Tag: north-korea
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 33
Tags: breach, credit-card, cyber, data, data-breach, google, india, international, malware, mobile, north-korea, usaSecurity Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Mobile Indian Cyber Heist: FatBoyPanel And His Massive Data Breach Google Tag Manager Skimmer Steals Credit Card Info From Magento Site From South America to Southeast Asia: The Fragile Web of REF7707 Analyzing DEEP#DRIVE: North Korean…
-
N. Korean Hackers Suspected in DEEP#DRIVE Attacks Against S. Korea
A phishing attack dubbed DEEP#DRIVE is targeting South Korean entities, with thousands already affected. North Korean hackers from… First seen on hackread.com Jump to article: hackread.com/n-korean-hackers-deep-drive-attacks-against-s-korea/
-
Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks
The North Korean threat actor known as the Lazarus Group has been linked to a previously undocumented JavaScript implant named Marstech1 as part of limited targeted attacks against developers.The active operation has been dubbed Marstech Mayhem by SecurityScorecard, with the malware delivered by means of an open-source repository hosted on GitHub that’s associated with a…
-
Lazarus Group Targets Developers Worldwide with New Malware Tactic
Tags: crypto, cyber, cybercrime, group, korea, lazarus, malware, north-korea, software, supply-chain, tacticsNorth Korea’s Lazarus Group, a state-sponsored cybercriminal organization, has launched a sophisticated global campaign targeting software developers and cryptocurrency users. Dubbed Operation Marstech Mayhem, this operation leverages the group’s latest implant, >>Marstech1,
-
North Korean IT Workers Penetrate Global Firms to Install System Backdoors
In a concerning escalation of cyber threats, North Korean IT operatives have infiltrated global companies, posing as remote workers to introduce system backdoors and exfiltrate sensitive data. These activities, which generate critical revenue for the heavily sanctioned regime, also pose significant risks to corporate security and international stability. Fraudulent Hiring North Korea has capitalized on…
-
Unusual attack linked to Chinese APT group combines espionage and ransomware
Tags: apt, attack, breach, china, cloud, country, credentials, crime, crimes, crypto, cyber, cybercrime, cyberespionage, data, encryption, espionage, exploit, finance, firewall, government, group, hacker, infection, insurance, intelligence, korea, microsoft, network, north-korea, ransom, ransomware, russia, software, tactics, technology, threat, veeam, vulnerabilityThe attacker demanded a $2-million ransom: The attack that resulted in the deployment of the RA World ransomware program, as well as data exfiltration, had the same chain: the toshdpdb.exe loading toshdpapi.dll then decrypting toshdp.dat which resulted in the PlugX variant being deployed. The difference is the attacker then chose to deploy the RA World…
-
North Korean hackers spotted using ClickFix tactic to deliver malware
North Korean state-sponsored group Kimsuky (aka Emerald Sleet, aka VELVET CHOLLIMA) is attempting to deliver malware to South Korean targets by leveraging the so-called … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/02/13/north-korean-hackers-spotted-using-clickfix-tactic-to-deliver-malware/
-
North Korean APT43 Uses PowerShell and Dropbox in Targeted South Korea Cyberattacks
Tags: attack, business, crypto, cyberattack, government, group, hacking, korea, north-korea, powershell, threatA nation-state threat actor with ties to North Korea has been linked to an ongoing campaign targeting South Korean business, government, and cryptocurrency sectors.The attack campaign, dubbed DEEP#DRIVE by Securonix, has been attributed to a hacking group known as Kimsuky, which is also tracked under the names APT43, Black Banshee, Emerald Sleet, Sparkling Pisces, Springtail,…
-
APT43 Hackers Targeting Academic Institutions Using Exposed Credentials
APT43, also known by aliases such as Black Banshee, Emerald Sleet, and Kimsuky, is a North Korean state-sponsored cyber threat actor linked to the Reconnaissance General Bureau (RGB). This group is primarily motivated by espionage and has recently expanded its operations to include financially driven cybercrime. APT43 has been actively targeting academic institutions in South…
-
North Korea Targets Crypto Devs Through NPM Packages
