Tag: north-korea
-
Erpressungsversuche durch DVRK – Nordkorea infiltriert IT in USA und Europa
First seen on security-insider.de Jump to article: www.security-insider.de/nordkoreanische-it-mitarbeiter-infiltrieren-westliche-unternehmen-regierungen-a-9f49841e749ce9b34e0239d930f39695/
-
North Korean Hackers Use Fake Crypto Firms in Job Malware Scam
Silent Push reveals a complex scheme where North Korean hackers posed as crypto companies, using AI and fake… First seen on hackread.com Jump to article: hackread.com/north-korean-hackers-fake-crypto-firms-job-malware-scam/
-
Operation SyncHole: Lazarus APT targets supply chains in South Korea
The North Korea-linked Lazarus Group targeted at least six firms in South Korea in a cyber espionage campaign called Operation SyncHole. Kaspersky researchers reported that the North Korea-linked APT group Lazarus targeted at least six firms in South Korea in a cyber espionage campaign tracked as Operation SyncHole. The campaign has been active since at…
-
GenAI als Werkzeug für Cyberbetrug: Wie GenAI Nordkoreas IT-Betrügereien unterstützt
Der aktuelle Blogbeitrag von Okta zeigt detailliert auf, wie sich nordkoreanische Betrüger mit Hilfe von KI-gestützten Tools erfolgreich auf Remote-IT-Positionen bewerben. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/genai-als-werkzeug-fuer-cyberbetrug-wie-genai-nordkoreas-it-betruegereien-unterstuetzt/a40590/
-
Russian VPS Servers With RDP and Proxy Servers Enable North Korean Cybercrime Operations
Trend Research has uncovered a sophisticated network of cybercrime operations linked to North Korea, heavily utilizing Russian internet infrastructure. Specifically, IP address ranges in the towns of Khasan and Khabarovsk, Russia, assigned to organizations under TransTelecom (ASN AS20485), are pivotal in these activities. Khasan, just a mile from the North Korea-Russia border and connected via…
-
Web3, cryptocurrency sectors targeted by North Korean hackers
First seen on scworld.com Jump to article: www.scworld.com/brief/web3-cryptocurrency-sectors-targeted-by-north-korean-hackers
-
North Korean IT workers seen using AI tools to scam firms into hiring them
North Korean IT workers illicitly gaining employment at U.S. and European tech companies are increasingly using generative artificial intelligence in a variety of ways to assist them throughout the job application and interview process. First seen on therecord.media Jump to article: therecord.media/north-korean-it-workers-seen-using-ai-recruitment-scams
-
Lazarus hackers breach six companies in watering hole attacks
In a recent espionage campaign, the infamous North Korean threat group Lazarus targeted multiple organizations in the software, IT, finance, and telecommunications sectors in South Korea. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/lazarus-hackers-breach-six-companies-in-watering-hole-attacks/
-
Breach Roundup: Cookie Bite Exposes MFA Achilles Heel
Tags: attack, breach, cyberattack, data, data-breach, google, mfa, microsoft, north-korea, ransomwareAlso, Blue Shield Breach Exposes 4.7M, Cyberattack Disrupts City Systems in Texas. This week, Cookie Bite bypasses MFA in Azure Entra ID, Microsoft fixed RDP Freezes, a ransomware attack in Catalonia, Blue Shield exposed data to Google, a cyberattack disrupted city systems in Texas, South Korean telecom breach exposed USIM data and a warning about…
-
Lazarus Hits 6 South Korean Firms via Cross EX, Innorix Flaws and ThreatNeedle Malware
At least six organizations in South Korea have been targeted by the prolific North Korea-linked Lazarus Group as part of a campaign dubbed Operation SyncHole.The activity targeted South Korea’s software, IT, financial, semiconductor manufacturing, and telecommunications industries, according to a report from Kaspersky published today. The earliest evidence of compromise was first detected in First…
-
Lazarus Hits 6 South Korean Firms via Cross EX, Innorix Zero-Day and ThreatNeedle Malware
At least six organizations in South Korea have been targeted by the prolific North Korea-linked Lazarus Group as part of a campaign dubbed Operation SyncHole.The activity targeted South Korea’s software, IT, financial, semiconductor manufacturing, and telecommunications industries, according to a report from Kaspersky published today. The earliest evidence of compromise was first detected in First…
-
Erodiert die Security-Reputation der USA?
