Tag: north-korea

Breach Roundup: Scattered Spider Hacker Gets 10 Years

Aug 21, 2025 9:55 PM

Tags: apple, breach, business, hacker, north-korea, qr, tactics

Also: New ‘Quishing’ Tactics, Pro-Houthi Hacker Sentenced to 20 Months. This week, a Scattered Spider hacker sentenced, new squishing tricks, a pro-Houthi hacker gets 20 months in the United Kingdom, a Taiwanese web hosting provider hacked, the Business Council of New York and Ohio Medical Cannabis Center breached, North Korean hackers target Seoul and an…
Hackers who exposed North Korean government hacker explain why they did it

Aug 21, 2025 2:56 PM

Tags: access, computer, data-breach, government, hacker, north-korea, spy

The two self-described hacktivists said they had access to the North Korean spy’s computer for around four months before deciding what they had found should be made public. First seen on techcrunch.com Jump to article: techcrunch.com/2025/08/21/hackers-who-exposed-north-korean-government-hacker-explain-why-they-did-it/
Hack of North Korean Spy’s Computer Exposes 8.9 GB of Espionage Operations

Aug 21, 2025 5:54 AM

Tags: breach, china, computer, email, espionage, government, north-korea, phishing, spy

A North Korean spy’s computer was hacked, leaking phishing logs, stolen South Korean government email platform source code, and links to Chinese hackers. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-north-korea-spy-hack-espionage/
DPRK, China Suspected in South Korean Embassy Attacks

Aug 21, 2025 5:54 AM

Tags: attack, china, email, government, korea, north-korea, phishing, spear-phishing

Detailed spear-phishing emails sent to European government entities in Seoul are being tied to North Korea, China, or both. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/china-dprk-south-korean-embassy-attacks
North Korea Uses GitHub in Diplomat Cyber Attacks as IT Worker Scheme Hits 320+ Firms

Aug 20, 2025 11:53 AM

Tags: attack, cyber, email, espionage, github, korea, north-korea, phishing, spear-phishing, threat

North Korean threat actors have been attributed to a coordinated cyber espionage campaign targeting diplomatic missions in their southern counterpart between March and July 2025.The activity manifested in the form of at least 19 spear-phishing emails that impersonated trusted diplomatic contacts with the goal of luring embassy staff and foreign ministry personnel with convincing meeting…
North Korea-linked hackers target embassies in Seoul in new espionage campaign

Aug 19, 2025 4:54 PM

Tags: espionage, hacker, korea, north-korea, phishing

North Korea-linked hackers were seen targeting more than a dozen embassies in Seoul with phishing emails. First seen on therecord.media Jump to article: therecord.media/north-korean-hackers-target-foreign-embassies
North Korean Kimsuky Hackers Use GitHub to Target Foreign Embassies with XenoRAT Malware

Aug 19, 2025 1:54 PM

Tags: cyber, data-breach, email, espionage, github, group, hacker, malware, north-korea, password, phishing, spear-phishing

The Trellix Advanced Research Center exposed a DPRK-linked espionage operation attributed to the Kimsuky group (APT43), targeting diplomatic missions in South Korea. Between March and July, at least 19 spear-phishing emails impersonated trusted diplomatic contacts, delivering malware via password-protected ZIP archives hosted on Dropbox and Daum. These emails lured embassy staff with credible invitations to…
North Korean Hackers’ Secret Linux Malware Surfaces Online

Aug 18, 2025 12:54 PM

Tags: apt, china, cyber, data, exploit, government, hacker, hacking, leak, linux, malware, north-korea, tactics, threat

Phrack Magazine’s latest issue #72 has unveiled a significant data leak from a suspected North Korean hacking operation, including exploit tactics, compromised system details, and a sophisticated Linux rootkit. The dump, linked to a Chinese threat actor targeting South Korean and Taiwanese government and private sectors, shows overlaps with the North Korean Kimsuky APT group.…
North Korea Attacks South Koreans With Ransomware

