Collecting Cyber-News from over 60 sources

Tag: north-korea

State-sponsored threats: Different objectives, similar access paths

Apr 14, 2026 4:52 PM

Tags: access, china, identity, iran, korea, north-korea, russia, threat, vulnerability

A look at 2025 state-sponsored threats, exploring how actors linked to China, Russia, North Korea, and Iran use vulnerabilities, identity, and trusted access paths to achieve their goals. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/state-sponsored-threats-different-objectives-similar-access-paths/
Cyber-Inspekteur: Hybride Attacken nehmen weiter zu

Apr 14, 2026 9:52 AM

Tags: china, cyber, cyberattack, cyersecurity, germany, infrastructure, iran, north-korea, ukraine

Deutschland ist im Visier staatlicher Hacker.Hybride Attacken auf kritische Infrastruktur in Deutschland und Bundeswehr-Truppen im Ausland nehmen weiter zu. Spätestens seit 2022 sei ein spürbarer Zuwachs zu verzeichnen, sagte der Bundeswehr-Inspekteur Cyber- und Informationsraum, Vizeadmiral Thomas Daum, bei einem Pressetermin bei der Nato-Cyberabwehrübung «Locked Shields» im niederrheinischen Kalkar. Cyber-Angriffe gegen die Bundeswehr richteten sich gegen Rechenzentren in…
North Korea’s APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware

Apr 13, 2026 12:52 PM

Tags: access, group, hacking, korea, malware, north-korea, social-engineering, threat

The North Korean hacking group tracked as APT37 (aka ScarCruft) has been attributed to a fresh multi-stage, social engineering campaign in which threat actors approached targets on Facebook and added them as friends on the social media platform, turning the trust-building exercise into a delivery channel for a remote access trojan called RokRAT.”The threat actor…
‘It reads like a spy novel’: $280 million theft from Drift involved North Korean fake companies, cutouts

Apr 10, 2026 8:52 PM

Tags: conference, crypto, north-korea, spy, theft

Drift officials said the operation began six months ago, when they were approached at a cryptocurrency conference by members of a company claiming to focus on quantitative trading. First seen on therecord.media Jump to article: therecord.media/drift-crypto-theft-post-mortem-north-korea
GraphAlgo Scam: Lazarus Hackers Register Real US LLCs to Spread Malware

Apr 10, 2026 7:52 PM

Tags: blockchain, github, hacker, lazarus, malware, north-korea, scam

ReversingLabs has discovered a fresh wave of the graphalgo campaign in which North Korean Lazarus hackers are using fake Florida LLCs, mimicking SWFT Blockchain, and using GitHub typo-squatting to target developers with malware. First seen on hackread.com Jump to article: hackread.com/graphalgo-scam-lazarus-hackers-us-llcs-malware/
North Korea’s >>Portfolio Model<< Shatters Modern Attribution

Apr 10, 2026 9:52 AM

Tags: korea, north-korea

The post North Korea’s >>Portfolio Model<< Shatters Modern Attribution appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/north-korea-cyber-portfolio-attribution-resistance/
Cryptohack Roundup: Bithumb’s Recovery Plan

Apr 9, 2026 9:52 PM

Tags: cybersecurity, korea, law, network, north-korea, scam

Also: Cambodia Moves to Combat Online Scam Networks. Every week, ISMG rounds up cybersecurity incidents in digital assets. This week, Bithumb’s recovery plan, Circle criticized, a new Cambodian law to combat online scam networks, Bitcoin Depot hack, panic after Stabble’s alleged North Korea link and HypurrFi’s domain hijack. First seen on govinfosecurity.com Jump to article:…
Social engineering attacks on open source developers are escalating

Apr 8, 2026 2:52 PM

Tags: attack, hacker, identity, microsoft, north-korea, open-source, social-engineering

North Korean hackers spent weeks socially engineering an Axios maintainer through a fake Slack workspace, a cloned company identity, and a fabricated Microsoft Teams call that … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/08/social-engineering-open-source-developers/
N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust

Apr 8, 2026 10:51 AM

Tags: hacker, korea, malicious, malware, north-korea, pypi, rust, threat

The North Korea-linked persistent campaign known as Contagious Interview has spread its tentacles by publishing malicious packages targeting the Go, Rust, and PHP ecosystems.”The threat actor’s packages were designed to impersonate legitimate developer tooling […], while quietly functioning as malware loaders, extending Contagious Interview’s established playbook into a coordinated First seen on thehackernews.com Jump to…
The rise of proactive cyber: Why defense is no longer enough

Apr 7, 2026 12:51 PM

Tags: attack, breach, ciso, control, country, cyber, cybersecurity, defense, framework, google, government, hacking, infrastructure, intelligence, korea, law, microsoft, network, north-korea, risk, threat, tool

