Tag: north-korea
-
North Korean hackers target Ukrainian government in new espionage campaign
The latest wave of activity in Ukraine suggests that Pyongyang is seeking to “better understand the appetite to continue fighting against the Russian invasion” and “the medium-term outlook of the conflict,” according to the latest report by cybersecurity firm Proofpoint. First seen on therecord.media Jump to article: therecord.media/north-korea-hackers-target-ukraine-to-understand-russian-war-efforts
-
North Korean Konni APT Targets Ukraine with Malware to track Russian Invasion Progress
Tags: apt, government, group, intelligence, korea, malware, north-korea, phishing, russia, threat, ukraineThe North Korea-linked threat actor known as Konni APT has been attributed to a phishing campaign targeting government entities in Ukraine, indicating the threat actor’s targeting beyond Russia.Enterprise security firm Proofpoint said the end goal of the campaign is to collect intelligence on the “trajectory of the Russian invasion.””The group’s interest in Ukraine follows historical…
-
North Korea Targets Ukraine With Cyberespionage Operations
Tags: cyber, cyberespionage, cybersecurity, hacker, intelligence, korea, north-korea, phishing, risk, ukrainePhishing Campaigns Appear to Be Solely Intelligence-Gathering for DPRK Leadership. North Korea nation-state hackers appear to have entered the Ukrainian cyber operations fray, albeit solely for cyberespionage purposes for gathering intelligence to help North Korean leadership determine the current risk to its forces already in the theater, cybersecurity researchers report. First seen on govinfosecurity.com Jump…
-
North Korea’s TA406 Targets Ukraine for Intel
The threat group’s goal is to help Pyongyang assess risk to its troops deployed in Ukraine and to figure out if Moscow might want more. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/north-koreas-ta406-targets-ukraine
-
Researchers Uncover Remote IT Job Fraud Scheme Involving North Korean Nationals
The United States indicted fourteen North Korean nationals for orchestrating a sophisticated scheme to secure remote IT jobs at American companies and nonprofits using stolen identities. This operation, which has funneled at least $88 million USD to the North Korean government (DPRK) over the past six years, has raised alarm across industries, with Fortune 500…
-
Deepfake attacks are inevitable. CISOs can’t prepare soon enough.
Tags: advisory, ai, attack, authentication, awareness, blockchain, business, ciso, compliance, control, cybersecurity, data, deep-fake, defense, detection, espionage, finance, fraud, governance, grc, identity, incident response, jobs, law, mfa, north-korea, password, privacy, resilience, risk, scam, software, strategy, tactics, technology, threat, tool, training, updateReal-world fabrications: Even security vendors have been victimized. Last year, the governance risk and compliance (GRC) lead at cybersecurity company Exabeam was hiring for an analyst, and human resources (HR) qualified a candidate that looked very good on paper with a few minor concerns, says Kevin Kirkwood, CISO.”There were gaps in how the education represented…
-
North Korea’s OtterCookie Malware Added a New Feature to Attack Windows, Linux, and macOS
A North Korea-linked attack group, known as WaterPlum (also referred to as Famous Chollima or PurpleBravo), has been actively targeting financial institutions, cryptocurrency operators, and FinTech companies globally. Since 2023, their infamous Contagious Interview campaign has utilized malware such as BeaverTail and InvisibleFerret to infiltrate systems. However, in September 2024, WaterPlum introduced a sophisticated new…
-
OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities
The North Korean threat actors behind the Contagious Interview campaign have been observed using updated versions of a cross-platform malware called OtterCookie with capabilities to steal credentials from web browsers and other files.NTT Security Holdings, which detailed the new findings, said the attackers have “actively and continuously” updated the malware, introducing versions v3 and v4…
-
North Korean hackers show telltale signs, researchers say
First seen on scworld.com Jump to article: www.scworld.com/news/north-korean-hackers-show-telltale-signs-researchers-say