Aug 17, 2025 9:54 PM

Tags: attack, backdoor, hacker, korea, malware, north-korea, ransomware

DPRK hackers are throwing every kind of malware at the wall and seeing what sticks, deploying stealers, backdoors, and ransomware all at once. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/north-korea-attacks-south-koreans-ransomware
Hackers breach and expose a major North Korean spying operation

Aug 12, 2025 8:11 PM

Tags: breach, computer, data-breach, government, hacker, north-korea

Two hackers broke into the computer of a North Korean government hacker and leaked its contents, offering a rare glimpse inside the secretive nation’s spying operations. First seen on techcrunch.com Jump to article: techcrunch.com/2025/08/12/hackers-breach-and-expose-a-major-north-korean-spying-operation/
North Korean Kimsuky Hackers Suffer Data Breach as Insiders Leak Information Online

Aug 12, 2025 10:12 AM

Tags: backdoor, breach, cyber, data, data-breach, espionage, framework, group, hacker, korea, leak, north-korea, phishing, threat, tool

A member of North Korea’s notorious Kimsuky espionage group has experienced a significant data breach after insiders leaked hundreds of gigabytes of internal files and tools to the public. The breach, which emerged in early June 2025, exposed the group’s sophisticated backdoors, phishing frameworks, and reconnaissance operations, marking a rare setback for the state-sponsored threat…
North Korean Kimsuky Hackers Suffer Data Breach as Insiders Leak Information Online

Aug 12, 2025 10:12 AM

Tags: backdoor, breach, cyber, data, data-breach, espionage, framework, group, hacker, korea, leak, north-korea, phishing, threat, tool

A member of North Korea’s notorious Kimsuky espionage group has experienced a significant data breach after insiders leaked hundreds of gigabytes of internal files and tools to the public. The breach, which emerged in early June 2025, exposed the group’s sophisticated backdoors, phishing frameworks, and reconnaissance operations, marking a rare setback for the state-sponsored threat…
North Korean Kimsuky hackers exposed in alleged data breach

Aug 11, 2025 11:12 PM

Tags: breach, data, data-breach, group, hacker, north-korea

The North Korean state-sponsored hackers known as Kimsuky has reportedly suffered a data breach after two hackers, who describe themselves as the opposite of Kimsuky’s values, stole the group’s data and leaked it publicly online. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/north-korean-kimsuky-hackers-exposed-in-alleged-data-breach/
Hackers Leak 9GB of Data from Alleged North Korean Hacker’s Computer

Aug 11, 2025 4:12 PM

Tags: breach, computer, data, hacker, leak, north-korea, tool

Hackers release 9GB of stolen files from the computer of an alleged North Korean hacker, revealing tools, logs,… First seen on hackread.com Jump to article: hackread.com/hackers-leak-9gb-data-north-korean-hacker-computer/
North Korean Group ScarCruft Expands From Spying to Ransomware Attacks

Aug 11, 2025 2:12 PM

Tags: attack, group, hacker, malware, north-korea, phishing, ransomware

North Korean hackers ScarCruft shift from spying to ransomware, using VCD malware in phishing attacks, targeting South Korea… First seen on hackread.com Jump to article: hackread.com/north-korean-group-scarcruft-spying-ransomware-attacks/
North Korean Group ScarCruft Expands From Spying to Ransomware Attacks

Aug 11, 2025 2:12 PM

Tags: attack, group, hacker, malware, north-korea, phishing, ransomware

North Korean hackers ScarCruft shift from spying to ransomware, using VCD malware in phishing attacks, targeting South Korea… First seen on hackread.com Jump to article: hackread.com/north-korean-group-scarcruft-spying-ransomware-attacks/
North Korean Group ScarCruft Expands From Spying to Ransomware Attacks

