Tag: north-korea
-
FlexibleFerret Wenn die Jobsuche zur Malware-Falle wird
Das Threat Labs Team von Jamf hat eine neue Variante der Malware-Familie FlexibleFerret untersucht. Die Schadsoftware wird Gruppen zugeschrieben, die im Umfeld Nordkoreas agieren und bereits durch die sogenannte Contagious Interview Kampagne aufgefallen sind. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/flexibleferret-jobsuche-malware-falle
-
North Korea-linked Actors Exploit React2Shell to Deploy New EtherRAT Malware
Threat actors with ties to North Korea have likely become the latest to exploit the recently disclosed critical security React2Shell flaw in React Server Components (RSC) to deliver a previously undocumented remote access trojan dubbed EtherRAT.”EtherRAT leverages Ethereum smart contracts for command-and-control (C2) resolution, deploys five independent Linux persistence mechanisms, and First seen on thehackernews.com…
-
React2Shell Exploit Campaigns Tied to North Korean Cyber Intrusion Tactics
Sysdig has found sophisticated malicious campaigns exploiting React2Shell that delivered EtherRAT and suggested North Korean hackers’ involvement First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/react2shell-exploit-campaigns/
-
North Korean hackers exploit React2Shell flaw in EtherRAT malware attacks
A new malware implant called EtherRAT, deployed in a recent React2Shell attack, runs five separate Linux persistence mechanisms and leverages Ethereum smart contracts for communication with the attacker. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/north-korean-hackers-exploit-react2shell-flaw-in-etherrat-malware-attacks/
-
Maryland man sentenced for N. Korea IT worker scheme involving US government contracts
In a case that affected 13 companies, including U.S. government contractors, a Maryland man was sentenced to 15 months in prison for allowing North Korean nationals to use his identity. First seen on therecord.media Jump to article: therecord.media/north-korea-it-worker-scheme-maryland-man-sentenced
-
Breach Roundup: React Flaw Incites Supply Chain Risk
Also, Microsoft Badly Patches LNK Flaw, Australian Sentenced for ‘Evil Twin’ Hack. This week, the React flaw, a belated Windows fix, Defense Secretary Pete Hegseth’s Signal group posed operational risk, more North Korean npm packages. An Australian jailed for Wi-Fi evil twin crimes. The US FTC will send $15.3 million to Avast users. A London…
-
LummaC2 Infects North Korean Hacker Device Linked to Bybit Heist
LummaC2 infostealer infects North Korean hacker’s device, exposing ties to $1.4B Bybit heist and revealing tools, infrastructure and OPSEC failures. First seen on hackread.com Jump to article: hackread.com/north-korean-hacker-device-lummac2-infostealer-bybit/
-
NK Hackers Push 200 Malicious npm Packages with OtterCookie Malware
North Korean hackers escalated the “Contagious Interview” attack, flooding the npm registry with over 200 malicious packages to install OtterCookie malware. This attack targets blockchain and Web3 developers through fake job interviews and coding tests. First seen on hackread.com Jump to article: hackread.com/nk-hackers-npm-packages-ottercookie-malware/
-
NK Hackers Push 200 Malicious npm Packages with OtterCookie Malware
North Korean hackers escalated the “Contagious Interview” attack, flooding the npm registry with over 200 malicious packages to install OtterCookie malware. This attack targets blockchain and Web3 developers through fake job interviews and coding tests. First seen on hackread.com Jump to article: hackread.com/nk-hackers-npm-packages-ottercookie-malware/
-
NK Hackers Push 200 Malicious npm Packages with OtterCookie Malware
North Korean hackers escalated the “Contagious Interview” attack, flooding the npm registry with over 200 malicious packages to install OtterCookie malware. This attack targets blockchain and Web3 developers through fake job interviews and coding tests. First seen on hackread.com Jump to article: hackread.com/nk-hackers-npm-packages-ottercookie-malware/
-
NK Hackers Push 200 Malicious npm Packages with OtterCookie Malware
North Korean hackers escalated the “Contagious Interview” attack, flooding the npm registry with over 200 malicious packages to install OtterCookie malware. This attack targets blockchain and Web3 developers through fake job interviews and coding tests. First seen on hackread.com Jump to article: hackread.com/nk-hackers-npm-packages-ottercookie-malware/
-
North Korea lures engineers to rent identities in fake IT worker scheme
In an unprecedented intelligence operation, security researchers exposed how North Korean IT recruiters target and lure developers into renting their identities for illicit fundraising. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/north-korea-lures-engineers-to-rent-identities-in-fake-it-worker-scheme/
-
North Korea lures engineers to rent identities in fake IT worker scheme
In an unprecedented intelligence operation, security researchers exposed how North Korean IT recruiters target and lure developers into renting their identities for illicit fundraising. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/north-korea-lures-engineers-to-rent-identities-in-fake-it-worker-scheme/
-
DPRK’s ‘Contagious Interview’ Spawns Malicious Npm Package Factory
North Korean attackers have delivered more than 197 malicious packages with 31K-plus downloads since Oct. 10, as part of ongoing state-sponsored activity to compromise software developers. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/contagious-interview-malicious-npm-package-factory
-
Researchers Capture Lazarus APT’s Remote-Worker Scheme Live on Camera
