Tag: north-korea
-
North Korean Hackers Evade UN Sanctions Through Cyber Operations and Crypto Schemes
The Multilateral Sanctions Monitoring Team (MSMT) has released a comprehensive report documenting systematic violations of UN sanctions by North Korea. Between 2024 and 2025, North Korean cyber operations have achieved unprecedented scale in cryptocurrency theft. In 2024 alone, DPRK-linked actors stole approximately USD 1.19 billion a 50 percent year-on-year increase. Revealing how the Democratic People’s…
-
North Korean Hackers Evade UN Sanctions Through Cyber Operations and Crypto Schemes
The Multilateral Sanctions Monitoring Team (MSMT) has released a comprehensive report documenting systematic violations of UN sanctions by North Korea. Between 2024 and 2025, North Korean cyber operations have achieved unprecedented scale in cryptocurrency theft. In 2024 alone, DPRK-linked actors stole approximately USD 1.19 billion a 50 percent year-on-year increase. Revealing how the Democratic People’s…
-
Rare APT Collaboration Emerges Between Russia and North Korea
Researchers say Russia’s Gamaredon and North Korea’s Lazarus may be sharing infrastructure, a rare APT collaboration. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/news-russia-north-korea-apt-collab/
-
Geopolitik und Hacktivismus als ein Trend der Cyberkriminalität
Bitdefender hat eine Analyse von Ransomware-Angriffen auf Unternehmen im südkoreanischen Finanzmarkt vorgestellt. Urheber der Angriffe ist die normalerweise wirtschaftlich motiviert agierende Ransomware-as-a-Service-Gruppe Qilin. Möglicherweise arbeitete Qilin diesmal mit Moonstone Sleet, einer Gruppe aus Nordkorea mit Regierungshintergrund, zusammen. Die Angreifer gingen dabei den Weg über die Supply-Chain und nutzen Schwachstellen von Serviceanbietern als Eintrittstor für ihre…
-
Russian and North Korean Hackers Forge Global Cyberattack Alliance
Tags: cyber, cyberattack, group, hacker, infrastructure, korea, lazarus, north-korea, russia, threat, warfareState-sponsored hackers from Russia and North Korea are collaborating on shared infrastructure, marking a significant shift in cyber geopolitics. Security researchers have uncovered evidence suggesting that Gamaredon, a Russia-aligned advanced persistent threat (APT) group, and Lazarus, North Korea’s primary cyber warfare unit, may be operating jointly a development with profound implications for global security. Russia…
-
North Korean Scam Job Platform Targets U.S. AI Developers
A sophisticated new variant of the North Korean-linked Contagious Interview campaign has emerged, featuring an unprecedented level of polish and technical sophistication designed to compromise job-seeking AI developers, software engineers, and cryptocurrency professionals. Unlike typical DPRK IT worker infiltration schemes, this operation targets real individuals through an elaborate fake recruitment platform that mimics legitimate hiring…
-
North Korean Scam Job Platform Targets U.S. AI Developers
A sophisticated new variant of the North Korean-linked Contagious Interview campaign has emerged, featuring an unprecedented level of polish and technical sophistication designed to compromise job-seeking AI developers, software engineers, and cryptocurrency professionals. Unlike typical DPRK IT worker infiltration schemes, this operation targets real individuals through an elaborate fake recruitment platform that mimics legitimate hiring…
-
North Korean Kimsuky and Lazarus Teams Target Critical Sectors with Zero-Day Exploits
Tags: apt, attack, blockchain, crypto, cyber, exploit, finance, framework, group, healthcare, infrastructure, intelligence, korea, lazarus, military, north-korea, threat, zero-dayNorth Korea’s two most formidable APT groups Kimsuky and Lazarus have established a coordinated operational framework that combines intelligence gathering with large-scale cryptocurrency theft. According to a comprehensive Trend Micro analysis, this collaboration poses an unprecedented threat to critical infrastructure worldwide, with attacks targeting the military, financial, blockchain, energy, and healthcare sectors across the United…
-
North Korean Kimsuky and Lazarus Teams Target Critical Sectors with Zero-Day Exploits
