Tag: north-korea
-
North Korean Scam Job Platform Targets U.S. AI Developers
A sophisticated new variant of the North Korean-linked Contagious Interview campaign has emerged, featuring an unprecedented level of polish and technical sophistication designed to compromise job-seeking AI developers, software engineers, and cryptocurrency professionals. Unlike typical DPRK IT worker infiltration schemes, this operation targets real individuals through an elaborate fake recruitment platform that mimics legitimate hiring…
-
North Korean Kimsuky and Lazarus Teams Target Critical Sectors with Zero-Day Exploits
Tags: apt, attack, blockchain, crypto, cyber, exploit, finance, framework, group, healthcare, infrastructure, intelligence, korea, lazarus, military, north-korea, threat, zero-dayNorth Korea’s two most formidable APT groups Kimsuky and Lazarus have established a coordinated operational framework that combines intelligence gathering with large-scale cryptocurrency theft. According to a comprehensive Trend Micro analysis, this collaboration poses an unprecedented threat to critical infrastructure worldwide, with attacks targeting the military, financial, blockchain, energy, and healthcare sectors across the United…
-
North Korean Kimsuky and Lazarus Teams Target Critical Sectors with Zero-Day Exploits
Tags: apt, attack, blockchain, crypto, cyber, exploit, finance, framework, group, healthcare, infrastructure, intelligence, korea, lazarus, military, north-korea, threat, zero-dayNorth Korea’s two most formidable APT groups Kimsuky and Lazarus have established a coordinated operational framework that combines intelligence gathering with large-scale cryptocurrency theft. According to a comprehensive Trend Micro analysis, this collaboration poses an unprecedented threat to critical infrastructure worldwide, with attacks targeting the military, financial, blockchain, energy, and healthcare sectors across the United…
-
US chips away at North Korean IT worker fraud
Authorities have described Pyongyang’s revenue-generating schemes as threats to U.S. national and economic security. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/doj-north-korea-remote-worker-crackdown/805689/
-
4 U.S. Citizens, Ukrainian Plead Guilty in N. Korea IT Worker Scheme
Four U.S. citizens and a Ukrainian national pleaded guilty to their roles in a North Korean IT worker scam that victimized more than 135 U.S. companies and netted more than $2.2 million for the DPRK regime and is military and weapons programs. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/4-u-s-citizens-ukrainian-plead-guilty-in-n-korea-it-worker-scheme/
-
Lazarus APT Group’s New ScoringMathTea RAT Enhances Remote Command Execution and More
The Lazarus APT Group, an advanced persistent threat (APT) attributed to North Korea, has deployed a sophisticated new Remote Access Trojan (RAT) called ScoringMathTea as part of its ongoing Operation DreamJob cyberespionage campaign. ScoringMathTea represents a significant evolution in Lazarus’s malware toolkit, implementing a modular architecture designed specifically to evade detection across both network and…
-
Lazarus APT Group’s New ScoringMathTea RAT Enhances Remote Command Execution and More
The Lazarus APT Group, an advanced persistent threat (APT) attributed to North Korea, has deployed a sophisticated new Remote Access Trojan (RAT) called ScoringMathTea as part of its ongoing Operation DreamJob cyberespionage campaign. ScoringMathTea represents a significant evolution in Lazarus’s malware toolkit, implementing a modular architecture designed specifically to evade detection across both network and…
-
5 plead guilty to laptop farm and ID theft scheme to land North Koreans US IT jobs
Fleets of laptops run from US residences gave appearance workers were in the US. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/11/5-plead-guilty-to-laptop-farm-and-id-theft-scheme-to-land-north-koreans-us-it-jobs/
-
US Citizens Plead Guilty to Aiding North Korean IT Worker Campaigns
Four individuals admitted to assisting foreign IT workers in gaining employment at US companies by providing false identities and remote access to employer-owned laptops. First seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/us-citizens-plead-guilty-north-korean-it-worker
-