What ‘proactive cyber’ means: Despite the more aggressive language, this shift toward private-sector involvement doesn’t envision vigilante-style payback by aggrieved organizations. It instead embraces a more systematic effort to interfere with adversaries earlier in the attack chain using authorities and capabilities that already exist.”To be clear, this is not hacking back,” Joyce said. “This is…
Phishing LNK files and GitHub C2 power new DPRK cyber attacks

Apr 6, 2026 10:51 PM

Tags: attack, cyber, email, github, hacker, korea, north-korea, phishing, powershell, threat

DPRK-linked hackers use GitHub C2s, starting attacks via phishing LNK files that drop a PDF and PowerShell script in South Korea. North Korea-linked threat actors target South Korean organizations using GitHub as C2 servers. The attack chain starts with phishing emails carrying obfuscated LNK files that drop a decoy PDF and a PowerShell script to…
Watch this video of how a job interviewer exposes a North Korean fake IT worker

Apr 6, 2026 7:52 PM

Tags: country, jobs, north-korea

An apparent North Korean worker was caught visibly stumped during a remote job interview when asked to insult the country’s leader. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/06/watch-this-video-of-how-a-job-interviewer-exposes-a-north-korean-fake-it-worker/
North Korea’s hijack of one of the web’s most used open source projects was likely weeks in the making

Apr 6, 2026 7:52 PM

Tags: computer, hacker, hacking, korea, malicious, north-korea, open-source, update

North Korean hackers pushed out malicious updates to a popular open source project by hacking a top developer’s computer in a long-running campaign. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/06/north-koreas-hijack-of-one-of-the-webs-most-used-open-source-projects-was-likely-weeks-in-the-making/
Drift Protocol Hit in $286M Suspected North Korea-Linked Crypto Heist

Apr 6, 2026 3:51 PM

Tags: blockchain, breach, crypto, cyber, finance, hacker, korea, north-korea

Hackers have stolen approximately $286 million from Drift Protocol, a leading decentralized perpetual futures exchange on the Solana blockchain, in what security researchers believe may be a North Korea-linked cyberattack. The incident occurred on April 1, 2026, and is already being described as the largest decentralized finance (DeFi) hack of the year. Drift Protocol quickly…
North Korean hackers abuse LNKs and GitHub repos in ongoing campaign

Apr 6, 2026 2:52 PM

Tags: api, attack, detection, github, hacker, Internet, malware, network, north-korea, powershell

GitHub as C2: Researchers also highlighted the campaign’s use of GitHub as a C2 layer. Rather than communicating with suspicious-looking or newly registered domains, the malware interacts with GitHub repositories and APIs to receive instructions and exfiltrate data.”The fact that this shortcut file creates a chain that ultimately reaches out to a GitHub repository, and…
North Korean hackers abuse LNKs and GitHub repos in ongoing campaign

Apr 6, 2026 2:52 PM

Tags: api, attack, detection, github, hacker, Internet, malware, network, north-korea, powershell

GitHub as C2: Researchers also highlighted the campaign’s use of GitHub as a C2 layer. Rather than communicating with suspicious-looking or newly registered domains, the malware interacts with GitHub repositories and APIs to receive instructions and exfiltrate data.”The fact that this shortcut file creates a chain that ultimately reaches out to a GitHub repository, and…
North Korean Hackers Pose as Trading Firm to Steal $285M from Drift

Apr 6, 2026 1:51 PM

Tags: hacker, north-korea, social-engineering, tactics

North Korean hackers (UNC4736) posed as a trading firm for six months to infiltrate Drift Protocol, using social engineering tactics to steal $285M without suspicion. First seen on hackread.com Jump to article: hackread.com/north-korean-hackers-trading-firm-drift-protocol/
North Korea’s Modular Malware Strategy Hides Attribution, Defies Takedowns

Apr 6, 2026 1:51 PM

Tags: cyber, korea, law, malware, north-korea, strategy, tool

North Korea’s cyber program is shifting from monolithic “families” to a modular, portfolio-style malware ecosystem designed to survive exposure, frustrate attribution, and keep operations running under constant pressure. Years of sanctions, coordinated law-enforcement pressure, and rapid public disclosure of campaigns have forced Pyongyang to treat every tool as disposable. Once-static implants are now built with…
Threat Actors Weaponize Fake Microsoft Teams Domains to Target Users

Apr 6, 2026 8:51 AM

Tags: attack, cyber, group, korea, microsoft, north-korea, social-engineering, threat

Threat actors associated with North Korea are deploying fake Microsoft Teams domains to conduct social engineering attacks and distribute malware. The threat group, identified as UNC1069, uses convincing meeting lures and compromised communication channels to target unsuspecting professionals. UNC1069 is a financially motivated threat actor linked to the Democratic People’s Republic of Korea (DPRK). On…
Axios npm hack used fake Teams error fix to hijack maintainer account

