Tag: north-korea
-
North Korean crypto thieves deploy custom Mac backdoor
North Korean threat actors are targeting companies from the Web3 and crypto industries with a backdoor designed for macOS written in niche programming language Nim. The attackers are also using AppleScript for early stage payloads, including a fake Zoom update.”North Korean-aligned threat actors have previously experimented with Go and Rust, similarly combining scripts and compiled…
-
North Korean hackers expand remote IT worker scam beyond US firms
First seen on scworld.com Jump to article: www.scworld.com/news/north-korean-hackers-expand-remote-it-worker-scam-beyond-us-firms
-
NimDoor crypto-theft macOS malware revives itself when killed
North Korean state-backed hackers have been using a new family of macOS malware called NimDoor in a campaign that targets web3 and cryptocurrency organizations. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/nimdoor-crypto-theft-macos-malware-revives-itself-when-killed/
-
North Korean Hackers Target Web3 with Nim Malware and Use ClickFix in BabyShark Campaign
Tags: communications, crypto, hacker, injection, korea, macOS, malware, north-korea, programming, threatThreat actors with ties to North Korea have been observed targeting Web3 and cryptocurrency-related businesses with malware written in the Nim programming language, underscoring a constant evolution of their tactics.”Unusually for macOS malware, the threat actors employ a process injection technique and remote communications via wss, the TLS-encrypted version of the WebSocket protocol,” First seen…
-
New macOS Malware Uses Process Injection and Remote Access to Steal Keychain Credentials
A sophisticated campaign by North Korean (DPRK)-aligned threat actors targeting Web3 and cryptocurrency businesses has been uncovered, showcasing an alarming evolution in macOS malware tactics. According to detailed analysis by SentinelLABS, alongside corroborating reports from Huntabil.IT and Huntress, the attackers deploy a multi-stage attack chain featuring Nim-compiled binaries, process injection techniques, and encrypted remote communications.…
-
U.S. Target North Korean IT Worker Scams with Raids, Indictments
The DOJ announced a far-reaching operation that aimed to knock out a substantial number of North Korean IT worker scams that have victimized more than 100 U.S. companies that unwittingly hired North Korean operatives as remote workers, who then stole data and money to support the Pyongyang regime. First seen on securityboulevard.com Jump to article:…
-
Scope, Scale of Spurious North Korean IT Workers Emerges
Microsoft warns thousands of North Korean workers have infiltrated tech, manufacturing, and transportation sectors to steal money and data. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/scope-scale-spurious-north-korean-it-workers
-
Arrests, indictments made in US crackdown of North Korean IT worker schemes
Tags: north-koreaFirst seen on scworld.com Jump to article: www.scworld.com/brief/arrests-indictments-made-in-us-crackdown-of-north-korean-it-worker-schemes
-
DoJ Disrupts North Korean IT Worker Scheme Across Multiple US States
The US also conducted searches of 29 laptop farms across 16 states and seized 29 financial accounts used to launder funds. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/doj-disrupts-north-korean-it-worker-scheme
-
Kimusky Hackers Employ ClickFix Technique to Run Malicious Scripts on Victim Devices
The North Korean state-sponsored hacker collective Kimsuky has been found to use a dishonest technique called >>ClickFix
-
US disrupts North Korean IT worker “laptop farm” scheme in 16 states
The U.S. Department of Justice (DoJ) announced coordinated law enforcement actions against North Korean government’s fund raising operations using remote IT workers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/us-disrupts-north-korean-it-worker-laptop-farm-scheme-in-16-states/
-
U.S. Arrests Facilitator in North Korean IT Worker Scheme; Seizes 29 Domains and Raids 21 Laptop Farms
The U.S. Department of Justice (DoJ) on Monday announced sweeping actions targeting the North Korean information technology (IT) worker scheme, leading to the arrest of one individual and the seizure of 29 financial accounts, 21 fraudulent websites, and nearly 200 computers.The coordinated action saw searches of 21 known or suspected “laptop farms” between June 10…
-
US-Regierung geht gegen nordkoreanische Fake-ITler vor
Nordkorea schleust Agenten als IT-Mitarbeiter mit falschen Identitäten in Unternehmen ein – in den USA wurden nun Verantwortliche hochgenommen. First seen on golem.de Jump to article: www.golem.de/news/cybercrime-us-regierung-geht-gegen-nordkoreanische-fake-itler-vor-2507-197631.html
-
US DOJ makes progress combatting North Korean remote IT worker schemes
Any organization is at risk: During a media briefing, senior DOJ and FBI officials noted that at least one of the organizations that had unknowingly contracted the illicit workers was a government contractor, but, they said, anyone in the US posting jobs for remote workers is at risk.”The threat posed by DPRK operatives is both…
-
North Korean IT Workers Employ New Tactics to Infiltrate Global Organizations
Tags: ai, china, cyber, intelligence, korea, microsoft, north-korea, russia, tactics, technology, threat, toolMicrosoft Threat Intelligence has uncovered a sophisticated operation by North Korean remote IT workers who are leveraging cutting-edge artificial intelligence (AI) tools to infiltrate organizations worldwide. Since at least 2020, these highly skilled individuals, often based in North Korea, China, and Russia, have been targeting technology-related roles across various industries to generate revenue for the…
