Tag: north-korea
-
Russland, China, Nordkorea und der Iran – Staaten profitieren durch finanziell motivierte Cyberkriminalität
First seen on security-insider.de Jump to article: www.security-insider.de/google-mandiant-anstieg-finanziell-motivierter-cyberangriffe-a-74abaf676d92e40033d97f21784161f4/
-
North Korean Lazarus hackers infect hundreds via npm packages
Six malicious packages have been identified on npm (Node package manager) linked to the notorious North Korean hacking group Lazarus. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-infect-hundreds-via-npm-packages/
-
Lazarus Hackers Exploit 6 NPM Packages to Steal Login Credentials
North Korea’s Lazarus Group has launched a new wave of attacks targeting the npm ecosystem, compromising six packages designed to steal login credentials and deploy backdoors. The malicious packages is-buffer-validator, yoojae-validator, event-handle-package, array-empty-validator, react-event-dependency, and auth-validator have collectively been downloaded over 330 times. These packages mimic the names of widely trusted libraries, employing a typosquatting…
-
Qilin ransomware leveraged by North Korea’s Moonstone Sleet in new attacks
First seen on scworld.com Jump to article: www.scworld.com/brief/qilin-ransomware-leveraged-by-north-koreas-moonstone-sleet-in-new-attacks
-
North Korean Hackers Use ZIP Files to Deploy Malicious PowerShell Scripts
North Korean state-sponsored hackers, known as APT37 or ScarCruft, have been employing sophisticated tactics to breach systems, leveraging malicious ZIP files containing LNK files to initiate attacks. These LNK files, often disguised as documents related to North Korean affairs or trade agreements, are distributed via phishing emails. Once opened, they trigger a multi-stage attack involving…
-
North Korean IT Workers Linked to 2,400 Astrill VPN IP Addresses
new data has emerged linking over 2,400 IP addresses associated with Astrill VPN to individuals believed to be North Korean IT workers. These findings were reported by a cyber security source, who obtained the information from http://Spur.us, a platform known for tracking and exposing malicious online activity. This development raises serious concerns about the extent to…
-
North Korea-linked APT Moonstone used Qilin ransomware in limited attacks
Microsoft researchers reported that North Korea-linked APT tracked as Moonstone Sleet has employed the Qilin ransomware in limited attacks. Microsoft observed a North Korea-linked APT group, tracked as Moonstone Sleet, deploying Qilin ransomware in limited attacks since February 2025. The APT group uses Qilin ransomware after previously using custom ransomware. >>Moonstone Sleet has previously exclusively…
-
US Feds Take Down Garantex, Indict Operators
e=4>Russian cryptocurrency exchange Garantex, a money laundering destination for Russian and North Korean hackers, is no more after international law enforcement seized its servers. Prosecutors in the United States indicted the exchange’s two principals in federal court. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/us-feds-take-down-garantex-indict-operators-a-27668
-
North Korean Moonstone Sleet Uses Creative Tactics to Deploy Custom Ransomware
In a recent development, Microsoft has identified a new North Korean threat actor known as Moonstone Sleet, which has been employing a combination of traditional and innovative tactics to achieve its financial and cyberespionage objectives. Moonstone Sleet, formerly tracked as Storm-1789, has demonstrated a sophisticated approach by using fake companies, trojanized software, and even a…
-
North Korean hackers join Qilin ransomware gang
Microsoft says a North Korean hacking group tracked as Moonstone Sleet has deployed Qilin ransomware payloads in a limited number of attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-north-korean-hackers-now-deploying-qilin-ransomware/
-
Safe{Wallet} Confirms North Korean TraderTraitor Hackers Stole $1.5 Billion in Bybit Heist
Tags: attack, cloud, crypto, cybersecurity, google, hacker, malicious, mandiant, north-korea, threatSafe{Wallet} has revealed that the cybersecurity incident that led to the Bybit $1.5 billion crypto heist is a “highly sophisticated, state-sponsored attack,” stating the North Korean threat actors behind the hack took steps to erase traces of the malicious activity in an effort to hamper investigation efforts.The multi-signature (multisig) platform, which has roped in Google…
-
1,5 Milliarden Dollar gestohlen – Hacker aus Nordkorea des Bybit-Milliardenraubs verdächtigt
First seen on security-insider.de Jump to article: www.security-insider.de/nordkoreanische-hacker-stehlen-ethereum-von-bybit-a-7ed451714682b19fc711a283a3da1cb3/
-
North Korean Fake IT Workers Pose as Blockchain Developers on GitHub
North Korean fake IT workers are creating personas on GitHub to land blockchain developer jobs at US and Japanese firms. The post North Korean Fake IT Workers Pose as Blockchain Developers on GitHub appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/north-korean-fake-it-workers-pose-as-blockchain-developers-on-github/
-
North Korean IT Workers Exploit GitHub to Launch Global Cyber Attacks