Tags: apt, attack, blockchain, crypto, cyber, exploit, finance, framework, group, healthcare, infrastructure, intelligence, korea, lazarus, military, north-korea, threat, zero-dayNorth Korea’s two most formidable APT groups Kimsuky and Lazarus have established a coordinated operational framework that combines intelligence gathering with large-scale cryptocurrency theft. According to a comprehensive Trend Micro analysis, this collaboration poses an unprecedented threat to critical infrastructure worldwide, with attacks targeting the military, financial, blockchain, energy, and healthcare sectors across the United…
-
US chips away at North Korean IT worker fraud
Authorities have described Pyongyang’s revenue-generating schemes as threats to U.S. national and economic security. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/doj-north-korea-remote-worker-crackdown/805689/
-
4 U.S. Citizens, Ukrainian Plead Guilty in N. Korea IT Worker Scheme
Four U.S. citizens and a Ukrainian national pleaded guilty to their roles in a North Korean IT worker scam that victimized more than 135 U.S. companies and netted more than $2.2 million for the DPRK regime and is military and weapons programs. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/4-u-s-citizens-ukrainian-plead-guilty-in-n-korea-it-worker-scheme/
-
Lazarus APT Group’s New ScoringMathTea RAT Enhances Remote Command Execution and More
The Lazarus APT Group, an advanced persistent threat (APT) attributed to North Korea, has deployed a sophisticated new Remote Access Trojan (RAT) called ScoringMathTea as part of its ongoing Operation DreamJob cyberespionage campaign. ScoringMathTea represents a significant evolution in Lazarus’s malware toolkit, implementing a modular architecture designed specifically to evade detection across both network and…
-
Lazarus APT Group’s New ScoringMathTea RAT Enhances Remote Command Execution and More
The Lazarus APT Group, an advanced persistent threat (APT) attributed to North Korea, has deployed a sophisticated new Remote Access Trojan (RAT) called ScoringMathTea as part of its ongoing Operation DreamJob cyberespionage campaign. ScoringMathTea represents a significant evolution in Lazarus’s malware toolkit, implementing a modular architecture designed specifically to evade detection across both network and…
-
5 plead guilty to laptop farm and ID theft scheme to land North Koreans US IT jobs
Fleets of laptops run from US residences gave appearance workers were in the US. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/11/5-plead-guilty-to-laptop-farm-and-id-theft-scheme-to-land-north-koreans-us-it-jobs/
-
US Citizens Plead Guilty to Aiding North Korean IT Worker Campaigns
Four individuals admitted to assisting foreign IT workers in gaining employment at US companies by providing false identities and remote access to employer-owned laptops. First seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/us-citizens-plead-guilty-north-korean-it-worker
-
Selling your identity to North Korean IT scammers isn’t a sustainable side hustle
Four US citizens tried it, and the DoJ just secured guilty pleas from all of ’em First seen on theregister.com Jump to article: www.theregister.com/2025/11/17/doj_north_korean_it_scam/
-
Selling your identity to North Korean IT scammers isn’t a sustainable side hustle
Four US citizens tried it, and the DoJ just secured guilty pleas from all of ’em First seen on theregister.com Jump to article: www.theregister.com/2025/11/17/doj_north_korean_it_scam/
-
US chips away at North Korean IT worker fraud with guilty pleas, cryptocurrency seizure
Authorities have described Pyongyang’s revenue-generating schemes as threats to U.S. national and economic security. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/doj-north-korea-remote-worker-crackdown/805689/
-
Five men admit helping North Korean IT workers infiltrate US companies
US federal prosecutors have secured guilty pleas from five men who helped North Korean IT workers get hired by companies in the United States. This group of domestic … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/17/north-korean-it-workers-us-facilitators/
-
North Korean Hackers Breach 136 U.S. Companies, Earning $2.2 Million
The U.S. Justice Department has announced a significant crackdown on North Korean cybercrime operations, securing five guilty pleas and initiating civil forfeiture actions totaling over $15 million against schemes orchestrated by the Democratic People’s Republic of Korea (DPRK). The elaborate fraud network impacted more than 136 American companies, generating $2.2 million for the North Korean…
-
North Korea’s ‘Job Test’ trap upgrades to JSON malware dropboxes
