Tag: north-korea
-
Lazarus Group Targets Bitdefender Researcher with LinkedIn Recruiting Scam
A Bitdefender researcher was targeted by North Korea’s Lazarus with the lure of a fake job offer First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/lazarus-bitdefender-linkedin-scam/
-
Lazarus Group tricks job seekers on LinkedIn with crypto-stealer
North Korea-linked Lazarus Group is duping job seekers and professionals in an ongoing campaign that runs a LinkedIn recruiting scam to capture browser credentials, steal crypto wallet data, and launch persistence.According to a discovery made by BitDefender Labs, threat actors reach out with fake LinkedIn job offers to lure the victims into downloading and executing…
-
North Korean APT Kimsuky Uses forceCopy Malware to Steal Browser-Stored Credentials
Tags: apt, attack, credentials, email, group, hacking, intelligence, korea, malware, microsoft, north-korea, office, phishing, spear-phishing, windowsThe North Korea-linked nation-state hacking group known as Kimsuky has been observed conducting spear-phishing attacks to deliver an information stealer malware named forceCopy, according to new findings from the AhnLab Security Intelligence Center (ASEC).The attacks commence with phishing emails containing a Windows shortcut (LNK) file that’s disguised as a Microsoft Office or PDF document. First…
-
Beware of Lazarus LinkedIn Recruiting Scam Targeting Org’s to Deliver Malware
Tags: cyber, cyberattack, cybersecurity, exploit, group, jobs, korea, lazarus, linkedin, malware, north-korea, scamA new wave of cyberattacks orchestrated by the North Korea-linked Lazarus Group has been identified, leveraging fake LinkedIn job offers to infiltrate organizations and deliver sophisticated malware. Reports from cybersecurity firms, including Bitdefender, reveal that this campaign targets professionals across industries by exploiting their trust in LinkedIn as a professional networking platform. The operation begins…
-
North Korean Hackers Use custom-made RDP Wrapper to activate remote desktop on Hacked Machines
In a concerning development, the North Korean-backed hacking group Kimsuky has intensified its use of custom-built tools to exploit Remote Desktop Protocol (RDP) for controlling compromised systems. AhnLab Security Intelligence Center (ASEC) reports that the group has developed a proprietary version of the open-source RDP Wrapper to enable remote desktop access on machines where this…
-
Lazarus APT targets crypto wallets using cross-platform JavaScript stealer
The North Korea-linked APT group Lazarus uses a cross-platform JavaScript stealer to target crypto wallets in a new hacking campaign. Bitdefender researchers reported that the North Korea-linkedLazarus groupuses fake LinkedIn job offers in the cryptocurrency and travel sectors to deliver a cross-platform JavaScript stealer to target crypto wallets in a new hacking campaign. Scammers lure…
-
FlexibleFerret malware targets the macOS via North Korea job campaign
First seen on scworld.com Jump to article: www.scworld.com/news/flexibleferret-malware-targets-the-macos-via-north-korea-job-campaign
-
MacOS Ferret operators add a deceptive bite to their malware family
The macOS Ferret family, variants of malware used by North Korean APTs for cyber espionage, has received a new member as samples of a detection-resistant variant, Flexible-Ferret, appear in the wild.The discovery of the samples was made by SentinelOne researchers who noted the variant’s capability to evade the recent XProtect signature update that Apple pushed…
-
Operation Phantom Circuit: North Korea’s Global Data Exfiltration Campaign Unveiled
A newly uncovered cyber espionage campaign orchestrated by North Korea’s Lazarus Group has been exposed in SecurityScorecard’s latest First seen on securityonline.info Jump to article: securityonline.info/operation-phantom-circuit-north-koreas-global-data-exfiltration-campaign-unveiled/
-
State-linked hackers deploy macOS malware in fake job interview campaign
Actors linked to North Korea bypassed Apple security using malware called FlexibleFerret. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/north-korean-hackers–fake-interview/739165/
-
North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS
The North Korean threat actors behind the Contagious Interview campaign have been observed delivering a collection of Apple macOS malware strains dubbed FERRET as part of a supposed job interview process.”Targets are typically asked to communicate with an interviewer through a link that throws an error message and a request to install or update some…
-
Lazarus Group Exploits Trusted Apps for Data Theft via Dropbox
Tags: crypto, cyber, data, espionage, exploit, group, infrastructure, korea, lazarus, north-korea, programming, software, technology, theft, toolIn an alarming development, North Korea’s infamous Lazarus Group has been linked to a global cyber espionage campaign, code-named Operation Phantom Circuit. Beginning in September 2024, this operation exploited trusted software development tools to infiltrate systems worldwide, targeting cryptocurrency and technology developers. The campaign’s advanced obfuscation techniques and infrastructure demonstrate a significant evolution in the…
-
US indicts five in North Korean IT worker scheme
Tags: north-koreaFirst seen on scworld.com Jump to article: www.scworld.com/brief/us-indicts-five-in-north-korean-it-worker-scheme
-
Lazarus Group Uses React-Based Admin Panel to Control Global Cyber Attacks
The North Korean threat actor known as the Lazarus Group has been observed leveraging a “web-based administrative platform” to oversee its command-and-control (C2) infrastructure, giving the adversary the ability to centrally supervise all aspects of their campaigns.”Each C2 server hosted a web-based administrative platform, built with a React application and a Node.js API,” SecurityScorecard’s First…
-
U.S. Shuts Down Another N. Korean IT Worker Scam, Indicting 5