-
Cryptohack Roundup: Trump’s Crypto Wealth
Also: Mango Markets Hacker Sentenced in CSAM Case. This week, Trump’s crypto wealth, Mango Markets hacker sentenced for CSAM, Solana’s zero-day fix, French police rescued a crypto millionaire’s father from kidnappers, stolen bitcoin frozen, US FTC sued IML and Kraken spotted a North Korean job applicant. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/cryptohack-roundup-trumps-crypto-wealth-a-28351
-
US Readies Huione Group Ban Over Cybercrime Links
Huione Group Helped Criminals Launder Over $4 Billion Worth of Cybercrime Proceeds. The U.S. Department of Treasury set in motion a process to ban a Cambodian company’s access to the dollar financial system for running a vast illicit marketplace for cybercrime tools and laundering billions of dollars on behalf of North Korean and other cybercrime…
-
North Korean Hacker Tries to Infiltrate Kraken Through Job Application
Leading cryptocurrency exchange Kraken has disclosed that it recently thwarted an infiltration attempt by a suspected North Korean hacker posing as a job applicant. The attempted breach highlights the increasing sophistication of state-backed cyber operations targeting the digital assets sector. According to Kraken’s security team, the incident unfolded when a highly convincing applicant submitted a…
-
How China and North Korea Are Industrializing Zero-Days
Tags: china, cloud, corporate, cyberattack, exploit, google, group, hacker, intelligence, korea, north-korea, organized, threat, zero-dayGoogle Cloud’s Hultquist on How State Hackers Exploit Code and Corporate Hiring. John Hultquist, chief analyst at Google Threat Intelligence Group, Google Cloud, discussed how China and North Korea are transforming cyberattacks into organized, factory-like operations. Alongside zero-day exploits, North Korean IT operatives are quietly infiltrating Fortune 500 companies under false identities. First seen on…
-
Hundreds of Fortune 500 Companies Have Unknowingly Employed North Korean IT Operatives
North Korean nationals have successfully infiltrated the employee ranks of major global corporations at a scale previously underestimated, creating a pervasive threat to IT infrastructure and sensitive data worldwide. Security experts revealed at the RSAC 2025 Conference that the infiltration extends across virtually every major corporation, with hundreds of Fortune 500 companies unknowingly employing North…
-
Widespread Fortune 500 firm infiltration conducted by North Koreans
Tags: north-koreaFirst seen on scworld.com Jump to article: www.scworld.com/brief/widespread-fortune-500-firm-infiltration-conducted-by-north-koreans
-
Treasury Moves to Ban Huione Group for Laundering $4 Billion
The Treasury Department is moving to cut off Huione Group, a Cambodian conglomerate, from the U.S. financial system, saying the firm and its multiple entities laundered billions of dollars for North Korea’s Lazarus Group and criminal gangs running pig-butchering scams from Southeast Asia. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/treasury-moves-to-ban-huione-group-for-laundering-4-billion/
-
US wants to cut off key player in Southeast Asian cybercrime industry
The Treasury Department issued the proposed rulemaking Thursday, stating that Huione Group has helped launder funds from North Korean state-backed cybercrime operations and investment scams originating in Southeast Asia. First seen on therecord.media Jump to article: therecord.media/us-fincen-cut-off-huione-group-southeast-asia-cyber-scam
-
North Korean IT worker scam is now a threat to all companies, cybersecurity experts say
One cybersecurity expert even said he recently found evidence that a U.S. political campaign in Oregon hired a North Korean IT worker. First seen on therecord.media Jump to article: therecord.media/north-korean-it-worker-scam-expands-rsa
-
North Korea Stole Your Job
For years, North Korea has been secretly placing young IT workers inside Western companies. With AI, their schemes are now more devious”, and effective”, than ever. First seen on wired.com Jump to article: www.wired.com/story/north-korea-stole-your-tech-job-ai-interviews/
-
North Korean operatives have infiltrated hundreds of Fortune 500 companies
