Tag: north-korea
-
China, Russia, North Korea Hackers Exploit Windows Security Flaw
Tags: attack, china, exploit, flaw, government, group, hacker, infrastructure, korea, microsoft, north-korea, russia, threat, update, windowsAmost a dozen state-sponsored threat groups from Russia, China, and North Korea have been exploiting a security flaw in WIndows in attacks on governments and critical infrastructure that date back to 2017. According to Trend Micro’s VDI unit, Microsoft has no plans to patch the vulnerability. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/03/china-russia-north-korea-hackers-exploit-windows-security-flaw/
-
Hacker nutzen alte Windows-Sicherheitslücke aus Microsoft tut nichts
Tags: bug, bug-bounty, china, cyberattack, exploit, germany, hacker, iran, microsoft, military, north-korea, update, vulnerability, windowsExperten des Sicherheits-Unternehmens Trend Micro haben eine als ZDI-CAN-25373 bezeichnete Sicherheitslücke in Windows entdeckt, die Angreifer seit mindestens 2017 ausnutzen. Über die Lücke können die Angreifer Schadcode auf den betroffenen Windows-Rechnern ausführen, sofern der Benutzer eine verseuchte Webseite besucht oder eine infizierte Datei öffnet.Die Lücke steckt in der Vorgehensweise, wie Windows .lnk-Dateien (Verknüpfungsdateien) verarbeitet. Angreifer können Kommandozeilen-Befehle, die…
-
Web3 Laundering Fears: OKX Suspends Platform Amidst Scrutiny
Earlier, OKX’s Web3 platform was accused of facilitating money laundering for North Korean hacking groups, with the illicit First seen on securityonline.info Jump to article: securityonline.info/web3-laundering-fears-okx-suspends-platform-amidst-scrutiny/
-
New Windows zero-day exploited by 11 state hacking groups since 2017
At least 11 state-backed hacking groups from North Korea, Iran, Russia, and China have been exploiting a new Windows vulnerability in data theft and cyber espionage zero-day attacks since 2017. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-windows-zero-day-exploited-by-11-state-hacking-groups-since-2017/
-
Unpatched Windows Zero-Day Flaw Exploited by 11 State-Sponsored Threat Groups Since 2017
An unpatched security flaw impacting Microsoft Windows has been exploited by 11 state-sponsored groups from China, Iran, North Korea, and Russia as part of data theft, espionage, and financially motivated campaigns that date back to 2017.The zero-day vulnerability, tracked by Trend Micro’s Zero Day Initiative (ZDI) as ZDI-CAN-25373, refers to an issue that allows bad…
-
GitHub wird immer mehr zu einem digitalen Minenfeld
Tags: access, authentication, cloud, computer, cyberattack, cyberespionage, cybersecurity, github, malware, mfa, north-korea, password, updateZuerst waren nur einzelne GitHub-Repositories mit Malware infiziert. Mittlerweile geraten auch Entwickler und deren Konten direkt in das Visier von Cyberkriminellen.Die Plattform GitHub sorgt seit geraumer Zeit für negative Schlagzeilen, da ihre Repositories vermehrt mit Malware infiziert sind. Hierdurch versuchen Cyberkriminelle auf Geräte und Daten zuzugreifen.Jetzt wurden diese Aktivitäten auf Entwickler direkt ausgeweitet. Ziel dieser…
-
DocSwap Malware Masquerades as Security Document Viewer to Attack Android Users Worldwide
The cybersecurity landscape has witnessed a new threat with the emergence of the DocSwap malware, which disguises itself as a >>Document Viewing Authentication App
-
Crypto Platform OKX Suspends Tool Abused by North Korean Hackers
Cryptocurrency platform OKX has announced the temporary suspension of its Decentralized Exchange (DEX) aggregator tool. This decision comes on the heels of coordinated attacks by certain media outlets and unsuccessful attempts by the notorious Lazarus Group”, a hacking entity linked to North Korea”, to exploit OKX’s DeFi services. Background on the Lazarus Group The Lazarus…
-
Crypto exchange OKX shuts down tool used by North Korean hackers to launder stolen funds
OKX said it detected a coordinated effort by one of North Korea’s most prolific hacking outfits to misuse its decentralized finance (DeFi) services. First seen on therecord.media Jump to article: therecord.media/crypto-okx-shuts-down-exchange
-
OKX suspends DEX aggregator after Lazarus hackers try to launder funds
OKX Web3 has decided to suspend its DEX aggregator services to implement security upgrades following reports of abuse by the notorious North Korean Lazarus hackers, who recently conducted a $1.5 billion crypto heist. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/okx-suspends-dex-aggregator-after-lazarus-hackers-try-to-launder-funds/
-
GitHub accounts targeted with fake security alerts
Possible DPRK links: Luc4m’s X post hinted at possible nation-state connections, adding, “Smells #DPRK?” While nothing else was said on the X thread, North Korea is known for using click-fix attacks for its cyber espionage activities, with Contagious Interviews being a prominent one of those campaigns.All GitHub fake alerts included the same login information, location:…
-
Attackers attempted hijacking 12,000 GitHub accounts with click-fix alerts
Possible DPRK links: Luc4m’s X post hinted at possible nation-state connections, adding, “Smells #DPRK?” While nothing else was said on the X thread, North Korea is known for using click-fix attacks for its cyber espionage activities, with Contagious Interviews being a prominent one of those campaigns.All GitHub fake alerts included the same login information, location:…
-
Lazarus Group Weaponizes IIS Servers for Deploying Malicious ASP Web Shells
The notorious Lazarus group has been identified as leveraging compromised IIS servers to deploy malicious ASP web shells. These sophisticated attacks have been reported to facilitate the spread of malware, including the LazarLoader variant, and utilize privilege escalation tools to gain extensive control over infected systems. The Lazarus group, associated with North Korean actors, has…
-
The most notorious and damaging ransomware of all time