SecurityScorecard has uncovered a sophisticated campaign linked to North Korea’s Lazarus Group, distributing crypto-stealing malware First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/north-korea-crypto-devs-npm/
-
US woman faces years in federal prison for running laptop farm for N Korean IT workers
Christian Marie Chapman, of Litchfield Park, Arizona, helped generate over US $17 million for North Korea after over 300 US companies unwittingly hired staff believing them to be US citizens. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/us-woman-years-federal-prison-laptop-farm-n-korean-it-workers
-
North Korea targets crypto developers via NPM supply chain attack
Yet another cash grab from Kim’s cronies and an intel update from Microsoft First seen on theregister.com Jump to article: www.theregister.com/2025/02/13/north_korea_npm_crypto/
-
DPRK hackers dupe targets into typing PowerShell commands as admin
North Korean state actor ‘Kimsuky’ (aka ‘Emerald Sleet’ or ‘Velvet Chollima’) has been observed using a new tactic inspired from the now widespread ClickFix campaigns. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/dprk-hackers-dupe-targets-into-typing-powershell-commands-as-admin/
-
Warning: Cybercrime Services Underpin National Security Risk
Tags: china, cybercrime, cybersecurity, google, hacking, iran, korea, north-korea, ransomware, risk, russia, serviceRussia, China, Iran and North Korea Tapping Cybercrime Services, Google Says. The cybercrime-as-a-service economy continues to power ransomware and other criminal enterprises, as well as serve as an accelerant for state-sponsored hacking, collectively posing an increasing risk to Western national security, cybersecurity researchers warn. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/warning-cybercrime-services-underpin-national-security-risk-a-27502
-
North Korea-linked APT Emerald Sleet is using a new tactic
Microsoft Threat Intelligence has observed North Korea-linked APT Emerald Sleet using a new tactic, tricking targets into running PowerShell. Microsoft Threat Intelligence researchers spotted North Korea-linked threat actor Emerald Sleet (also known as Kimsuky and VELVET CHOLLIMA) using a new tactic. They are tricking targets into running PowerShell as an administrator and executing code provided…
-
North Korean Hackers Exploit PowerShell Trick to Hijack Devices in New Cyberattack
The North Korea-linked threat actor known as Kimsuky has been observed using a new tactic that involves deceiving targets into running PowerShell as an administrator and then instructing them to paste and run malicious code provided by them.”To execute this tactic, the threat actor masquerades as a South Korean government official and over time builds…
-
Cyber crime meshes with cyber warfare as states enlist gangs
A report from the Google Threat Intelligence Group depicts China, Russia, Iran and North Korea as a bloc using cyber criminal gangs to attack the national security of western countries First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366619194/Google-Cyber-crime-meshes-with-cyber-warfare-as-states-enlist-gangs
-
Microsoft’s February 2025 Patch Tuesday Addresses 55 CVEs (CVE-2025-21418, CVE-2025-21391)
Tags: access, advisory, android, apt, attack, authentication, best-practice, cve, cyber, data, exploit, firmware, flaw, group, Internet, lazarus, linux, malicious, microsoft, network, north-korea, ntlm, office, rce, remote-code-execution, service, technology, tool, update, vulnerability, windows, zero-day3Critical 52Important 0Moderate 0Low Microsoft addresses 55 CVEs with three rated critical and four zero-day vulnerabilities, including two that were exploited in the wild. Microsoft patched 55 CVEs in its February 2025 Patch Tuesday release, with three rated critical and 52 rated as important. Our counts omitted one vulnerability reported by HackerOne. This month’s update…
-
Arizona woman pleads guilty to running laptop farm for N. Korean IT workers, faces 9-year sentence
Tags: north-koreaA U.S. citizen pleaded guiltyTuesday to playing a role in a wide-ranging scheme that allowed multiple North Korean nationals to collect paychecks from more than 300 U.S. companies. First seen on therecord.media Jump to article: therecord.media/arizona-woman-pleads-guilty-north-korean-laptop-farm
-
I’m a security expert, and I almost fell for a North Korea-style deepfake job applicant “¦Twice
