Tag: north-korea
-
North Korea Deploying Fake IT Workers in China, Russia, Other Countries
The North Korean fake IT workers have infiltrated businesses in China, Russia, and other countries aside from the US. The post North Korea Deploying Fake IT Workers in China, Russia, Other Countries appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/north-korea-deploying-fake-it-workers-in-china-russia-other-countries/
-
North Korea’s Cyber Evolution and China’s Storm-2077 Unveiled by Microsoft Analysts
Tags: attack, china, cyber, cybersecurity, intelligence, korea, microsoft, north-korea, strategy, tactics, threatMicrosoft Threat Intelligence analysts has shared new insights into North Korean and Chinese threat actors. At the recent CYBERWARCON, cybersecurity analyst shared details into the rise of attacks, the evolution of threat actor tactics, and the strategies employed by various state-backed groups. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/microsoft-insights-on-chinese-threat-actor/
-
Fake Identities, Real Profits: Exposing North Korea’s IT Front Companies
SentinelLabs has exposed a sophisticated network of front companies linked to North Korean IT workers. These entities, operating under the guise of legitimate businesses, were recently disrupted by U.S. law... First seen on securityonline.info Jump to article: securityonline.info/fake-identities-real-profits-exposing-north-koreas-it-front-companies/
-
US Cyber Force Surges Global Operations Amid Rising Threats
US Cyber Command Says National Mission Force was Deployed Over 85 Times in 2024. A secretive U.S. military unit has surged its support to partner nations across the globe in 2024 while combatting escalating threats from foreign adversaries like China and North Korea, a top official from Cyber Command told the Cyberwarcon summit on Friday.…
-
North Korean IT Workers Using Fake Sites to Evade Detection
Researches Find Deep Ties to North Korea Among Fake IT Services Firms Websites. North Korean state actors are using fake websites of foreign technology services firms sidestep sanctions and raise funding for Kim Jong-un regime’s weapons development programs. SentinelLabs found many of these sites shared similar infrastructure, owners and locations. First seen on govinfosecurity.com Jump…
-
North Korean IT worker scam linked to Chinese front companies
First seen on scworld.com Jump to article: www.scworld.com/news/north-korean-it-worker-scam-linked-to-chinese-front-companies
-
U.S. Agencies Seize Four North Korean IT Worker Scam Websites
U.S. law enforcement agencies seized the websites of four North Korean fake IT worker scams that were uncovered by SentinelOne threat researchers and linked to a larger network of Chinese front companies. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/11/u-s-agencies-seize-four-north-korean-it-worker-scam-websites/
-
North Korean Hackers Behind 2019 42 Million Ethereum Heist
First seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/36621/North-Korean-Hackers-Behind-2019-42-Million-Ethereum-Heist.html
-
Active network of North Korean IT front companies exposed
An analysis of the websites belonging to companies that served as a front for getting North Korean IT workers remote jobs with businesses worldwide has revealed an active … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/21/north-korean-it-front-companies/
-
North Korean Front Companies Impersonate U.S. IT Firms to Fund Missile Programs
Threat actors with ties to the Democratic People’s Republic of Korea (DPRK) are impersonating U.S.-based software and technology consulting businesses in order to further their financial objectives as part of a broader information technology (IT) worker scheme.”Front companies, often based in China, Russia, Southeast Asia, and Africa, play a key role in masking the workers’…
-
North Korean IT Worker Using Weaponized Video Conference Apps To Attack Job Seakers
North Korean IT workers, operating under the cluster CL-STA-0237, have been implicated in recent phishing attacks leveraging malware-infected video conference apps. The group, likely based in Laos, has demonstrated a sophisticated approach, infiltrating a U.S.-based SMB IT services company to gain access to sensitive information and secure a position at a major tech company. It…
-
North Korean Hackers Target Job Seekers with Malware-Laced Video Apps
A recent report by Unit 42 researchers uncovers a complex phishing campaign linked to a cluster of North Korean IT workers tracked as CL-STA-0237. This group used malware-infected video conference... First seen on securityonline.info Jump to article: securityonline.info/north-korean-hackers-target-job-seekers-with-malware-laced-video-apps/
-
North Korean IT Worker Network Tied to BeaverTail Phishing Campaign
BeaverTail malware has been used to target tech job seekers through fake recruiters, Palo Alto Networks’ Unit 42 has found First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/north-korean-it-worker-beavertail/
-
North Korea’s Lazarus observed testing new macOS trojan in the wild
First seen on scworld.com Jump to article: www.scworld.com/news/north-koreans-lazarus-observed-testing-new-macos-trojan-in-the-wild
-
Iranian Threat Actors Mimic North Korean Job Scam Techniques
