Collecting Cyber-News from over 60 sources

Tag: north-korea

North Korean Fake IT Workers Infiltrate Firms to Dodge Sanctions

Apr 23, 2026 11:39 AM

Tags: crypto, cyber, infrastructure, international, north-korea, tactics, threat

North Korean threat actors are once again leveraging deceptive remote work schemes to infiltrate global organizations, using fake IT worker personas to generate revenue and bypass international sanctions. A recent investigation, triggered by cryptocurrency security researcher ZachXBT, sheds light on the infrastructure and tactics behind this evolving campaign. ZachXBT identified the domain luckyguys[.]site as being…
Lazarus Lures Developers With Backdoored Coding Tests

Apr 23, 2026 11:39 AM

Tags: ai, crypto, cyber, data, group, hacker, korea, lazarus, malware, north-korea

North Korea-linked hackers are using AI-assisted malware and backdoored coding challenges to quietly loot millions in cryptocurrency from Web3 developers. Expel assesses with high confidence that HexagonalRodent is a DPRK state-sponsored subgroup that likely evolved from fraudulent IT worker operations before pivoting fully to malware-driven theft. In just three months, the group exfiltrated data from…
North Korean hackers siphon more than $12 million from crypto users in sprawling campaign

Apr 22, 2026 11:39 PM

Tags: attack, crypto, group, hacker, malware, north-korea

Researchers said the group stole up to $12 million in cryptocurrency in the first three months of 2026 through malware attacks on personal devices. First seen on therecord.media Jump to article: therecord.media/north-korean-hackers-siphon-12-million-from-crypto-users
North Korea Stole 100,000 Identities to Infiltrate Global Companies

Apr 22, 2026 6:40 PM

Tags: cybersecurity, fraud, identity, jobs, korea, north-korea, threat, tool

Here Is What That Looks Like From an Investigator’s Perspective. The DPRK remote IT worker scheme is not a cybersecurity problem. It is an identity fraud problem at state scale. The tools that can detect and attribute it are the same tools built for investigating threat actors, not screening job applicants. Research published in March……
AI Tools Are Helping Mediocre North Korean Hackers Steal Millions

Apr 22, 2026 6:40 PM

Tags: ai, group, hacker, malware, north-korea, tool

One group of hackers used AI for everything from vibe coding their malware to creating fake company websites”, and stole as much as $12 million in three months. First seen on wired.com Jump to article: www.wired.com/story/ai-tools-are-helping-mediocre-north-korean-hackers-steal-millions/
North Korea Blamed for $290m KelpDAO Crypto Heist

Apr 22, 2026 5:39 PM

Tags: crypto, group, korea, lazarus, north-korea, theft

North Korea’s Lazarus Group is pegged for a $290m crypto theft at KelpDAO First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/north-korean-blamed-290m-kelpdao/
Microsoft warns of fake IT worker identities infiltrating cloud environments

Apr 22, 2026 12:39 PM

Tags: cloud, cyber, group, jobs, microsoft, north-korea

Microsoft is warning that North Korea”‘aligned group Jasper Sleet is abusing remote hiring to slip fake IT workers into cloud environments by posing as legitimate staff and then abusing trusted access. Since the pandemic, many companies hire globally, verify identities online, and onboard staff fully remotely. Jasper Sleet, tracked by Microsoft as a North Korean…
North Korea’s Lazarus APT stole $290M from Kelp DAO

Apr 21, 2026 9:39 PM

Tags: apt, crypto, finance, group, hacker, korea, lazarus, north-korea, theft

North Korea-linked Lazarus Group stole $290M from Kelp DAO by abusing LayerZero. A second $95M attempt was stopped. Hackers tied to the North-Korea linked group Lazarus APT carried out a $290M crypto theft targeting Kelp DAO. Kelp DAO is a decentralized finance (DeFi) protocol built on the Ethereum ecosystem that focuses on a concept called…
CISA urges security teams to view environments following axios compromise

Apr 21, 2026 6:39 PM

Tags: attack, cisa, korea, north-korea, supply-chain

A suspected North Korea-linked actor is behind a supply chain attack on the widely used library. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa–security-teams-environments-axios-compromise/818081/
Microsoft spots Sapphire Sleet macOS attack using AppleScript and social engineering