The DOJ, which has move aggressively over the past year to find and shut down North Korea’s numerous IT worker scams, indicts two U.S. citizens and three others for running a six-year operation the stole more than $866,000 from 10 U.S. companies that thought they were hiring legitimate IT pros. First seen on securityboulevard.com Jump…
-
North Korea’s Andariel Group Deploys New RID Hijacking Technique for Stealthy Attacks
The AhnLab Security Intelligence Center (ASEC) has uncovered details of the Andariel threat group’s use of a sophisticated First seen on securityonline.info Jump to article: securityonline.info/north-koreas-andariel-group-deploys-new-rid-hijacking-technique-for-stealthy-attacks/
-
Privacy Roundup: Week 4 of Year 2025
Tags: access, ai, apt, attack, backup, botnet, breach, cctv, cve, cybersecurity, data, data-breach, detection, email, exploit, firmware, flaw, google, group, identity, infrastructure, korea, lazarus, leak, login, malicious, malware, north-korea, phishing, phone, privacy, regulation, remote-code-execution, risk, router, scam, service, software, startup, technology, threat, tool, update, virus, vulnerability, windowsThis is a news item roundup of privacy or privacy-related news items for 19 JAN 2025 – 25 JAN 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things may overlap;…
-
DOJ indicts 5 individuals in North Korea IT worker scam
An unsealed indictment revealed threat actors working for North Korea tricked at least 64 U.S. businesses into hiring fake IT workers for financial and propriety data gains. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366618500/DOJ-indicts-5-individuals-in-North-Korea-IT-worker-scam
-
DOJ indicts two Americans for running laptop farm used in North Korea IT worker scam
The Justice Department indicted five people for their role in a scheme that allowed North Koreans to gain employment with at least 64 U.S. companies and earn hundreds of thousands of dollars for Pyongyang’s government. ]]> First seen on therecord.media Jump to article: therecord.media/doj-indicts-americans-for-running-laptop-farm-north-korea-scheme
-
Breach Roundup: Researchers Find Flaws in Palo Alto Firewalls
Also: US Prosecutors Charge Suspected North Korean IT Worker Collaborators. This week, researchers spied Palo Alto firewall flaws, a North Korean IT worker conspiracy, ChatGPT as DDoS vector. Chinese hackers targeted a VPN maker, a fake PyPi package and a Russian threat actor shifted tactics. BreachForums admin faces prison and scammers used the release of…
-
DOJ indicts five in North Korean fake IT worker scheme
The department alleges that a North Carolina-based laptop farm enabled access for two North Korean nationals over the course of the scheme. First seen on cyberscoop.com Jump to article: cyberscoop.com/doj-indicts-five-in-north-korean-fake-it-worker-scheme/
-
FBI: North Korean IT workers steal source code to extort employers
The FBI warned today that North Korean IT workers are abusing their access to steal source code and extort U.S. companies that have been tricked into hiring them. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fbi-north-korean-it-workers-steal-source-code-to-extort-employers/
-
Japanese Companies Threatened by DPRK IT Workers
Nisos Japanese Companies Threatened by DPRK IT Workers The Japanese government warned domestic companies in March 2024 about contracting North Korean (DPRK) IT workers posing as Japanese nationals to earn cash, as it is suspected… First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/01/japanese-companies-threatened-by-dprk-it-workers/
-
US hits back against China’s Salt Typhoon group
Tags: attack, backdoor, china, cisa, ciso, communications, computer, control, crypto, cve, cyber, cyberattack, cybersecurity, defense, detection, disinformation, espionage, exploit, finance, government, group, infosec, infrastructure, intelligence, ivanti, law, malicious, mandiant, microsoft, network, north-korea, office, tactics, technology, theft, threat, tool, vpn, vulnerabilityThe US is hitting back against the threat group, dubbed Salt Typhoon by Microsoft, which is allegedly behind recent cyber attacks against American telecommunications providers, as part of a wider campaign against Chinese-based hacking.On Friday the Department of the Treasury’s Office of Foreign Assets Control (OFAC) said it is sanctioning Sichuan Juxinhe Network Technology, a…
-
Lazarus Group Targets Web3 Developers with Fake LinkedIn Profiles in Operation 99
The North Korea-linked Lazarus Group has been attributed to a new cyber attack campaign dubbed Operation 99 that targeted software developers looking for freelance Web3 and cryptocurrency work to deliver malware.”The campaign begins with fake recruiters, posing on platforms like LinkedIn, luring developers with project tests and code reviews,” Ryan Sherstobitoff, senior vice president of…
-
North Korea’s Lazarus APT Evolves Developer-Recruitment Attacks
Operation 99 uses job postings to lure freelance software developers into downloading malicious Git repositories. From there, malware infiltrates developer projects to steal source code, secrets, and cryptocurrency. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/north-korea-lazarus-apt-developer-recruitment-attacks
-
US, Japan and S. Korea urge crypto industry to take action against North Korean hackers
The governments said North Korea’s notorious Lazarus Group hackers “continue to demonstrate a pattern of malicious behavior in cyberspace by conducting numerous cybercrime campaigns to steal cryptocurrency and targeting exchanges, digital asset custodians, and individual users.”]]> First seen on therecord.media Jump to article: therecord.media/us-japan-south-korea-urge-crypto-industry-of-north-korean-hackers
-
Crypto klepto North Korea stole $659M over just 5 heists last year
US, Japan, South Korea vow to intensify counter efforts First seen on theregister.com Jump to article: www.theregister.com/2025/01/15/north_korea_crypto_heists/