Aug 11, 2025 2:12 PM

Tags: attack, group, hacker, malware, north-korea, phishing, ransomware

North Korean hackers ScarCruft shift from spying to ransomware, using VCD malware in phishing attacks, targeting South Korea… First seen on hackread.com Jump to article: hackread.com/north-korean-group-scarcruft-spying-ransomware-attacks/
North Korean cyber-espionage group ScarCruft adds ransomware in recent attack

Aug 8, 2025 5:11 PM

Tags: attack, cyber, espionage, group, hacking, north-korea, ransomware

A North Korean state-linked hacking group known for spying added some “newly observed” ransomware to its kit in a campaign targeting South Koreans, researchers said. First seen on therecord.media Jump to article: therecord.media/scarcruft-north-korea-hackers-add-ransomware
Leak Reveals the Workaday Lives of North Korean IT Scammers

Aug 8, 2025 5:11 AM

Tags: group, jobs, leak, north-korea, scam

Spreadsheets, Slack messages, and files linked to an alleged group of North Korean IT workers expose their meticulous job-planning and targeting”, and the constant surveillance they’re under. First seen on wired.com Jump to article: www.wired.com/story/leaked-data-reveals-the-workaday-lives-of-north-korean-it-scammers/
ScarCruft Hacker Group Launches New Rust-Based Malware Attack Leveraging PubNub

Aug 7, 2025 6:11 PM

Tags: attack, cyber, group, hacker, infection, intelligence, malware, north-korea, rust, threat, update

The North Korean state-sponsored advanced persistent threat (APT) group known as ScarCruft has been linked to a sophisticated malware campaign targeting South Korean users. Disguised as a postal-code update notice, this infection chain was uncovered by S2W’s Threat Analysis and Intelligence Center (TALON), revealing a subgroup dubbed ChinopuNK that distributes the Chinotto malware. First identified…
Lazarus Hackers Use Fake Camera/Microphone Alerts to Deploy PyLangGhost RAT

Aug 6, 2025 11:11 PM

Tags: access, ai, cyber, group, hacker, lazarus, malware, north-korea, rat, tactics, threat

North Korean state-sponsored threat actors associated with the Lazarus Group, specifically the subgroup known as Famous Chollima, have evolved their tactics by deploying a new Python-based remote access trojan (RAT) dubbed PyLangGhost. This malware represents a reimplementation of the earlier GoLangGhost RAT, exhibiting code structures indicative of AI-assisted porting, including Go-like logic patterns and extensive…
North Korean Hackers Exploit NPM Packages to Steal Cryptocurrency and Sensitive Data

Aug 5, 2025 2:28 PM

Tags: cloud, crypto, cyber, data, exploit, hacker, malicious, monitoring, north-korea, theft, threat

Veracode Threat Research has uncovered a sophisticated North Korean cryptocurrency theft operation that continues to evolve, building on campaigns previously reported in February and June 2024. This latest iteration involves twelve malicious NPM packages, including cloud-binary, json-cookie-csv, cloudmedia, and nodemailer-enhancer, which were flagged by automated monitoring systems and subsequently removed from the NPM registry. The…
Chollima APT Group Targets Job Seekers and Organizations with JavaScript-Based Malware

Aug 5, 2025 11:28 AM

Tags: apt, cyber, espionage, group, jobs, malware, north-korea, programming, social-engineering, software, threat

The North Korean-linked Chollima advanced persistent threat (APT) group, also known as Famous Chollima, has been orchestrating a persistent cyber espionage campaign since at least December 2022, primarily targeting job seekers in the software development and IT sectors to infiltrate a wide array of United States-based organizations. This operation leverages intricate social engineering techniques, where…
Ransomware goes cloud native to target your backup infrastructure

Aug 5, 2025 10:28 AM

Tags: access, api, authentication, backup, cloud, container, control, credentials, cybercrime, data, defense, exploit, google, group, identity, infrastructure, least-privilege, linkedin, linux, malicious, malware, mfa, north-korea, ransomware, social-engineering, strategy, threat, vulnerability, vulnerability-management

