Tag: north-korea
-
North Korean Hackers Exploit LinkedIn to Infect Crypto Developers with Infostealers
Posing as potential employers, Slow Pisces hackers conceal malware in coding challenges sent to cryptocurrency developers on LinkedIn First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/north-korea-hackers-linkedin/
-
Crypto Developers Targeted by Python Malware Disguised as Coding Challenges
The North Korea-linked threat actor assessed to be behind the massive Bybit hack in February 2025 has been linked to a malicious campaign that targets developers to deliver new stealer malware under the guise of a coding assignment.The activity has been attributed by Palo Alto Networks Unit 42 to a hacking group it tracks as…
-
Slow Pisces Group Targets Developers Using Coding Challenges Laced with Python Malware
A North Korean state-sponsored threat group known as >>Slow Pisces
-
TraderTraitor: The Kings of the Crypto Heist
Allegedly responsible for the theft of $1.5 billion in cryptocurrency from a single exchange, North Korea’s TraderTraitor is one of the most sophisticated cybercrime groups in the world. First seen on wired.com Jump to article: www.wired.com/story/tradertraitor-north-korea-crypto-theft/
-
Lazarus Expands NPM Campaign With Trojan Loaders
North Korea’s Lazarus Deploys Malicious NPM Packages to Steal Data. North Korea’s Lazarus Group expanded a malicious campaign of uploading malicious code to the JavaScript runtime environment npm repository, publishing 11 packages embedded with Trojan loaders. Researchers identified 11 malicious packages in the repository, a hotspot for supply chain attacks. First seen on govinfosecurity.com Jump…
-
Malicious npm packages, BeaverTail malware leveraged in new North Korean attacks
First seen on scworld.com Jump to article: www.scworld.com/brief/malicious-npm-packages-beavertail-malware-leveraged-in-new-north-korean-attacks
-
Lazarus Adds New Malicious npm Using Hexadecimal String Encoding to Evade Detection Systems
North Korean state-sponsored threat actors associated with the Lazarus Group have intensified their Contagious Interview campaign by deploying novel malicious npm packages leveraging hexadecimal string encoding to bypass detection mechanisms. These packages deliver BeaverTail infostealers and remote access trojan (RAT) loaders, targeting developers to exfiltrate credentials, financial data, and cryptocurrency wallets. SecurityScorecard researchers identified 11…
-
North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages
The North Korean threat actors behind the ongoing Contagious Interview campaign are spreading their tentacles on the npm ecosystem by publishing more malicious packages that deliver the BeaverTail malware, as well as a new remote access trojan (RAT) loader.”These latest samples employ hexadecimal string encoding to evade automated detection systems and manual code audits, signaling…
-
Nordkorea verstärkt Operationen zur Anheuerung von IT-Spezialisten in Europa
Mandiant warnt in einer aktuellen Information vor verstärkten Aktivitäten von Nordkorea in Europa. Nachdem die USA restriktiver mit der Beschäftigung von Fachkräften werden, versucht Nordkorea verstärkt IT-Mitarbeiter in IT-Unternehmen in Europa einzuschleusen. Das Ganze geht auf Erkenntnisse der Google Threat … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/04/04/nordkorea-verstaerkt-operationen-zur-anheuerung-von-it-spezialisten-in-europa/
-
North Korean Hackers Disguised as IT Workers Targeting UK, European Companies, Google Finds
The attackers pose as legitimate remote IT workers, looking to both generate revenue and access sensitive company data through employment. “Europe needs to wake up fast,” according to Google’s Jamie Collier. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-north-korea-it-worker-google/
-
DPRK ‘IT Workers’ Pivot to Europe for Employment Scams
By using fake references and building connections with recruiters, some North Korean nationals are landing six-figure jobs that replenish DPRK coffers. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/dprk-it-workers-europe-employment
-
North Korean IT Scammers Targeting European Companies
Inside North Korea’s IT Scam Network Now Shifting to Europe. North Koreans posing as remote IT workers have spread to Europe, where one Pyongyang fraudster assumed at least 12 personas to target companies in Germany, Portugal and the United Kingdom. Western companies have grappled for years with the prospect of unintentionally hiring a North Korean…
-
North Korean IT worker scam spreading to Europe after US law enforcement crackdown
North Korea’s IT worker scam has expanded widely into Europe after years of focusing on U.S. companies, according to new research. First seen on therecord.media Jump to article: therecord.media/north-korean-it-worker-scam-spreads-to-europe
-
North Korea’s IT Operatives Are Exploiting Remote Work Globally
The global rise of North Korean IT worker infiltration poses a serious cybersecurity risk”, using fake identities, remote access, and extortion to compromise organizations. The post North Korea’s IT Operatives Are Exploiting Remote Work Globally appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/north-koreas-it-operatives-are-exploiting-remote-work-globally/
