Tag: north-korea
-
New phishing campaign hijacks clipboard via fake CAPTCHA for malware delivery
Fail-proof exploit of ‘verification fatigue’: SlashNext highlighted that the campaign’s success stems largely from its exploitation of human psychology.”Modern internet users are inundated with spam checks, CAPTCHAs, and security prompts on websites, and they’ve been conditioned to click through these as quickly as possible,” Kelley added. “Attackers exploit this ‘verification fatigue,’ knowing that many users…
-
DOJ moves to claim $7.74 million tied to North Korean IT worker scheme
The U.S. government wants to confiscate millions of dollars in funds tied to illegal employment of North Korean IT workers at American companies. First seen on therecord.media Jump to article: therecord.media/north-korea-it-worker-scams-doj-civil-forfeiture-claim
-
DOJ seizes $7.7M from crypto funds linked to North Korea’s IT worker scheme
Authorities said they froze and seized the allegedly illegally obtained funds when North Korean nationals attempted to launder money linked to the long-running conspiracy. First seen on cyberscoop.com Jump to article: cyberscoop.com/doj-seizure-crypto-north-korea-it-workers/
-
Breach Roundup: Ukraine Hacks Russian Warplane Maker
Also, Crypter Takedown, Threat Intel Naming Accord and Regulators Ping CrowdStrike. This week, Ukraine hacked Tupelov, Russian hacking, crypter sites seized and the U.S. will seize North Korean IT worker crypto. Regulators probed CrowdStrike. A Rosetta Stone for intel. A Romanian man admitted to swatting, Lee Enterprises hack exposed data and an FBI vet joined…
-
The Ramifications of Ukraine’s Drone Attack
You can read the details of Operation Spiderweb elsewhere. What interests me are the implications for future warfare: If the Ukrainians could sneak drones so close to major air bases in a police state such as Russia, what is to prevent the Chinese from doing the same with U.S. air bases? Or the Pakistanis with…
-
APT37 Hackers Fake Academic Forum Invites to Deliver Malicious LNK Files via Dropbox Platform
The North Korean state-sponsored hacking group APT37 has launched a sophisticated spear phishing campaign in March 2025, targeting activists focused on North Korean issues. Disguised as invitations to an academic forum hosted by a South Korean national security think tank, these emails cleverly referenced a real event titled “Trump 2.0 Era: Prospects and South Korea’s…
-
North Korean IT Workers Exploit Legitimate Software and Network Tactics to Evade EDR
A North Korean IT worker, operating under a false identity, was uncovered infiltrating a Western organization with a sophisticated remote-control system. This incident, exposed during a U.S. federal raid on a suspected laptop farm, showcases a chilling trend where adversaries leverage legitimate software and low-level network protocols to evade traditional Endpoint Detection and Response (EDR)…
-
North Korea’s Laptop Farm Scam: ‘Something We’d Never Seen Before’
Officials uncover how North Korean operatives used stolen identities and remote-controlled tech to infiltrate American companies and steal corporate data. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-north-korea-laptop-farm-remote-job-scam/
-
BSI warnt vor Cyberattacken auf Energieversorgung
Die BSI-Präsidentin Claudia Plattner fordert einen besseren IT-Schutz für die Energieversorgung in Deutschland. Die Energieversorgung in Deutschland braucht aus Sicht der Präsidentin des Bundesamtes für Sicherheit in der Informationstechnik (BSI), Claudia Plattner, einen besseren Schutz. Die Behörde sehe hier eine wachsende Angriffsfläche für Cyberkriminelle, sagte Plattner der Funke-Mediengruppe. Derzeit gelte das Stromnetz als sicher und…
-
Asia Produces More APT Actors, As Focus Expands Globally
China and North Korea-aligned groups account for more than half of global attacks, and an increasing number of countries look to cyber to balance power in the region. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/asia-apt-actors-focus-expands-globally
-
Let’s Talk About SaaS Risk Again”¦ This Time, Louder.