Security leaders at Mandiant and Google Cloud say nearly every major company has hired or received applications from North Korean nationals working on behalf of the country’s regime. First seen on cyberscoop.com Jump to article: cyberscoop.com/north-korea-workers-infiltrate-fortune-500/
-
Maryland man pleads guilty to outsourcing US govt work to North Korean dev in China
Feds say $970K scheme defrauded 13+ companies First seen on theregister.com Jump to article: www.theregister.com/2025/04/30/maryland_man_farming_web_dev/
-
Konni APT Deploys Multi-Stage Malware in Targeted Organizational Attacks
A sophisticated multi-stage malware campaign, potentially orchestrated by the North Korean Konni Advanced Persistent Threat (APT) group, has been identified targeting entities predominantly in South Korea. Cybersecurity experts have uncovered a meticulously crafted attack chain that leverages advanced obfuscation techniques and persistent mechanisms to compromise systems and exfiltrate sensitive data. This campaign underscores the persistent…
-
Enterprise-specific zero-day exploits on the rise, Google warns
Tags: access, apple, apt, attack, china, cisco, cloud, crime, crimes, cyberespionage, detection, endpoint, exploit, finance, flaw, google, group, Hardware, incident response, injection, Internet, ivanti, korea, lessons-learned, mandiant, microsoft, mitigation, network, north-korea, remote-code-execution, russia, service, strategy, technology, threat, tool, update, vpn, vulnerability, zero-daySurge in network edge device exploitation: Of the 33 zero-day vulnerabilities in enterprise-specific products, 20 targeted hardware appliances typically located at the network edge, such as VPNs, security gateways, and firewalls. Notable targets last year included Ivanti Cloud Services Appliance, Palo Alto Networks’ PAN-OS, Cisco Adaptive Security Appliance, and Ivanti Connect Secure VPN.Targeted attacks against…
-
Assessment of DPRK IT Worker Tradecraft – Nisos Research 2025
Nisos Assessment of DPRK IT Worker Tradecraft – Nisos Research 2025 Since early 2023 Nisos has been investigating and monitoring North Korean (DPRK) IT workers, who use fake personas and stolen identities to fraudulently obtain remote employment from unwitting companies in the United States and abroad… First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/assessment-of-dprk-it-worker-tradecraft-nisos-research-2025/
-
Nordkoreas <> nutzt russische Infrastruktur
Eine aktuelle Analyse des IT-Sicherheitsunternehmens Trend Micro zeigt, wie die nordkoreanische Hackergruppe Void Dokkaebi auch bekannt unter dem Namen Famous Chollima gezielt russische Internetressourcen einsetzt, um weltweit Cyberangriffe durchzuführen. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/nordkoreas-void-dokkaebi
-
Government hackers are leading the use of attributed zero-days, Google says
Governments like China and North Korea, along with spyware makers, used the most recorded zero-days in 2024. First seen on techcrunch.com Jump to article: techcrunch.com/2025/04/29/government-hackers-are-leading-the-use-of-attributed-zero-days-google-says/
-
North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures
North Korea-linked threat actors behind the Contagious Interview have set up front companies as a way to distribute malware during the fake hiring process.”In this new campaign, the threat actor group is using three front companies in the cryptocurrency consulting industry”, BlockNovas LLC (blocknovas[.] com), Angeloper Agency (angeloper[.]com), and SoftGlide LLC (softglide[.]co)”, to spread First…
-
Lazarus-Gruppe hackt 6 Unternehmen mit Watering-Hole-Angriffen
Die mutmaßlich in Nordkorea beheimatete Lazarus-Gruppe hat in einer neuen Kampagne gleich mindestens sechs Unternehmen über Watering-Hole-Angriffe in Südkorea kompromittieren können. Bei dieser Art Angriff reicht der Besuch einer Webseite (Watering Hole, Wasserloch) für eine Infektion des Opfers. Ein Watering-Hole-Angriff … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/04/25/lazarus-gruppe-hackt-6-unternehmen-mit-watering-hole-angriffe/
-
Erpressungsversuche durch DVRK – Nordkorea infiltriert IT in USA und Europa
First seen on security-insider.de Jump to article: www.security-insider.de/nordkoreanische-it-mitarbeiter-infiltrieren-westliche-unternehmen-regierungen-a-9f49841e749ce9b34e0239d930f39695/