Apr 4, 2026 11:52 PM

Tags: north-korea, social-engineering, threat

The maintainers of the popular Axios HTTP client have published a detailed post-mortem describing how one of its developers was targeted by a social engineering campaign believed to have been conducted by North Korean threat actors. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/axios-npm-hack-used-fake-teams-error-fix-to-hijack-maintainer-account/
UNC1069 Targets Node.js Maintainers via Fake LinkedIn, Slack Profiles

Apr 4, 2026 6:50 PM

Tags: group, linkedin, malware, north-korea, open-source

North Korean group UNC1069 targets Node.js maintainers using fake LinkedIn and Slack profiles to spread malware and compromise open source packages. First seen on hackread.com Jump to article: hackread.com/unc1069-node-js-maintainer-fake-linkedin-slack-profile/
UNC1069 Targets Node.js Maintainers via Fake LinkedIn, Slack Profiles

Apr 4, 2026 6:50 PM

Tags: group, linkedin, malware, north-korea, open-source

North Korean group UNC1069 targets Node.js maintainers using fake LinkedIn and Slack profiles to spread malware and compromise open source packages. First seen on hackread.com Jump to article: hackread.com/unc1069-node-js-maintainer-fake-linkedin-slack-profile/
Supply Chain Attacks Surge in March 2026

Apr 4, 2026 5:53 AM

Tags: access, ai, api, attack, authentication, awareness, cloud, container, control, corporate, credentials, crypto, data-breach, github, group, hacking, identity, infrastructure, Internet, kubernetes, least-privilege, linux, LLM, macOS, malicious, malware, mfa, network, north-korea, open-source, openai, phishing, pypi, software, startup, supply-chain, threat, tool, update, vulnerability, windows

IntroductionThere was a significant increase in software supply chain attacks in March 2026. There were five major software supply-chain attacks that occurred including the Axios NPM package compromise, which has been attributed to a North Korean threat actor. In addition, a hacking group known as TeamPCP was able to compromise Trivy (a vulnerability scanner), KICS…
Drift loses $280 million as North Korean hackers seize Security Council powers

Apr 3, 2026 11:52 PM

Tags: control, hacker, north-korea, threat

The Drift Protocol lost at least $280 million after a threat actor took control of its Security Council administrative powers in a planned, sophisticated operation. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/drift-loses-280-million-north-korean-hackers-seize-security-council-powers/
North Korean Hackers Abuse GitHub to Spy on South Korean Firms

Apr 3, 2026 7:51 PM

Tags: github, hacker, north-korea, spy

Researchers from FortiGuard Labs have uncovered a high-severity spying campaign targeting South Korean companies. Discover how North Korean… First seen on hackread.com Jump to article: hackread.com/north-korean-hackers-github-spy-south-korean-firms/
North Korealinked hackers drain $285M from Drift in sophisticated attack

Apr 3, 2026 5:51 PM

Tags: attack, control, crypto, hacker, korea, north-korea, threat

Drift lost $285M in a sophisticated attack, likely by North Korea, who used nonce-based tricks to gain control and quickly drain funds Drift suffered a $285 million cryptocurrency heist in a highly sophisticated attack likely linked to North Korea. Threat actors used durable nonce accounts to pre-sign and delay transactions, while also compromising multisig approvals…
UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

Apr 3, 2026 2:51 PM

Tags: attack, north-korea, social-engineering, supply-chain, threat

The maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineering campaign orchestrated by North Korean threat actors tracked as UNC1069.Maintainer Jason Saayman said the attackers tailored their social engineering efforts “specifically to me” by first approaching him under the guise of the founder…
Drift loses $280 million North Korean hackers seize Security Council powers

Apr 3, 2026 8:51 AM

Tags: control, hacker, north-korea, threat

The Drift Protocol lost at least $280 million after a threat actor took control of its Security Council administrative powers in a planned, sophisticated operation. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/drift-loses-280-million-north-korean-hackers-seize-security-council-powers/
North Korea-Linked Hackers Hit Axios npm in Supply Chain Attack

Apr 3, 2026 8:51 AM

Tags: attack, breach, credentials, cyber, hacker, korea, malicious, north-korea, software, supply-chain, threat

A major software supply chain attack has been uncovered after threat actors compromised the widely used Axios npm package, impacting developers and organizations worldwide. The incident, detected on March 31, 2026, involved the use of stolen maintainer credentials to inject malicious code into the popular HTTP client library. Axios is one of the most widely…
North Korea Uses GitHub as C2 in New LNK Phishing Campaign

Apr 3, 2026 7:50 AM

Tags: control, cyber, github, infrastructure, korea, malicious, north-korea, phishing, windows

A new phishing campaign that uses malicious Windows shortcut (LNK) files to target users in South Korea, while abusing GitHub as Command and Control (C2) infrastructure to hide its activity. The operation, linked through tooling and tradecraft to North Korearelated actors, shows a clear evolution from earlier, less obfuscated XenoRAT-delivery campaigns observed since 2024. In…