Apr 21, 2026 12:39 PM

Tags: attack, cyber, exploit, flaw, macOS, microsoft, north-korea, social-engineering, software, threat, vulnerability

A new macOS-focused cyber campaign linked to the North Korean threat actor Sapphire Sleet, highlighting how attackers are increasingly relying on social engineering rather than software vulnerabilities to compromise systems. Rather than exploiting security flaws, the attackers manipulate user trust, allowing them to bypass built-in macOS protections. The attack begins with carefully crafted social engineering…
North Korean Blamed for $290m KelpDAO Crypto Heist

Apr 21, 2026 11:39 AM

Tags: crypto, group, korea, lazarus, north-korea, theft

North Korea’s Lazarus Group is pegged for a $290m crypto theft at KelpDAO First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/north-korean-blamed-290m-kelpdao/
KelpDAO suffers $290 million heist tied to Lazarus hackers

Apr 21, 2026 1:39 AM

Tags: crypto, hacker, lazarus, north-korea

State-sponsored North Korean hackers are likely behind the $290 million crypto-heist that impacted the KelpDAO DeFi project on Saturday. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/kelpdao-suffers-290-million-heist-tied-to-lazarus-hackers/
North Korean hackers blamed for $290M crypto theft

Apr 20, 2026 11:38 PM

Tags: crypto, hacker, north-korea, theft

The hack against Kelp DAO is the largest crypto heist of the year so far. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/20/north-korea-hackers-blamed-for-290m-crypto-theft/
North Korea hackers blamed for $290M crypto theft

Apr 20, 2026 8:39 PM

Tags: crypto, hacker, korea, north-korea, theft

The hack against Kelp DAO is the largest crypto heist of the year so far. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/20/north-korea-hackers-blamed-for-290m-crypto-theft/
Crypto infrastructure company blames $290 million theft on North Korean hackers

Apr 20, 2026 7:33 PM

Tags: crypto, hacker, infrastructure, korea, north-korea, theft

A theft of nearly $300 million worth of cryptocurrency has been attributed to hackers from North Korea, as the industry grapples with the fallout of a wide-ranging incident involving multiple prominent platforms. First seen on therecord.media Jump to article: therecord.media/crypto-north-korea-theft-kelp
Why the Axios attack proves AI is mandatory for supply chain security

Apr 20, 2026 4:37 PM

Tags: ai, attack, government, malicious, north-korea, radius, startup, supply-chain, threat

Two weeks ago, a suspected North Korean threat actor slipped malicious code into a package within Axios, a widely used JavaScript library. The immediate concern was the blast radius: roughly 100 million weekly downloads spanning enterprises, startups, and government systems. But beyond the sheer scale, the attack’s speed was just as worrisome a stark […]…
North Korea-Linked UNC1069 Hacks Crypto Pros via Fake Meetings

Apr 20, 2026 2:38 PM

Tags: access, crypto, cyber, google, korea, linux, macOS, malware, microsoft, north-korea, social-engineering, theft, threat, windows

North Korea-linked threat actor UNC1069 is running a highly targeted campaign that abuses fake Zoom, Google Meet, and Microsoft Teams meetings to compromise cryptocurrency and Web3 professionals across Windows, macOS, and Linux systems. The goal is long-term access and large-scale theft of digital assets through stealthy social engineering and multi-stage malware deployment. Attackers often hijack…
How to spot a North Korean fake in a job interview

Apr 20, 2026 7:38 AM

Tags: ai, jobs, north-korea

North Korean operatives are getting hired at companies by passing job interviews using fake identities and AI tools. In this Help Net Security video, Adrian Cheek, a senior … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/20/north-korean-job-interview-infiltration-video/
North Korean social engineering campaign targets macOS users

Apr 17, 2026 8:40 PM

Tags: data-breach, intelligence, korea, macOS, microsoft, north-korea, social-engineering, threat

A MacOS-focused social engineering campaign orchestrated by North Korea-based threat actor Sapphire Sleet has been exposed by Microsoft’s Threat Intelligence Unit. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366641953/North-Korean-social-engineering-campaign-targets-macOS-users
Fake Zoom SDK Update Spreads Sapphire Sleet Malware in New macOS Attack Chain

Apr 17, 2026 12:38 PM

Tags: apple, attack, cyber, macOS, malicious, malware, north-korea, social-engineering, software, threat, update, vulnerability

