Tag: north-korea
-
Chainalysis: $2.17 billion in crypto stolen in first half of 2025, driven by North Korean hacks
The value of losses to crypto thefts has soared this year to more than $2 billion over the first six months, the blockchain analytics company Chainalysis found. First seen on therecord.media Jump to article: therecord.media/chainalysis-crypto-stolen-billions
-
North Korea Floods npm Registry with Malware
67 Malicious Packages, XORIndex Loader Target JavaScript Code-Sharing Platform. North Korean threat actors escalated their software supply chain attacks by uploading 67 new malicious packages to the npm Registry as part of the ongoing Contagious Interview campaign. The malware targets open-source JavaScript developers with malware loaders. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/north-korea-floods-npm-registry-malware-a-28990
-
Wie Nordkorea Künstliche Intelligenz missbraucht – Mit Deepfakes und KI zum Jobbetrug
First seen on security-insider.de Jump to article: www.security-insider.de/nordkorea-ki-wirtschaftsspionage-erkennung-abwehr-a-2a6444996c8ff114b04d2abb2c2b7293/
-
North Korean XORIndex malware hidden in 67 malicious npm packages
North Korean threat actors planted 67 malicious packages in the Node Package Manager (npm) online repository to deliver a new malware loader called XORIndex to developer systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/north-korean-xorindex-malware-hidden-in-67-malicious-npm-packages/
-
North Korean Hackers Exploit 67 Malicious npm Packages to Spread XORIndex Malware
Tags: attack, cyber, exploit, hacker, malicious, malware, north-korea, software, supply-chain, threatThe Socket Threat Research Team has discovered a new software supply chain attack that uses a malware loader called XORIndex that had not been previously reported, marking a major uptick in North Korean cyber operations. This activity builds on the Contagious Interview campaign previously detailed in June 2025, which involved the HexEval Loader. The adversaries,…
-
North Korean Actors Expand Contagious Interview Campaign with New Malware Loader
Socket has identified a new malware loader called XORIndex incorporated into malicious packages published to the npm registry, with over 9000 downloads so far First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/north-korean-contagious-interview/
-
North Korean Hackers Exploit Zoom Invites in Attacks on Crypto Companies
Tags: attack, blockchain, crypto, cyber, cybersecurity, data-breach, exploit, hacker, jobs, malware, north-korea, phishing, spear-phishing, tactics, threatCybersecurity firm SentinelOne has exposed an ongoing malware campaign orchestrated by North Korean threat actors, known for their persistent >>fake interview
-
North Korea-linked actors spread XORIndex malware via 67 malicious npm packages
North Korea-linked hackers uploaded 67 malicious npm packages with XORIndex malware, hitting 17K+ downloads in ongoing supply chain attacks. North Korea-linked threat actors behind the Contagious Interview campaign have uploaded 67 malicious npm packages with XORIndex malware loader, hitting over 17,000 downloads in ongoing supply chain attacks. XORIndex was built to evade detection and deploy…
-
North Korean Hackers Flood npm Registry with XORIndex Malware in Ongoing Attack Campaign
The North Korean threat actors linked to the Contagious Interview campaign have been observed publishing another set of 67 malicious packages to the npm registry, underscoring ongoing attempts to poison the open-source ecosystem via software supply chain attacks.The packages, per Socket, have attracted more than 17,000 downloads, and incorporate a previously undocumented version of a…
-
You have a fake North Korean IT worker problem here’s how to stop it
Thick resumes with thin LinkedIn connections are one sign. Refusing an in-person interview is another First seen on theregister.com Jump to article: www.theregister.com/2025/07/13/fake_it_worker_problem/
-
Security-Insider Podcast Folge 101 – Riskante IT-Fachkräfte aus Nordkorea
Tags: north-koreaFirst seen on security-insider.de Jump to article: www.security-insider.de/security-insider-podcast-folge-101-nordkoreanische-it-fachkraefte-a-e6948e8c99c1e64e870c3170aaa65e73/
-
You have a fake North Korean IT worker problem – here’s how to stop it
Thick resumes with thin LinkedIn connections are one sign. Refusing an in-person interview is another First seen on theregister.com Jump to article: www.theregister.com/2025/07/13/fake_it_worker_problem/
-
Breach Roundup: I’m Lovin’ McDonald’s ‘123456’ Password
Also, US Sanctions North Korean IT Worker Scammers and More Paraguay Hacks. This week, McDonald’s password mishap, North Korean IT worker sanctions, a wormable Microsoft flaw, Qantas update. Monzo fined, Flutter data breach and CyberTeam again targeted Paraguay. Anatsa Trojan reappeared, DoNot targeted a European ministry. Academics sneaked prompt injections into papers. First seen on…
-
US Sanctions Key Threat Actors Tied to North Korea’s Remote IT Worker Scheme
The Office of Foreign Assets Control (OFAC) of the U.S. Department of the Treasury has taken a strong stance against cyber-enabled financial schemes that support North Korea’s illicit weapons programs by imposing sanctions on Song Kum Hyok, a malevolent cyber actor connected to the hacking group Andariel of the Democratic People’s Republic of Korea (DPRK).…
-