Developers remain a high-value target: Researchers highlighted that the campaign specifically targets developers involved in crypto and Web3 projects, using realistic-sounding personas and demo applications (real estate, DeFi, game forks) to lower suspicion. The state-linked actors’ shift from direct payload hosting to abusing legitimate JSON storage services suggests that even benign developer-centric platforms are now…
-
North Korea’s ‘Job Test’ trap upgrades to JSON malware dropboxes
Developers remain a high-value target: Researchers highlighted that the campaign specifically targets developers involved in crypto and Web3 projects, using realistic-sounding personas and demo applications (real estate, DeFi, game forks) to lower suspicion. The state-linked actors’ shift from direct payload hosting to abusing legitimate JSON storage services suggests that even benign developer-centric platforms are now…
-
North Korean threat actors use JSON sites to deliver malware via trojanized code
North Korean Contagious Interview actors now host malware on JSON storage sites to deliver trojanized code projects, NVISO reports. North Korea-linked actors behind the Contagious Interview campaign have updated their tactics, using JSON storage services (e.g. JSON Keeper, JSONsilo, and npoint.io) to host and deliver malware through trojanized code projects, according to a new NVISO report. >>NVISO…
-
Five Plead Guilty in North Korean IT Worker Fraud Scheme
The five defendants allegedly assisted North Korean hackers with obtaining remote IT employment with US companies First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/us-five-plead-guilty-dprk-it/
-
North Korean threat actors use JSON sites to deliver malware via trojanized code
North Korean Contagious Interview actors now host malware on JSON storage sites to deliver trojanized code projects, NVISO reports. North Korea-linked actors behind the Contagious Interview campaign have updated their tactics, using JSON storage services (e.g. JSON Keeper, JSONsilo, and npoint.io) to host and deliver malware through trojanized code projects, according to a new NVISO report. >>NVISO…
-
North Korea’s Contagious Interview APT Uses JSON Keeper and GitLab to Deliver BeaverTail Spyware
The post North Korea’s Contagious Interview APT Uses JSON Keeper and GitLab to Deliver BeaverTail Spyware appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/north-koreas-contagious-interview-apt-uses-json-keeper-and-gitlab-to-deliver-beavertail-spyware/
-
Five admit helping North Korea evade sanctions through IT worker schemes
Five pleaded guilty to aiding North Korea ‘s illicit revenue via IT worker fraud, violating international sanctions. The U.S. Department of Justice announced that five people have pleaded guilty to helping North Korea secretly generate revenue by running illegal IT-worker schemes that violated international sanctions. The individuals Audricus Phagnasay (24), Jason Salazar (30), Alexander […]…
-
Five Plead Guilty in U.S. for Helping North Korean IT Workers Infiltrate 136 Companies
The U.S. Department of Justice (DoJ) on Friday announced that five individuals have pleaded guilty to assisting North Korea’s illicit revenue generation schemes by enabling information technology (IT) worker fraud in violation of international sanctions.The five individuals are listed below -Audricus Phagnasay, 24Jason Salazar, 30Alexander Paul Travis, 34Oleksandr Didenko, 28, andErick First seen on thehackernews.com…
-
Five U.S. Citizens Plead Guilty to Helping North Korean IT Workers Infiltrate 136 Companies
The U.S. Department of Justice (DoJ) on Friday announced that five individuals have pleaded guilty to assisting North Korea’s illicit revenue generation schemes by enabling information technology (IT) worker fraud in violation of international sanctions.The five individuals are listed below -Audricus Phagnasay, 24Jason Salazar, 30Alexander Paul Travis, 34Oleksandr Didenko, 28, andErick First seen on thehackernews.com…
-
DOJ Continues Crackdown on North Korea’s Cyber Schemes
Justice Department Secures Guilty Pleas, $15M in Civil Forfeiture. Federal prosecutors charged U.S. citizens and foreign nationals for aiding North Korean IT workers in infiltrating U.S. firms, laundering crypto and funneling illicit revenue back to Pyongyang’s weapons program in what the DOJ has described as a major sanctions-evasion scheme. First seen on govinfosecurity.com Jump to…