Remote position, webcam not working, then glitchy AI face … Red alert! First seen on theregister.com Jump to article: www.theregister.com/2025/02/11/it_worker_scam/
-
Researchers Found North Korean Hackers Advanced Tactics, techniques, and procedures
Recent research has highlighted the increasingly sophisticated tactics, techniques, and procedures (TTPs) employed by North Korean state-sponsored hackers. These cyber actors have demonstrated a strategic focus on espionage, financial theft, and disruption, targeting a broad range of sectors globally. Their operations align with the regime’s geopolitical objectives, including funding nuclear programs, gathering intelligence, and undermining…
-
Kimsuky APT group used custom RDP Wrapper version and forceCopy stealer
Tags: apt, attack, control, group, intelligence, kaspersky, korea, north-korea, phishing, spear-phishingResearchers spotted North Korea’s Kimsuky APT group launching spear-phishing attacks to deliver forceCopy info-stealer malware. Researchers from AhnLab Security Intelligence Center (ASEC) observed North Korea’s Kimsuky APT group conducting spear-phishing attacks to deliver forceCopy info-stealer malware. Kimsuky cyberespionage group (aka ARCHIPELAGO, Black Banshee, Thallium, Velvet Chollima, APT43) was first spotted by Kaspersky researchers in 2013. The group works under the control…
-
Lazarus Group Lures Victims with Fake LinkedIn Job Offers, Warns Bitdefender
Bitdefender Labs has uncovered an active cyber espionage campaign by the Lazarus Group, a North Korean state-sponsored threat First seen on securityonline.info Jump to article: securityonline.info/lazarus-group-lures-victims-with-fake-linkedin-job-offers-warns-bitdefender/
-
Kimsuky Group Leverages RDP Wrapper for Persistent Cyber Espionage
The notorious North Korean APT group Kimsuky has continued its cyber espionage operations, leveraging spear-phishing attacks and remote First seen on securityonline.info Jump to article: securityonline.info/kimsuky-group-leverages-rdp-wrapper-for-persistent-cyber-espionage/
-
Kimsuky hackers use new custom RDP Wrapper for remote access
The North Korean hacking group known as Kimsuky was observed in recent attacks using a custom-built RDP Wrapper and proxy tools to directly access infected machines. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/kimsuky-hackers-use-new-custom-rdp-wrapper-for-remote-access/
-
Lazarus Group Targets Bitdefender Researcher with LinkedIn Recruiting Scam
A Bitdefender researcher was targeted by North Korea’s Lazarus with the lure of a fake job offer First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/lazarus-bitdefender-linkedin-scam/
-
Lazarus Group tricks job seekers on LinkedIn with crypto-stealer
North Korea-linked Lazarus Group is duping job seekers and professionals in an ongoing campaign that runs a LinkedIn recruiting scam to capture browser credentials, steal crypto wallet data, and launch persistence.According to a discovery made by BitDefender Labs, threat actors reach out with fake LinkedIn job offers to lure the victims into downloading and executing…
-
North Korean APT Kimsuky Uses forceCopy Malware to Steal Browser-Stored Credentials
Tags: apt, attack, credentials, email, group, hacking, intelligence, korea, malware, microsoft, north-korea, office, phishing, spear-phishing, windowsThe North Korea-linked nation-state hacking group known as Kimsuky has been observed conducting spear-phishing attacks to deliver an information stealer malware named forceCopy, according to new findings from the AhnLab Security Intelligence Center (ASEC).The attacks commence with phishing emails containing a Windows shortcut (LNK) file that’s disguised as a Microsoft Office or PDF document. First…
-
Beware of Lazarus LinkedIn Recruiting Scam Targeting Org’s to Deliver Malware
Tags: cyber, cyberattack, cybersecurity, exploit, group, jobs, korea, lazarus, linkedin, malware, north-korea, scamA new wave of cyberattacks orchestrated by the North Korea-linked Lazarus Group has been identified, leveraging fake LinkedIn job offers to infiltrate organizations and deliver sophisticated malware. Reports from cybersecurity firms, including Bitdefender, reveal that this campaign targets professionals across industries by exploiting their trust in LinkedIn as a professional networking platform. The operation begins…