-
US DoJ and Microsoft Target North Korean IT Workers
Both the US authorities and Microsoft have taken action to disrupt North Korean IT worker schemes First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/us-doj-microsoft-target-north/
-
U.S. Arrests Key Facilitator in North Korean IT Worker Scheme, Seizes $7.74 Million
The U.S. Department of Justice (DoJ) on Monday announced sweeping actions targeting the North Korean information technology (IT) worker scheme, leading to the arrest of one individual and the seizure of 29 financial accounts, 21 fraudulent websites, and nearly 200 computers.The coordinated action saw searches of 21 known or suspected “laptop farms” across 14 states…
-
U.S. DOJ Cracks Down on North Korean Remote IT Workforce Operating Illegally
The U.S. Department of Justice (DOJ) has announced a major crackdown on North Korea’s covert use of remote information technology (IT) workers to siphon millions from American companies and fund its weapons programs. The coordinated law enforcement actions, resulted in the arrest of a New Jersey man, the seizure of 29 financial accounts, 21 fraudulent…
-
US DOJ announces progress combatting North Korean remote IT worker schemes
Any organization is at risk: During a media briefing, senior DOJ and FBI officials noted that at least one of the organizations that had unknowingly contracted the illicit workers was a government contractor, but, they said, anyone in the US posting jobs for remote workers is at risk.”The threat posed by DPRK operatives is both…
-
US shuts down a string of North Korean IT worker scams
Resulting in two indictments, one arrest, and 137 laptops seized First seen on theregister.com Jump to article: www.theregister.com/2025/06/30/us_north_korea_workers/
-
DOJ raids 29 ‘laptop farms’ in operation against North Korean IT worker scheme
Tags: north-koreaThe Justice Department announced a coordinated action to disrupt a Pyongyang campaign to get North Koreans hired at U.S.-based companies. First seen on therecord.media Jump to article: therecord.media/doj-raids-laptop-farms-crackdown
-
US authorities unmask North Korean IT worker schemes and their American accomplices
Tags: north-koreaFederal officials said businesses should carefully verify the identities of remote employees to avoid falling prey to similar scams. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/north-korea-it-worker-scheme-us-charges-arrest/752000/
-
DOJ raids 29 ‘laptop farms’ in crackdown on N. Korean IT worker scheme
Tags: north-koreaThe Justice Department announced a coordinated action to disrupt a Pyongyang campaign to get North Koreans hired at U.S.-based companies. First seen on therecord.media Jump to article: therecord.media/doj-raids-laptop-farms-crackdown
-
US Announces Crackdown on North Koreans Posing as IT Workers
DOJ Indictments, Enforcement Actions Follow Nationwide Search for ‘Laptop Farms’. Federal prosecutors announced major enforcement actions after a North Korean crime ring used stolen IDs, fake websites and U.S. shell firms to embed IT workers inside more than 100 American companies, stealing data and laundering over $5 million to fund Pyongyang’s weapons programs. First seen…
-
Identities of More Than 80 Americans Stolen for North Korean IT Worker Scams
The US Justice Department revealed the identity theft number along with one arrest and a crackdown on “laptop farms” that allegedly facilitate North Korean tech worker impersonators across the US. First seen on wired.com Jump to article: www.wired.com/story/identities-of-80-plus-americans-stolen-for-north-korean-it-worker-scams/
-
Arrest, seizures in latest U.S. operation against North Korean IT workers
Tags: north-koreaThe coordinated steps included searches spanning 16 states involving workers who obtained employment at more than 100 U.S. companies. First seen on cyberscoop.com Jump to article: cyberscoop.com/arrest-seizures-north-korean-it-workers-june-2025/
-
US government takes down major North Korean ‘remote IT workers’ operation
US prosecutors indicated a total of 13 people involved in the fraudulent scheme to steal and launder money for North Korea’s nuclear weapons program. First seen on techcrunch.com Jump to article: techcrunch.com/2025/06/30/us-government-takes-down-major-north-korean-remote-it-workers-operation/
-
N. Korean Group BlueNoroff Uses Deepfake Zoom Calls in Crypto Scams
The notorious BlueNoroff group from North Korea is using deepfake video and deceptive Zoom calls to steal cryptocurrency by enticing targets to unwittingly download malware onto their macOS devices and letting the hackers to get access into them. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/n-korean-group-bluenoroff-uses-deepfake-zoom-calls-in-crypto-scams/
-
New wave of ‘fake interviews’ use 35 npm packages to spread malware
A new wave of North Korea’s ‘Contagious Interview’ campaign is targeting job seekers with malicious npm packages that infect dev’s devices with infostealers and backdoors. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-wave-of-fake-interviews-use-35-npm-packages-to-spread-malware/
-
North Korean Hackers Pose as Recruiters, Target Developers with 35 New Malicious npm Packages
A new cyber campaign orchestrated by North Korean threat actors has been exposed by the Socket Threat Research Team, revealing a sophisticated supply chain attack targeting software developers through the npm registry. Linked to the Contagious Interview operation, these adversaries have published 35 malicious npm packages across 24 accounts, with six still active on the…