-
North Korea IT Workers Expand Their Employment Across Europe To Infiltrate the Company Networks
North Korean IT workers have intensified their global operations, expanding their employment footprint across Europe to infiltrate corporate networks and generate revenue for the regime. According to the latest report by Google Threat Intelligence Group (GTIG), these workers pose as legitimate remote employees, leveraging advanced technical skills and deceptive tactics to gain access to sensitive…
-
Lazarus Uses ClickFix Tactics in Fake Cryptocurrency Job Attacks
North Korea’s Lazarus hackers are using the ClickFix technique for malware deployment in fresh attacks targeting the cryptocurrency ecosystem. The post Lazarus Uses ClickFix Tactics in Fake Cryptocurrency Job Attacks appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/lazarus-uses-clickfix-tactics-in-fake-cryptocurrency-job-attacks/
-
North Korea’s Fake IT Worker Scheme Sets Sights on Europe
Google has found a significant increase in North Korean actors attempting to gain employment as IT workers in European companies, leading to data theft and extortion First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/north-korea-fake-it-worker-europe/
-
North Korean IT workers set their sights on European organizations
Tags: north-koreaNorth Korean IT workers are expanding their efforts beyond the US, and are seeking to fraudulently gain employment with organizations around the world, but most especially in … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/02/north-korean-it-workers-target-europe/
-
North Korea’s fake tech workers now targeting European employers
With help from UK operatives, because it’s getting tougher to run the scam in the USA First seen on theregister.com Jump to article: www.theregister.com/2025/04/02/north_korean_fake_techies_target_europe/
-
North Korean IT worker army expands operations in Europe
North Korea’s IT workers have expanded operations beyond the United States and are now increasingly targeting organizations across Europe. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/north-korean-it-worker-army-expands-operations-in-europe/
-
Volume of attacks on network devices shows need to replace end of life devices quickly
Tags: access, apache, attack, authentication, best-practice, breach, cloud, control, credentials, cve, cyber, dns, endpoint, espionage, exploit, firewall, flaw, government, group, Hardware, infrastructure, injection, Internet, ivanti, lazarus, macOS, monitoring, network, north-korea, open-source, password, risk, router, russia, sans, service, software, threat, tool, update, vulnerabilityCVE-2023-1389, a vulnerability in TP-Link Archer AX21 router;CVE-2024-3400, a hole in Palo Alto Networks PAN-OS firewall operating system;CVE-2023-36845, a vulnerability in Juniper Networks Junos OS operating system;CVE-2021-44529, a vulnerability in Ivanti Endpoint Manager Cloud Service Appliance;CVE-2023-38035, a hole in Ivanti Sentry security gateway;CVE-2024-36401, a vulnerability in OSGeo GeoServer;CVE-2024-0012, a vulnerability in Palo Alto Neworks PAN-OS…
-
The North Korea worker problem is bigger than you think
The yearslong scheme goes much deeper than contract work, extending to roles beyond traditional IT and sometimes granting the insider threat “keys to the kingdom,” DTEX President Mohan Koo said. First seen on cyberscoop.com Jump to article: cyberscoop.com/north-korea-technical-workers-full-time-jobs/
-
North Korean hackers adopt ClickFix attacks to target crypto firms
The notorious North Korean Lazarus hacking group has reportedly adopted ‘ClickFix’ tactics to deploy malware targeting job seekers in the cryptocurrency industry, particularly centralized finance (CeFi). First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/north-korean-hackers-adopt-clickfix-attacks-to-target-crypto-firms/
-
DPRK IT Worker Scam: Mitigation Steps for Hiring Teams
Nisos DPRK IT Worker Scam: Mitigation Steps for Hiring Teams Nisos is tracking a network of likely North Korean (DPRK)-affiliated IT workers posing as Singaporean, Turkish, Finish and US nationals with the goal of obtaining employment in remote IT, engineering, and full-stack blockchain positions… First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/03/dprk-it-worker-scam-mitigation-steps-for-hiring-teams/
-
North Korean Kimsuky Hackers Deploy New Tactics and Malicious Scripts in Recent Attacks
Security researchers have uncovered a new attack campaign by the North Korean state-sponsored APT group Kimsuky, also known as >>Black Banshee.
-
Unmasking Kimsuky’s Latest Tactics: A Deep Dive into Malicious Scripts and Payloads
Recently, K7 Labs provided an insightful analysis of a campaign attributed to the North Korean APT group Kimsuky, First seen on securityonline.info Jump to article: securityonline.info/unmasking-kimsukys-latest-tactics-a-deep-dive-into-malicious-scripts-and-payloads/