Selling your identity to North Korean IT scammers isn’t a sustainable side hustle
Four US citizens tried it, and the DoJ just secured guilty pleas from all of ’em First seen on theregister.com Jump to article: www.theregister.com/2025/11/17/doj_north_korean_it_scam/
-
Selling your identity to North Korean IT scammers isn’t a sustainable side hustle
Four US citizens tried it, and the DoJ just secured guilty pleas from all of ’em First seen on theregister.com Jump to article: www.theregister.com/2025/11/17/doj_north_korean_it_scam/
-
US chips away at North Korean IT worker fraud with guilty pleas, cryptocurrency seizure
Authorities have described Pyongyang’s revenue-generating schemes as threats to U.S. national and economic security. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/doj-north-korea-remote-worker-crackdown/805689/
-
Five men admit helping North Korean IT workers infiltrate US companies
US federal prosecutors have secured guilty pleas from five men who helped North Korean IT workers get hired by companies in the United States. This group of domestic … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/17/north-korean-it-workers-us-facilitators/
-
North Korean Hackers Breach 136 U.S. Companies, Earning $2.2 Million
The U.S. Justice Department has announced a significant crackdown on North Korean cybercrime operations, securing five guilty pleas and initiating civil forfeiture actions totaling over $15 million against schemes orchestrated by the Democratic People’s Republic of Korea (DPRK). The elaborate fraud network impacted more than 136 American companies, generating $2.2 million for the North Korean…
-
North Korea’s ‘Job Test’ trap upgrades to JSON malware dropboxes
Developers remain a high-value target: Researchers highlighted that the campaign specifically targets developers involved in crypto and Web3 projects, using realistic-sounding personas and demo applications (real estate, DeFi, game forks) to lower suspicion. The state-linked actors’ shift from direct payload hosting to abusing legitimate JSON storage services suggests that even benign developer-centric platforms are now…
-
North Korea’s ‘Job Test’ trap upgrades to JSON malware dropboxes
Developers remain a high-value target: Researchers highlighted that the campaign specifically targets developers involved in crypto and Web3 projects, using realistic-sounding personas and demo applications (real estate, DeFi, game forks) to lower suspicion. The state-linked actors’ shift from direct payload hosting to abusing legitimate JSON storage services suggests that even benign developer-centric platforms are now…
-
North Korean threat actors use JSON sites to deliver malware via trojanized code
North Korean Contagious Interview actors now host malware on JSON storage sites to deliver trojanized code projects, NVISO reports. North Korea-linked actors behind the Contagious Interview campaign have updated their tactics, using JSON storage services (e.g. JSON Keeper, JSONsilo, and npoint.io) to host and deliver malware through trojanized code projects, according to a new NVISO report. >>NVISO…
-
Five Plead Guilty in North Korean IT Worker Fraud Scheme
The five defendants allegedly assisted North Korean hackers with obtaining remote IT employment with US companies First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/us-five-plead-guilty-dprk-it/
-
North Korean threat actors use JSON sites to deliver malware via trojanized code
North Korean Contagious Interview actors now host malware on JSON storage sites to deliver trojanized code projects, NVISO reports. North Korea-linked actors behind the Contagious Interview campaign have updated their tactics, using JSON storage services (e.g. JSON Keeper, JSONsilo, and npoint.io) to host and deliver malware through trojanized code projects, according to a new NVISO report. >>NVISO…
-
North Korea’s Contagious Interview APT Uses JSON Keeper and GitLab to Deliver BeaverTail Spyware
The post North Korea’s Contagious Interview APT Uses JSON Keeper and GitLab to Deliver BeaverTail Spyware appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/north-koreas-contagious-interview-apt-uses-json-keeper-and-gitlab-to-deliver-beavertail-spyware/
-
Five admit helping North Korea evade sanctions through IT worker schemes