Tags: access, android, attack, backdoor, backup, banking, botnet, breach, communications, computer, control, credentials, cryptography, cyber, cybercrime, dark-web, data, defense, detection, email, encryption, endpoint, exploit, extortion, finance, flaw, framework, germany, google, government, group, hacker, hacking, healthcare, infection, infrastructure, international, jobs, korea, law, lazarus, leak, linux, malicious, malware, microsoft, mobile, msp, network, north-korea, office, open-source, oracle, password, phishing, phone, powershell, ransom, ransomware, russia, service, software, spam, switch, technology, threat, tool, ukraine, update, usa, virus, vulnerability, windowsConti: History: First appearing in May 2020, the Conti RaaS platform is considered the successor to the Ryuk ransomware. As of January 2021, Conti is believed to have infected over 150 organizations and earned millions of dollars for its criminal developers and their affiliates. At least three new versions have been found since its inception.How it works: Conti uses the…
-
Lazarus Breaches IIS: Web Shells Evolving C2 Tactics Unveiled
The notorious North Korean threat actor Lazarus Group has been identified breaching Windows web servers to establish command-and-control First seen on securityonline.info Jump to article: securityonline.info/lazarus-breaches-iis-web-shells-evolving-c2-tactics-unveiled/
-
Android spyware ‘KoSpy’ spread by suspected North Korean APT
First seen on scworld.com Jump to article: www.scworld.com/news/android-spyware-kospy-spread-by-suspected-north-korean-apt
-
Breach Roundup: The Ivanti Patch Treadmill
Also: Patch Tuesday, Equalize Scandal Figure Dies and Polymorphic Extension Attack. This week, Ivanti EPM customers should patch, Patch Tuesday, fake web browser extensions, North Korean Android malware, a key figure in Italy’s Equalize scandal dead of heart attack. Also, Apache Camel flaw, OpenAI’s agent automates phishing and Apple patched another zero day. First seen…
-
North Korea-linked APT group ScarCruft spotted using new Android spyware KoSpy
North Korea-linked APT group ScarCruft used a new Android spyware dubbed KoSpy to target Korean and English-speaking users. North Korea-linked threat actor ScarCruft (aka APT37, Reaper, and Group123) is behind a previously undetected Android surveillance tool named KoSpy that was used to target Korean and English-speaking users. ScarCruft has been active since at least 2012, it made the…
-
North Korea’s ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps
The North Korea-linked threat actor known as ScarCruft is said to have been behind a never-before-seen Android surveillance tool named KoSpy targeting Korean and English-speaking users.Lookout, which shared details of the malware campaign, said the earliest versions date back to March 2022. The most recent samples were flagged in March 2024. It’s not clear how…
-
North Korean Hackers Distributed Android Spyware via Google Play
The North Korea-linked APT37 has been observed targeting Android users with spyware distributed via Google Play. The post North Korean Hackers Distributed Android Spyware via Google Play appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/north-korean-hackers-distributed-android-spyware-via-google-play/
-
Suspected North Korea Group Targets Android Devices with Spyware
A North Korea-backed threat group, APT37, disguised KoSpy as utility apps in Google Play to infect Android devices, using the spyware for such activities as gathering sensitive information, tracking locations, capturing screenshots, recording keystrokes, and accessing files. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/03/suspected-north-korea-group-targets-android-devices-with-spyware/
-
North Korean Hackers Use Google Play Malware to Steal SMS, Calls Screenshots
Cybersecurity researchers at Lookout Threat Lab have uncovered a sophisticated Android surveillance tool dubbed >>KoSpy,
-
North Korean Hackers Deploy DocSwap Malware Disguised as Security Tool
Tags: authentication, cyber, cybersecurity, hacker, intelligence, malware, north-korea, threat, toolIn a recent cybersecurity threat discovery, the S2W Threat Research and Intelligence Center Talon has identified and analyzed a new type of malware linked to a North Korean-backed Advanced Persistent Threat (APT) group. The malware, masquerading as a “문서열람 ì¸ì¦ 앱” (Document Viewing Authentication App), was first detected on December 13, 2024. This sophisticated threat…
-
Android apps laced with North Korean spyware found in Google Play
Google’s Firebase platform also hosted configuration settings used by the apps. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/03/researchers-find-north-korean-spy-apps-hosted-in-google-play/
-
New North Korean Android spyware slips onto Google Play
A new Android spyware named ‘KoSpy’ is linked to North Korean threat actors who have infiltrated Google Play and third-party app store APKPure through at least five malicious apps. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-north-korean-android-spyware-slips-onto-google-play/
-
North Korean Cyber Espionage Group Kimsuky Exploits University Website in Watering Hole Attack
Cybersecurity researchers from ESTsecurity’s Security Response Center (ESRC) have uncovered a new watering hole attack campaign attributed to First seen on securityonline.info Jump to article: securityonline.info/north-korean-cyber-espionage-group-kimsuky-exploits-university-website-in-watering-hole-attack/
-
Spyware in bogus Android apps is attributed to North Korean group
A North Korean nation-state group tracked as APT37 or ScarCruft placed infected utilities in Android app stores as part of an espionage campaign, according to researchers at Lookout. First seen on therecord.media Jump to article: therecord.media/north-korea-malware-android-apps-kospy-apt37-scarcruft
-
North Korean government hackers snuck spyware on Android app store
Cybersecurity firm Lookout found several samples of a North Korean spyware it calls KoSpy. First seen on techcrunch.com Jump to article: techcrunch.com/2025/03/12/north-korean-government-hackers-snuck-spyware-on-android-app-store/