A joint investigation led by Mauro Eldritch, founder of BCA LTD, conducted together with threat-intel initiative NorthScan and ANY.RUN, a solution for interactive malware analysis and threat intelligence, has uncovered one of North Korea’s most persistent infiltration schemes: a network of remote IT workers tied to Lazarus Group’s Famous Chollima division.For the first time, researchers…
-
DPRK’s ‘Contagious Interview’ Spawns Malicious Npm Package Factory
North Korean attackers have delivered more than 197 malicious packages with 31K-plus downloads since Oct. 10, as part of ongoing state-sponsored activity to compromise software developers. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/contagious-interview-malicious-npm-package-factory
-
Researchers Capture Lazarus APT’s Remote-Worker Scheme Live on Camera
A joint investigation led by Mauro Eldritch, founder of BCA LTD, conducted together with threat-intel initiative NorthScan and ANY.RUN, a solution for interactive malware analysis and threat intelligence, has uncovered one of North Korea’s most persistent infiltration schemes: a network of remote IT workers tied to Lazarus Group’s Famous Chollima division.For the first time, researchers…
-
Officials accuse North Korea’s Lazarus of $30 million theft from crypto exchange
Yonhap News Agency reported on Friday that South Korean government officials are involved in the investigation surrounding $30 million worth of cryptocurrency that was stolen from Upbit on Wednesday evening. First seen on therecord.media Jump to article: therecord.media/officials-accuse-north-korea-hackers-of-attack-on-crypto-exchange
-
Officials accuse North Korea’s Lazarus of $30 million theft from crypto exchange
Yonhap News Agency reported on Friday that South Korean government officials are involved in the investigation surrounding $30 million worth of cryptocurrency that was stolen from Upbit on Wednesday evening. First seen on therecord.media Jump to article: therecord.media/officials-accuse-north-korea-hackers-of-attack-on-crypto-exchange
-
KimJongRAT Strikes Windows Users via Malicious HTA Files
Security researchers have confirmed that KimJongRAT, a sophisticated remote access Trojan attributed to the Kimsuky group and believed to be backed by North Korea, is being actively distributed via weaponized .hta files targeting Windows users. The discovery reveals a carefully orchestrated attack chain designed to harvest sensitive credentials and system information from compromised machines. The…
-
North Korea’s >>Contagious Interview<< Floods npm with 200 New Packages, Using Fake Crypto Jobs to Deploy OtterCookie Spyware
The post North Korea’s >>Contagious Interview
-
North Korea’s >>Contagious Interview<< Floods npm with 200 New Packages, Using Fake Crypto Jobs to Deploy OtterCookie Spyware
The post North Korea’s >>Contagious Interview
-
Contagious Interview campaign expands with 197 npm Ppackages spreading new OtterCookie malware
North Korea-linked actors behind Contagious Interview uploaded 197 new malicious npm packages to distribute a new OtterCookie malware version. North Korea-linked threat actors added 197 new malicious npm packages to spread updated OtterCookie malware as part of the ongoing Contagious Interview campaign, cybersecurity firm Socket warns. TheContagious Interviewcampaign, active since November 2023 and linked to…
-
North Korean Hackers Deploy 197 npm Packages to Spread Updated OtterCookie Malware
The North Korean threat actors behind the Contagious Interview campaign have continued to flood the npm registry with 197 more malicious packages since last month.According to Socket, these packages have been downloaded over 31,000 times, and are designed to deliver a variant of OtterCookie that brings together the features of BeaverTail and prior versions of…
-
Rare APT Collaboration Emerges Between Russia and North Korea
Researchers say Russia’s Gamaredon and North Korea’s Lazarus may be sharing infrastructure, a rare APT collaboration. The post Rare APT Collaboration Emerges Between Russia and North Korea appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-apt-collaboration-russia-north-korea/
-
Qilin Ransomware Turns South Korean MSP Breach Into 28-Victim ‘Korean Leaks’ Data Heist
Tags: attack, breach, data, finance, group, korea, leak, msp, north-korea, ransomware, service, supply-chainSouth Korea’s financial sector has been targeted by what has been described as a sophisticated supply chain attack that led to the deployment of Qilin ransomware.”This operation combined the capabilities of a major Ransomware-as-a-Service (RaaS) group, Qilin, with potential involvement from North Korean state-affiliated actors (Moonstone Sleet), leveraging Managed Service Provider (MSP) First seen on…
-
North Korean Hackers Evade UN Sanctions Through Cyber Operations and Crypto Schemes
The Multilateral Sanctions Monitoring Team (MSMT) has released a comprehensive report documenting systematic violations of UN sanctions by North Korea. Between 2024 and 2025, North Korean cyber operations have achieved unprecedented scale in cryptocurrency theft. In 2024 alone, DPRK-linked actors stole approximately USD 1.19 billion a 50 percent year-on-year increase. Revealing how the Democratic People’s…
-
North Korean Hackers Evade UN Sanctions Through Cyber Operations and Crypto Schemes
The Multilateral Sanctions Monitoring Team (MSMT) has released a comprehensive report documenting systematic violations of UN sanctions by North Korea. Between 2024 and 2025, North Korean cyber operations have achieved unprecedented scale in cryptocurrency theft. In 2024 alone, DPRK-linked actors stole approximately USD 1.19 billion a 50 percent year-on-year increase. Revealing how the Democratic People’s…