Credential compromise and misconfiguration woes: More sophisticated threat groups have developed social engineering techniques to the point where they reliably trick targets into helping them to bypass multi-factor authentication (MFA) controls before ransacking compromised cloud-hosted environments.For example, threat actors are using compromised OAuth tokens to bypass MFA and inject malicious code into developer ecosystems via…
North Korean spies posing as remote workers have infiltrated hundreds of companies, says CrowdStrike

Aug 4, 2025 3:28 PM

Tags: ai, crowdstrike, korea, north-korea

North Korean IT workers are increasingly using generative AI to draft resumes and “deepfake” their appearances to make money for North Korea’s sanctioned nuclear weapons program. First seen on techcrunch.com Jump to article: techcrunch.com/2025/08/04/north-korean-spies-posing-as-remote-workers-have-infiltrated-hundreds-of-companies-says-crowdstrike/
Ransomware attacks: The evolving extortion threat to US financial institutions

Aug 4, 2025 2:28 PM

Tags: access, ai, antivirus, attack, backup, banking, breach, business, cloud, communications, compliance, control, credentials, crime, crimes, cyber, cybercrime, cybersecurity, dark-web, data, ddos, defense, detection, edr, email, encryption, endpoint, extortion, finance, firewall, governance, group, identity, incident response, infrastructure, insurance, intelligence, international, korea, law, leak, least-privilege, lessons-learned, linkedin, linux, lockbit, login, malicious, mfa, monitoring, network, north-korea, organized, phishing, ransom, ransomware, resilience, risk, rust, service, soc, social-engineering, software, startup, strategy, supply-chain, tactics, theft, threat, tool, training, update, usa, vmware, vulnerability, warfare, windows, zero-trust

Before sunrise on a chilly November morning, I got the kind of call no security leader ever wants. A mid-sized U.S. bank had been hit overnight hard. Customers couldn’t access their accounts, ATMs were non-functional and every screen in the company’s environment glowed with the same ominous message: their systems were encrypted, and data had…
North Korea Hiding Malware Within JPEG Files to Attack Windows Systems Bypassing Detections

Aug 4, 2025 12:41 PM

Tags: antivirus, attack, cyber, data, detection, group, korea, malicious, malware, north-korea, threat, windows

Security researchers at Genians Security Center have uncovered a sophisticated new variant of the RoKRAT malware, attributed to the North Korean-linked APT37 threat group, which employs steganography to conceal malicious payloads within seemingly innocuous JPEG image files. This technique allows the malware to evade traditional antivirus detections by embedding encrypted shellcode in image data, which…
CrowdStrike investigated 320 North Korean IT worker cases in the past year

Aug 4, 2025 9:29 AM

Tags: crowdstrike, north-korea, threat

Threat hunters saw North Korean operatives almost daily, reflecting a 220% year-over-year increase in activity, CrowdStrike said in a new report. First seen on cyberscoop.com Jump to article: cyberscoop.com/crowdstrike-north-korean-operatives/
Ninety laptops, millions of dollars: US woman jailed over North Korea remote-work scam

Aug 3, 2025 2:28 PM

Tags: fraud, identity, jobs, korea, linkedin, north-korea, scam, technology

Christine Chapman apologizes for role in identity fraud that amassed millions to allegedly aid nuclear weapons programIn March 2020, about the time the Covid pandemic started, Christina Chapman, a woman who lived in Arizona and Minnesota, received a message on LinkedIn asking her to “be the US face” of a company and help overseas IT…
Social engineering attacks surged this past year, Palo Alto Networks report finds

Aug 1, 2025 8:28 PM

Tags: attack, group, network, north-korea, social-engineering

Unit 42 said social engineering, the method of choice for groups as diverse as Scattered Spider and North Korean tech workers, was the top initial attack vector over the past year. First seen on cyberscoop.com Jump to article: cyberscoop.com/social-engineering-top-attack-vector-unit-42/