By Kevin Hanes, CEO of Reveal Security A few weeks ago, I shared a thought that sparked a lot of discussion: SaaS is not a black box we can ignore. It’s a rich, dynamic attack surface and one that attackers are increasingly targeting. That urgency was echoed powerfully in JPMorgan CISO Patrick Opet’s open letter…
-
North Korean cyber operations run deep, report finds
First seen on scworld.com Jump to article: www.scworld.com/brief/north-korean-cyber-operations-run-deep-report-finds
-
APT Group 123 Targets Windows Systems in Ongoing Malicious Payload Campaign
Group123, a North Korean state-sponsored Advanced Persistent Threat (APT) group also known by aliases such as APT37, Reaper, and ScarCruft, continues to target Windows-based systems across multiple regions. Active since at least 2012, the group has historically focused on South Korea but has broadened its operations since 2017 to include Japan, Vietnam, the Middle East,…
-
Nordkoreas Cyber-Spione: Remote-Jobs als Tarnung
Mit gefälschten Identitäten und perfekt inszenierten Lebensläufen schleusen sich nordkoreanische Hacker:innen als scheinbar qualifizierte IT-Fachkräfte in Unternehmen ein mit potenziell katastrophalen Folgen. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/nordkoreas-cyber-spione
-
Inside North Korea’s Cyber Mafia: How Hidden IT Workers Fuel Global Espionage and Crypto Theft
A recent report by DTEX sheds light on the sophisticated and complex cyber operations of the Democratic People’s First seen on securityonline.info Jump to article: securityonline.info/inside-north-koreas-cyber-mafia-how-hidden-it-workers-fuel-global-espionage-and-crypto-theft/
-
After helping Russia on the ground North Korea targets Ukraine with cyberespionage
Tags: credentials, cyber, cyberespionage, email, government, hacker, identity, intelligence, korea, microsoft, north-korea, phishing, resilience, risk, russia, ukraineCredential harvesting: Before the phishing emails, the same Ukrainian government entities were targeted with email alerts impersonating Microsoft and claiming unusual sign-in activity was detected on their accounts. The victims were asked to perform identity verification by clicking on a button, which took them to credential harvesting pages.The Proofpoint researchers didn’t manage to obtain any…
-
Breach Roundup: SAP NetWeaver Flaw Draws Hackers
Tags: breach, conference, credentials, flaw, hacker, ivanti, microsoft, north-korea, russia, sap, zero-dayAlso, DOGE Employee’s Credentials Found in Infostealer Dumps. This week, SAP NetWeaver flaw drew hackers, zero-days in Ivanti EPMM, DOGE employee’s credentials found in infostealer dumps and Nucor halted operations. North Korean hackers targeted South Koreans with fake conference invites, Russian hackers targeted webmail servers and Microsoft fixed 72 flaws. First seen on govinfosecurity.com Jump…
-
North Korea’s ‘state-run syndicate’ looks at cyber operations as a survival mechanism
A new report from DTEX Systems is the deepest look at how North Korea’s remote IT workforce schemes are the tip of the iceberg when it comes to its cyber operations. First seen on cyberscoop.com Jump to article: cyberscoop.com/north-korea-cybercrime-dtex-research-center-227/
-
North Korean Hackers Stole $88M by Posing as US Tech Workers
Flashpoint uncovers how North Korean hackers used fake identities to secure remote IT jobs in the US, siphoning… First seen on hackread.com Jump to article: hackread.com/north-korean-hackers-stole-88m-posing-us-tech-workers/
-
Xinbi Telegram Market Tied to $8.4B in Crypto Crime, Romance Scams, North Korea Laundering
Tags: blockchain, china, crime, crypto, data, data-breach, korea, marketplace, north-korea, scam, technologyA Chinese-language, Telegram-based marketplace called Xinbi Guarantee has facilitated no less than $8.4 billion in transactions since 2022, making it the second major black market to be exposed after HuiOne Guarantee.According to a report published by blockchain analytics firm Elliptic, merchants on the marketplace have been found to peddle technology, personal data, and money laundering…
-
TA406 Hackers Target Government Entities to Steal Login Credentials