A sophisticated macOS-focused cyber campaign orchestrated by the North Korean threat actor Sapphire Sleet, revealing a shift toward social engineering over traditional software exploitation. Instead of relying on vulnerabilities, the attackers trick users into executing malicious files disguised as legitimate software updates, effectively bypassing Apple’s built-in security protections. The campaign centers on a fake file…
US nationals sentenced for aiding North Korea’s tech worker scheme

Apr 17, 2026 5:37 AM

Tags: jobs, korea, north-korea

Kejia Wang and Zhenxing Wang established shell companies and hosted laptop farms to help operatives obtain jobs at more than 100 U.S. companies. First seen on cyberscoop.com Jump to article: cyberscoop.com/us-nationals-sentenced-facilitate-north-korea-tech-worker-scheme/
New Jersey men given lengthy sentences for running North Korean laptop farms

Apr 17, 2026 12:48 AM

Tags: government, north-korea

The DOJ said Kejia Wang, 42, was sentenced to nine years in prison and Zhenxing Wang, 39, was given a nearly eight-year sentence for an operation that generated more than $5 million for the government of North Korea. First seen on therecord.media Jump to article: therecord.media/new-jersey-men-sentenced-north-korean-laptop-farms
Two Americans sentenced for helping North Korea steal $5 million in fake IT worker scheme

Apr 17, 2026 12:48 AM

Tags: government, korea, north-korea

The U.S. Department of Justice announced that two Americans were sentenced to years in prison for helping the North Korean government place fake IT workers in U.S. companies. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/16/two-americans-sentenced-for-helping-north-korea-steal-5-million-in-fake-it-worker-scheme/
North Korea targets macOS users in latest heist

Apr 17, 2026 12:48 AM

Tags: korea, macOS, north-korea, social-engineering, update

Social engineering: ‘low-cost, hard to patch, and scales well’ First seen on theregister.com Jump to article: www.theregister.com/2026/04/16/north_korea_social_engineering_macos/
Two US nationals jailed over scheme that generated $5 million for the North Korean regime

Apr 17, 2026 12:48 AM

Tags: north-korea

Two US nationals have been sentenced for their role in a scheme that placed North Korean IT workers inside American companies under false identities. Over several years, the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/16/north-korean-it-workers-scheme-us-facilitators/
US nationals behind DPRK IT worker ‘laptop farm’ sent to prison

Apr 17, 2026 12:48 AM

Tags: country, north-korea, technology

Two U.S. nationals have been sent to prison for helping North Korean remote information technology (IT) workers to pose as U.S. residents and get hired by over 100 companies across the country, including many Fortune 500 firms. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/us-nationals-behind-north-korean-it-worker-laptop-farm-sent-to-prison/
US nationals behind DPRK IT worker ‘laptop farm’ sent to prison

Apr 17, 2026 12:48 AM

Tags: country, north-korea, technology

Two U.S. nationals have been sent to prison for helping North Korean remote information technology (IT) workers to pose as U.S. residents and get hired by over 100 companies across the country, including many Fortune 500 firms. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/us-nationals-behind-north-korean-it-worker-laptop-farm-sent-to-prison/
US nationals behind DPRK IT worker ‘laptop farm’ sent to prison

Apr 17, 2026 12:48 AM

Tags: country, north-korea, technology

Two U.S. nationals have been sent to prison for helping North Korean remote information technology (IT) workers to pose as U.S. residents and get hired by over 100 companies across the country, including many Fortune 500 firms. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/us-nationals-behind-north-korean-it-worker-laptop-farm-sent-to-prison/
US nationals behind DPRK IT worker ‘laptop farm’ sent to prison

Apr 17, 2026 12:48 AM

Tags: country, north-korea, technology

Two U.S. nationals have been sent to prison for helping North Korean remote information technology (IT) workers to pose as U.S. residents and get hired by over 100 companies across the country, including many Fortune 500 firms. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/us-nationals-behind-north-korean-it-worker-laptop-farm-sent-to-prison/
North Korea Uses ClickFix to Target macOS Users’ Data

Apr 17, 2026 12:48 AM

Tags: attack, credentials, data, jobs, korea, macOS, north-korea, update

Sapphire Sleet uses fake job offers and phony Zoom updates to deliver ClickFix attacks that steal credentials and sensitive data from Macs. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/north-korea-clickfix-target-macos-users-data