A network of suspected North Korean IT workers is using GitHub to create and backstop fake personas, aiming to infiltrate companies globally, particularly in Japan and the United States. DPRK-Linked Network Targets Companies in Japan and US Cybersecurity firm Nisos has uncovered this operation, which appears to be part of Pyongyang’s efforts to fund its…
-
North Korea’s Latest ‘IT Worker’ Scheme Seeks Nuclear Funds
Fraudulent IT workers are looking for engineering and developer positions in the US and Japan, and this time it’s not about espionage. First seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/north-korea-it-worker-scheme-nuclear-funds
-
Hackers launder most of Bybit’s stolen crypto worth $1.4B
Experts note that this is just the first step for the alleged North Korean hackers to profit from the historic heist. First seen on techcrunch.com Jump to article: techcrunch.com/2025/03/04/hackers-launder-most-of-bybits-stolen-crypto-worth-1-4-billion/
-
North Koreans finish initial laundering stage after more than $1 billion stolen from Bybit
Experts from multiple blockchain security companies said Monday that the hackers were able to move all of the stolen ETH coins to new addresses, the first step taken before the funds can be laundered further. First seen on therecord.media Jump to article: therecord.media/north-koreans-initial-laundering-bybit-hack
-
Digital nomads and risk associated with the threat of infiltred employees
Companies face the risk of insider threats, worsened by remote work. North Korean hackers infiltrate firms via fake IT hires, stealing data. Stronger vetting is key. In an increasingly connected and digitalized world, companies are facing new security challenges. The insider threat, or the risk that an employee could harm the company, is a growing…
-
North Korean Fake IT Workers Leverage GitHub to Build Jobseeker Personas
Nisos has found six personas leveraging new and existing GitHub accounts to get developer jobs in Japan and the US First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/north-korean-fake-it-workers-github/
-
DPRK IT Fraud Network Uses GitHub to Target Global Companies
Nisos DPRK IT Fraud Network Uses GitHub to Target Global Companies Nisos is tracking a network of likely North Korean (DPRK)-affiliated IT workers posing as Vietnamese, Japanese, and Singaporean nationals with the goal of obtaining employment in remote engineering… First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/03/dprk-it-fraud-network-uses-github-to-target-global-companies/
-
North Korean IT Workers Hide Their IPs Using Astrill VPN
Security researchers have uncovered new evidence that North Korean threat actors, particularly the Lazarus Group, are actively using Astrill VPN to conceal their true IP addresses during cyberattacks and fraudulent IT worker schemes. Silent Push, a cybersecurity firm, recently acquired infrastructure and logs from the Lazarus subgroup known as >>Contagious Interview>Famous Chollima,
-
The Trump Administration Is Deprioritizing Russia as a Cyber Threat
Plus: The FBI pins that ByBit theft on North Korea, a malicious app download breaches Disney, spyware targets a priest close to the pope, and more. First seen on wired.com Jump to article: www.wired.com/story/trump-administration-deprioritizing-russia-cyber-threat/
-
FBI: North Korean hackers behind record-breaking Bybit crypto heist
First seen on scworld.com Jump to article: www.scworld.com/brief/fbi-north-korean-hackers-behind-record-breaking-bybit-crypto-heist
-
$1.5B Bybit Hack is Linked to North Korea, FBI Says, in Potentially the Largest Crypto Heist Ever
The FBI referred to the attack as “TraderTraitor,” a malicious campaign linked to North Korean state-sponsored hackers the Lazarus Group. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/bybit-cryptocurrency-heist/
-
Ransomware-Szene im Umbruch: Aktuelle Entwicklungen und wichtige Trends
Ransomware bleibt eine ständige Bedrohung, verändert sich jedoch stetig. Während große Akteure wie LockBit und ALPHV/BlackCat verschwinden, rücken neue Gruppen nach. Ransomware-as-a-Service (RaaS) entwickelt sich weiter, und sogar Staaten wie Russland und Nordkorea nutzen sie als Einnahmequelle. Neben diesem Strukturwandel zeichnen sich markante Trends ab. First seen on itsicherheit-online.com Jump to article: www.itsicherheit-online.com/news/cybersecurity/ransomware-szene-im-umbruch-aktuelle-entwicklungen-und-wichtige-trends/
-
FBI: Lazarus Group behind $1.5 billion Bybit heist
Researchers say the heist, in which North Korean state-sponsored hackers stole funds from a cold wallet, is the biggest theft in the history of the cryptocurrency industry. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366619872/FBI-Lazarus-Group-behind-15-billion-ByBit-heist
-
North Korean Hackers Deploy RustDoor and Koi Stealer to Target Cryptocurrency Developers on macOS
A recent cybersecurity report from Unit 42 has revealed a new wave of North Korean-linked cyberattacks targeting macOS First seen on securityonline.info Jump to article: securityonline.info/north-korean-hackers-deploy-rustdoor-and-koi-stealer-to-target-cryptocurrency-developers-on-macos/