Tags: attack, credentials, cyber, government, hacker, intelligence, login, malware, north-korea, phishing, russia, threat, ukraineThe North Korean state-sponsored threat actor TA406, also tracked as Opal Sleet and Konni, has set its sights on Ukrainian government entities. Proofpoint researchers have uncovered a dual-pronged offensive involving both credential harvesting and malware deployment through highly targeted phishing campaigns. The likely objective of these attacks is to gather strategic intelligence on the Russian…
-
Sie kommen aus Nordkorea: Wie Unternehmen sich gegen falsche IT-Profis schützen können
Seit einiger Zeit geben sich Bedrohungsakteure:innen aus Nordkorea als legitime IT-Profis aus. Ihr Ziel: Remote-Jobs ergattern, um primär mit ihrem Gehalt nordkoreanische Interessen zu finanzieren und sekundär monetäre Mittel via Erpressung durch Datendiebstahl zu erlangen. Sophos hat insbesondere für Personalverantwortende Tipps zu Vorstellungsgesprächen, Onboarding und Compliance zusammengestellt. ‘Die Betrüger:innen haben in der Vergangenheit mit Fähigkeiten…
-
North Korean IT Workers Are Being Exposed on a Massive Scale
Security researchers are publishing 1,000 email addresses they claim are linked to North Korean IT worker scams that infiltrated Western companies”, along with photos of men allegedly involved in the schemes. First seen on wired.com Jump to article: www.wired.com/story/north-korean-it-worker-scams-exposed/
-
Nordkoreas Cyberkrieg in der Ukraine: Hackergruppe wechselt die Seiten
In der Ukraine ist eine neue Cyberbedrohung aufgetaucht: Die staatlich gesteuerte Hackergruppe TA406 aus Nordkorea greift gezielt politische Einrichtungen an. Die Aktion wirft Fragen zur Rolle Nordkoreas im digitalen Schattenkrieg des Russland-Ukraine-Konflikts auf. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/nordkoreas-cyberkrieg-ukraine
-
TA406 Cyber Campaign: North Korea’s Focus on Ukraine Intelligence
In a recently disclosed campaign, TA406, a North Korean state-aligned threat actor, has expanded its cyber-espionage efforts by First seen on securityonline.info Jump to article: securityonline.info/ta406-cyber-campaign-north-koreas-focus-on-ukraine-intelligence/
-
China helps North Korean operatives land IT roles, bypassing sanctions
One Chinese company with at least 35 affiliates has shipped IT equipment to a North Korean government-backed organization. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/north-korea-it-worker-scam-china-research/748009/
-
North Korea ramps up cyberspying in Ukraine to assess war risk
The state-backed North Korean threat group Konni (Opal Sleet, TA406) was observed targeting Ukrainian government entities in intelligence collection operations. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/north-korea-ramps-up-cyberspying-in-ukraine-to-assess-war-risk/
-
DPRK-Backed TA406 Targets Ukraine With Malware Campaigns
Cyber espionage campaign linked to North Korean actor TA406 targeted Ukrainian government entities First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/dprk-backed-ta406-targets-ukraine/
-
North Korean hackers target Ukrainian government in new espionage campaign
The latest wave of activity in Ukraine suggests that Pyongyang is seeking to “better understand the appetite to continue fighting against the Russian invasion” and “the medium-term outlook of the conflict,” according to the latest report by cybersecurity firm Proofpoint. First seen on therecord.media Jump to article: therecord.media/north-korea-hackers-target-ukraine-to-understand-russian-war-efforts
-
North Korean Konni APT Targets Ukraine with Malware to track Russian Invasion Progress
Tags: apt, government, group, intelligence, korea, malware, north-korea, phishing, russia, threat, ukraineThe North Korea-linked threat actor known as Konni APT has been attributed to a phishing campaign targeting government entities in Ukraine, indicating the threat actor’s targeting beyond Russia.Enterprise security firm Proofpoint said the end goal of the campaign is to collect intelligence on the “trajectory of the Russian invasion.””The group’s interest in Ukraine follows historical…