Tehran Baits Aerospace Sector into Downloading Malware With Fake Job Offers. Iranian state hackers are taking a page out of North Korean tactics to entice job seekers into downloading malware, with security researchers spotting a Tehran campaign directed against the aerospace industry. It’s possible that Pyongyang shared its attack methods and tools. First seen on…
-
North Korean’s Lazarus observed testing new macOS trojan in the wild
First seen on scworld.com Jump to article: www.scworld.com/news/lazarus-observed-testing-new-macos-trojan-in-the-wild
-
Biz hired, and fired, a fake North Korean IT worker then the ransom demands began
First seen on theregister.com Jump to article: www.theregister.com/2024/10/18/ransom_fake_it_worker_scam/
-
New RustyAttr Malware Targets macOS Through Extended Attribute Abuse
Threat actors have been found leveraging a new technique that abuses extended attributes for macOS files to smuggle a new malware called RustyAttr.The Singaporean cybersecurity company has attributed the novel activity with moderate confidence to the infamous North Korea-linked Lazarus Group, citing infrastructure and tactical overlaps observed in connection with prior campaigns, including First seen…
-
RustyAttr Trojan: Lazarus Group’s New macOS Malware Evades Antivirus with Ease
Researchers at Group-IB have discovered a new stealth technique employed by the North Korean APT group Lazarus, targeting macOS systems through a unique code-smuggling method. Known for its sophisticated cyber-espionage... First seen on securityonline.info Jump to article: securityonline.info/rustyattr-trojan-lazarus-groups-new-macos-malware-evades-antivirus-with-ease/
-
Aerospace employees targeted with malicious >>dream job<< offers
It’s not just North Korean hackers who reach out to targets via LinkedIn: since at least September 2023, Iranian threat actor TA455 has been trying to compromise workers … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/13/malicious-job-offers-aerospace/
-
Iranian Hackers Use “Dream Job” Lures to Deploy SnailResin Malware in Aerospace Attacks
The Iranian threat actor known as TA455 has been observed taking a leaf out of a North Korean hacking group’s playbook to orchestrate its own version of the Dream Job campaign targeting the aerospace industry by offering fake jobs since at least September 2023.”The campaign distributed the SnailResin malware, which activates the SlugResin backdoor,” Israeli…
-
North Korean hackers create Flutter apps to bypass macOS security
North Korean threat actors target Apple macOS systems using trojanized Notepad apps and minesweeper games created with Flutter, which are signed and notarized by legitimate Apple developer IDs. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/north-korean-hackers-create-flutter-apps-to-bypass-macos-security/
-
North Korean-linked hackers were caught experimenting with new macOS malware
Researchers can’t tell if the malware was used in a campaign, or North Korean operatives were caught before they could deploy it in the wild. First seen on cyberscoop.com Jump to article: cyberscoop.com/north-korea-macos-malware-flutter-jamf/
-
North Korean Hackers Target macOS Using Flutter-Embedded Malware
Threat actors with ties to the Democratic People’s Republic of Korea (DPRK aka North Korea) have been found embedding malware within Flutter applications, marking the first time this tactic has been adopted by the adversary to infect Apple macOS devices.Jamf Threat Labs, which made the discovery based on artifacts uploaded to the VirusTotal platform earlier…
-
North Korea Hackers Leverage Flutter to Deliver macOS Malware
Jamf observed North Korean attackers embedding malware within Flutter applications to target macOS devices, potentially to test a new way of weaponizing malware First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/north-korea-hackers-flutter-macos/
-
New Keylogger Targeting U.S. Organizations Linked to North Korean APT Group Andariel
A recent analysis from Hybrid Analysis, led by security researcher Vlad Pasca, reveals a newly identified keylogger malware attributed to the North Ko… First seen on securityonline.info Jump to article: securityonline.info/new-keylogger-targeting-u-s-organizations-linked-to-north-korean-apt-group-andariel/
-
North Korean Hackers Employing New Tactic To Acruire Remote Jobs
North Korean threat actors behind the Contagious Interview and WageMole campaigns have refined their tactics, enhancing the obfuscation of their scrip… First seen on gbhackers.com Jump to article: gbhackers.com/north-korean-hackers-remote-tactics/
-
North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack
Threat actors in North Korea have been implicated in a recent incident that deployed a known ransomware family called Play, underscoring their financi… First seen on thehackernews.com Jump to article: thehackernews.com/2024/10/north-korean-group-collaborates-with.html
-
A surge in Pro-Russia cyberattacks after decision to monitor North Korean Troops in Ukraine
South Korea claims Pro-Russia actors intensified cyberattacks on national sites after it decided to monitor North Korean troops in Ukraine. South Korea’s government blames pro-Russia threat actors for an intensification of cyberattacks on national sites after it decided to monitor North Korean troops in Ukraine. South Korea reports that over 10,000 North Korean troops are…