Five pleaded guilty to aiding North Korea ‘s illicit revenue via IT worker fraud, violating international sanctions. The U.S. Department of Justice announced that five people have pleaded guilty to helping North Korea secretly generate revenue by running illegal IT-worker schemes that violated international sanctions. The individuals Audricus Phagnasay (24), Jason Salazar (30), Alexander […]…
-
Five Plead Guilty in U.S. for Helping North Korean IT Workers Infiltrate 136 Companies
The U.S. Department of Justice (DoJ) on Friday announced that five individuals have pleaded guilty to assisting North Korea’s illicit revenue generation schemes by enabling information technology (IT) worker fraud in violation of international sanctions.The five individuals are listed below -Audricus Phagnasay, 24Jason Salazar, 30Alexander Paul Travis, 34Oleksandr Didenko, 28, andErick First seen on thehackernews.com…
-
Five U.S. Citizens Plead Guilty to Helping North Korean IT Workers Infiltrate 136 Companies
The U.S. Department of Justice (DoJ) on Friday announced that five individuals have pleaded guilty to assisting North Korea’s illicit revenue generation schemes by enabling information technology (IT) worker fraud in violation of international sanctions.The five individuals are listed below -Audricus Phagnasay, 24Jason Salazar, 30Alexander Paul Travis, 34Oleksandr Didenko, 28, andErick First seen on thehackernews.com…
-
DOJ Continues Crackdown on North Korea’s Cyber Schemes
Justice Department Secures Guilty Pleas, $15M in Civil Forfeiture. Federal prosecutors charged U.S. citizens and foreign nationals for aiding North Korean IT workers in infiltrating U.S. firms, laundering crypto and funneling illicit revenue back to Pyongyang’s weapons program in what the DOJ has described as a major sanctions-evasion scheme. First seen on govinfosecurity.com Jump to…
-
Five plead guilty to helping North Koreans infiltrate US firms
The U.S. Department of Justice announced that five individuals pleaded guilty to aiding North Korea’s illicit revenue generation schemes, including remote IT worker fraud and cryptocurrency theft. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/five-plead-guilty-to-helping-north-koreans-infiltrate-us-firms/
-
Multiple US citizens plead guilty to helping North Korean IT workers earn $2 million
Three U.S. nationals pleaded guilty to directly handing over their identities for use in North Korean IT worker scams, the Justice Department said, and two other people also admitted helping such schemes. First seen on therecord.media Jump to article: therecord.media/multiple-us-nationals-guilty-pleas-north-korean-it-worker-scams
-
DOJ lauds series of gains against North Korean IT worker scheme, crypto thefts
Federal prosecutors secured five guilty pleas from people who supported overseas remote IT workers, and seized $15 million in stolen cryptocurrency tied to the North Korean regime. First seen on cyberscoop.com Jump to article: cyberscoop.com/doj-north-korea-it-worker-scheme-cases-crypto-seized/
-
North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels
The North Korean threat actors behind the Contagious Interview campaign have once again tweaked their tactics by using JSON storage services to stage malicious payloads.”The threat actors have recently resorted to utilizing JSON storage services like JSON Keeper, JSONsilo, and npoint.io to host and deliver malware from trojanized code projects, with the lure,” NVISO researchers…
-
Five people plead guilty to helping North Koreans infiltrate US companies as ‘remote IT workers’
The U.S. Department of Justice said five people, including four U.S. nationals, “facilitated” North Korean IT workers to get jobs at American companies, allowing the regime to earn money from their remote labor. First seen on techcrunch.com Jump to article: techcrunch.com/2025/11/14/five-people-plead-guilty-to-helping-north-koreans-infiltrate-us-companies-as-remote-it-workers/
-
Breach Roundup: UK Probes Chinese-Made Electric Buses
Also, North Korean Hackers Remotely Wipe Android Devices. This week, the U.K. government probed Chinese electric buses for a kill switch, APT37 abused Google’s Find Hub in South Korea, Conduent said its January hack will cost it more, Hyundai disclosed a breach and Patch Tuesday. OWASP added two new categories to its Top 10 web…