US Treasury Department sanctions individuals and entities over illegal IT worker scheme
How not to hire a North Korean IT spy (Apr 14, 2025)North Korean group infiltrated 100-plus companies with imposter IT pros: CrowdStrike report (Aug 6, 2024)North Korean hackers impersonated recruiters to steal credentials from over 1,500 developer systems (Jan 30, 2025)> First seen on csoonline.com Jump to article: www.csoonline.com/article/4019820/us-treasury-department-sanctions-individuals-and-entities-over-illegal-it-worker-scheme.html
-
OFAC Sanctions Key Players in North Korea’s Remote IT Worker Scheme Funding Weapons Programs
The post OFAC Sanctions Key Players in North Korea’s Remote IT Worker Scheme Funding Weapons Programs appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/ofac-sanctions-key-players-in-north-koreas-remote-it-worker-scheme-funding-weapons-programs/
-
US sanctions alleged North Korean IT sweatshop leader
Tags: north-koreaTurns out outsourcing coders to bankroll Kim’s nukes doesn’t jibe with Uncle Sam First seen on theregister.com Jump to article: www.theregister.com/2025/07/09/us_sanctions_north_korean_it/
-
U.S. Sanctions North Korean Andariel Hacker Behind Fraudulent IT Worker Scheme
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) on Tuesday sanctioned a member of a North Korean hacking group called Andariel for their role in the infamous remote information technology (IT) worker scheme.The Treasury said Song Kum Hyok, a 38-year-old North Korean national with an address in the Chinese province of…
-
Treasury sanctions North Korean over IT worker malware scheme
The U.S. Department of the Treasury sanctioned cyber actor Song Kum Hyok for his association with North Korea’s hacking group Andariel and for facilitating IT worker schemes that generated revenue for the Pyongyang regime. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/legal/treasury-sanctions-north-korean-over-it-worker-malware-scheme/
-
Treasury sanctions North Korean over IT worker malware scheme
The U.S. Department of the Treasury sanctioned cyber actor Song Kum Hyok for his association with North Korea’s hacking group Andariel and for facilitating IT worker schemes that generated revenue for the Pyongyang regime. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/legal/treasury-sanctions-north-korean-over-it-worker-malware-scheme/
-
Treasury sanctions key player behind North Korean IT worker scheme
The United States identified and sanctioned another North Korean involved with the country’s IT worker schemes, this time for illicit operations based in China and Russia. First seen on therecord.media Jump to article: therecord.media/north-korea-it-worker-scheme-us-sanctions-song-kum-hyok
-
Treasury slaps sanctions on people, companies tied to North Korean IT worker schemes
A North Korean man was the focus of Tuesday’s announcement, which also included a Russian man, his companies and North Korean firms. First seen on cyberscoop.com Jump to article: cyberscoop.com/treasury-slaps-sanctions-on-people-companies-tied-to-north-korean-it-worker-schemes/
-
DPRK macOS ‘NimDoor’ Malware Targets Web3, Crypto Platforms
Researchers observed North Korean threat actors targeting cryptocurrency and Web3 platforms on Telegram using malicious Zoom meeting requests. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/dprk-macos-nimdoor-malware-web3-crypto-platforms
-
Security Affairs newsletter Round 531 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates Critical Sudo bugs expose…
-
North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates
North Korea-linked hackers use fake Zoom updates to spread macOS NimDoor malware, targeting crypto firms with stealthy backdoors. North Korea-linked threat actors are targeting Web3 and crypto firms with NimDoor, a rare macOS backdoor disguised as a fake Zoom update. Victims are tricked into installing the malware through phishing links sent via Calendly or Telegram.…
-
Cryptohack Roundup: Inside the $100M Nobitex Breach
Also: Dismantling a 460 Million Euro Crypto Fraud Network. This week, a peek into Iran’s largest crypto exchange blending privacy, scale and sanctions evasion, Europol and Spanish police dismantled a crypto fraud network, $9.5M Resupply hack, sentencing in a $40M ponzi scheme and a North Korean crypto theft and employment fraud ring. First seen on…
-
Microsoft shuts down 3,000 email accounts created by North Korean IT workers
Microsoft said it has spent years monitoring North Korea’s campaign to get its citizens hired in IT roles at U.S. companies and recently saw changes in how the campaign operates. First seen on therecord.media Jump to article: therecord.media/microsoft-shuts-down-3000-north-korea-it-worker-email
-
North Korean Hackers Target Crypto Firms with Novel macOS Malware
SentinelLabs observed North Korean actors deploying novel TTPs to target crypto firms, including a mix of programming languages and signal-based persistence First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/north-korea-crypto-macos-malware/
-
N Korean Hackers Drop NimDoor macOS Malware Via Fake Zoom Updates
SentinelLabs uncovers NimDoor, new North Korea-aligned macOS malware targeting Web3 and crypto firms. Exploits Nim, AppleScript, and steals Keychain, browser, shell, and Telegram data. First seen on hackread.com Jump to article: hackread.com/n-korean-hackers-nimdoor-macos-malware-fake-zoom-updates/