shenyang Geumpungri Network Technology Co., Ltd. DPRK-based Korea Sinjin Trading Corporation for their involvement in a sophisticated fraudulent scheme involving information technology workers orchestrated by the Democratic…
-
U.S. Treasury Sanctions DPRK IT-Worker Scheme, Exposing $600K Crypto Transfers and $1M+ Profits
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced a fresh round of sanctions against two individuals and two entities for their role in the North Korean remote information technology (IT) worker scheme to generate illicit revenue for the regime’s weapons of mass destruction and ballistic missile programs.”The North Korean regime…
-
Treasury sanctions North Korea IT worker scheme facilitators and front organizations
As the sanctions-evading scheme has grown, so too has the U.S. government’s response. First seen on cyberscoop.com Jump to article: cyberscoop.com/treasury-department-sanctions-north-korea-worker-scheme/
-
US sanctions Russian national and Chinese company over North Korean IT worker schemes
The U.S. Treasury Department announced new sanctions targeting key players in North Korea’s ongoing scheme to get its citizens hired as IT workers at American companies. First seen on therecord.media Jump to article: therecord.media/us-sanctions-company-national-north
-
US sanctions fraud network used by North Korean ‘remote IT workers’ to seek jobs and steal money
Treasury officials say the North Korea government used the fraud network to generate money for the regime’s nuclear weapons program. First seen on techcrunch.com Jump to article: techcrunch.com/2025/08/27/us-sanctions-fraud-network-used-by-north-korea-to-seek-jobs-and-steal-money/
-
Governments, tech companies meet in Tokyo to share tips on fighting North Korea IT worker scheme
The U.S. State Department said it worked with the Ministries of Foreign Affairs in Japan and South Korea to organize the forum, which had more than 130 attendees from freelance work platforms, payment service providers, cryptocurrency companies, AI firms and more. First seen on therecord.media Jump to article: therecord.media/japan-us-south-korea-forum-north-korea-it-worker-scheme
-
Chinese APT Leverages Proxy and VPN Services to Obfuscate Infrastructure
Tags: apt, china, cyber, cybersecurity, data, group, infrastructure, korea, leak, north-korea, service, threat, vpnA significant data dump surfaced on DDoSecrets.com, purportedly extracted from a workstation belonging to a threat actor targeting organizations in South Korea and Taiwan. The leak, detailed in an accompanying article, attributes the activity to the North Korean advanced persistent threat (APT) group known as Kimsuky, a sophisticated actor previously highlighted in cybersecurity advisories for…
-
Kimsuky APT Exposed: GPKI Certificates, Rootkits, and Cobalt Strike Assets Uncovered
A comprehensive operational dump from the North Korean Kimsuky APT organization, also known as APT43, Thallium, or Velvet Chollima, appeared on a dark web forum in an uncommon instance of state-sponsored cyber espionage. This leak, comprising virtual machine images, VPS dumps, phishing kits, rootkits, and over 20,000 browser history records, provides an unparalleled glimpse into…
-
US Government Seeks Medical Records of Trans Youth
Plus: Google wants billions of Chrome users to install an emergency fix, Kristi Noem is on the move, and North Korean IT workers are everywhere. First seen on wired.com Jump to article: www.wired.com/story/us-government-seeks-medical-records-of-trans-youth/