Tags: business, ceo, china, cisa, ciso, cybersecurity, cyersecurity, endpoint, exploit, germany, governance, government, intelligence, iran, kaspersky, north-korea, service, strategy, threat, usaTrump stiftet Verunsicherung auch wenn’s um Cybersicherheit geht.Nachdem US-Präsident Donald Trump nun auch Cybersicherheitsunternehmen per Executive Order für abweichende politische Positionen abstraft, befürchten nicht wenige Branchenexperten, dass US-Sicherheitsunternehmen künftig ähnlich in Verruf geraten könnten wie ihre russischen und chinesischen Konkurrenten. Die zentralen Fragen sind dabei:Können sich CISOs beziehungsweise ihre Unternehmen künftig noch auf US-amerikanische Bedrohungsinformationen…
-
The TraderTraitor Crypto Heist: Nation-State Tactics Meet Financial Cybercrime
The cryptocurrency sector has always been a magnet for cybercriminals, but the TraderTraitor campaign marks a different kind of threat”, one backed by state-sponsored actors with long-term goals and surgical precision. Allegedly linked to North Korea’s Lazarus Group, this campaign wasn’t just about breaking into wallets. It was about exploiting trust, manipulating human behavior, and…
-
North Korean Hackers Exploit LinkedIn to Infect Crypto Developers with Infostealers
Posing as potential employers, Slow Pisces hackers conceal malware in coding challenges sent to cryptocurrency developers on LinkedIn First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/north-korea-hackers-linkedin/
-
Crypto Developers Targeted by Python Malware Disguised as Coding Challenges
The North Korea-linked threat actor assessed to be behind the massive Bybit hack in February 2025 has been linked to a malicious campaign that targets developers to deliver new stealer malware under the guise of a coding assignment.The activity has been attributed by Palo Alto Networks Unit 42 to a hacking group it tracks as…
-
Slow Pisces Group Targets Developers Using Coding Challenges Laced with Python Malware
A North Korean state-sponsored threat group known as >>Slow Pisces
-
TraderTraitor: The Kings of the Crypto Heist
Allegedly responsible for the theft of $1.5 billion in cryptocurrency from a single exchange, North Korea’s TraderTraitor is one of the most sophisticated cybercrime groups in the world. First seen on wired.com Jump to article: www.wired.com/story/tradertraitor-north-korea-crypto-theft/
-
Lazarus Expands NPM Campaign With Trojan Loaders
North Korea’s Lazarus Deploys Malicious NPM Packages to Steal Data. North Korea’s Lazarus Group expanded a malicious campaign of uploading malicious code to the JavaScript runtime environment npm repository, publishing 11 packages embedded with Trojan loaders. Researchers identified 11 malicious packages in the repository, a hotspot for supply chain attacks. First seen on govinfosecurity.com Jump…
-
Malicious npm packages, BeaverTail malware leveraged in new North Korean attacks
First seen on scworld.com Jump to article: www.scworld.com/brief/malicious-npm-packages-beavertail-malware-leveraged-in-new-north-korean-attacks
-
Lazarus Adds New Malicious npm Using Hexadecimal String Encoding to Evade Detection Systems
North Korean state-sponsored threat actors associated with the Lazarus Group have intensified their Contagious Interview campaign by deploying novel malicious npm packages leveraging hexadecimal string encoding to bypass detection mechanisms. These packages deliver BeaverTail infostealers and remote access trojan (RAT) loaders, targeting developers to exfiltrate credentials, financial data, and cryptocurrency wallets. SecurityScorecard researchers identified 11…
-
North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages
The North Korean threat actors behind the ongoing Contagious Interview campaign are spreading their tentacles on the npm ecosystem by publishing more malicious packages that deliver the BeaverTail malware, as well as a new remote access trojan (RAT) loader.”These latest samples employ hexadecimal string encoding to evade automated detection systems and manual code audits, signaling…
-
Nordkorea verstärkt Operationen zur Anheuerung von IT-Spezialisten in Europa
Mandiant warnt in einer aktuellen Information vor verstärkten Aktivitäten von Nordkorea in Europa. Nachdem die USA restriktiver mit der Beschäftigung von Fachkräften werden, versucht Nordkorea verstärkt IT-Mitarbeiter in IT-Unternehmen in Europa einzuschleusen. Das Ganze geht auf Erkenntnisse der Google Threat … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/04/04/nordkorea-verstaerkt-operationen-zur-anheuerung-von-it-spezialisten-in-europa/
-
North Korean Hackers Disguised as IT Workers Targeting UK, European Companies, Google Finds
The attackers pose as legitimate remote IT workers, looking to both generate revenue and access sensitive company data through employment. “Europe needs to wake up fast,” according to Google’s Jamie Collier. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-north-korea-it-worker-google/
-
DPRK ‘IT Workers’ Pivot to Europe for Employment Scams
By using fake references and building connections with recruiters, some North Korean nationals are landing six-figure jobs that replenish DPRK coffers. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/dprk-it-workers-europe-employment