Tag: north-korea
-
Fake-ITler: Nordkoreanische IT-Agenten machen 500 Millionen USD
Fake-ITler aus Nordkorea erwirtschaften für ihre Regierung im Jahr 500 Millionen US-Dollar. Unternehmen können auf Warnzeichen achten. First seen on golem.de Jump to article: www.golem.de/news/fake-itler-nordkoreanische-it-agenten-machen-500-millionen-usd-2603-206680.html
-
WaterPlum Unleashes “StoatWaffle” Malware in VSCode Supply Chain Attack
A North Korea-linked threat group known as WaterPlum has introduced a new malware strain called “StoatWaffle” as part of its ongoing Contagious Interview campaign. The activity has been attributed to Team 8, a subgroup within WaterPlum also tracked as the Moralis or Modilus cluster. This team was previously associated with the OtterCookie malware, but since…
-
Elite members of North Korean society fake their way into Western paychecks
Increased federal activity, including indictments over the past year, has drawn attention to a pattern that has been unfolding inside corporate hiring pipelines. North Korean … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/19/north-korean-remote-it-workers-corporate-infiltration-scheme/
-
OFAC Sanctions DPRK IT Worker Network Funding WMD Programs Through Fake Remote Jobs
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned six individuals and two entities for their involvement in the Democratic People’s Republic of Korea (DPRK) information technology (IT) worker scheme with an aim to defraud U.S. businesses and generate illicit revenue for the regime to fund its weapons of mass…
-
New research unpacks North Korea’s stealthy, sophisticated remote IT worker schemes
The report recommends that businesses practice several forms of vigilance to avoid unwittingly hiring Pyongyang’s operatives. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/north-korea-remote-it-worker-ibm-flare/815063/
-
North Korea’s 100,000-strong fake IT worker army rake in $500M a year for Kim Jong Un
Researchers map full org chart of the scam from dodgy recruiters to helpful Western collaborators First seen on theregister.com Jump to article: www.theregister.com/2026/03/18/researchers_lift_the_lid_on/
-
Crypto e-commerce platform Bitrefill accuses North Korea of stealing 18,500 purchase records
Bitrefill said hackers allegedly tied to North Korea’s Lazarus group accessed around 18,500 purchase records that contained email addresses, crypto payment addresses, and metadata including IP addresses. First seen on therecord.media Jump to article: therecord.media/crypto-platform-accuses-north-korea-hack
-
Crypto e-commerce platform Bitrefill accuses North Korea of stealing 18,500 purchase records
Bitrefill said hackers allegedly tied to North Korea’s Lazarus group accessed around 18,500 purchase records that contained email addresses, crypto payment addresses, and metadata including IP addresses. First seen on therecord.media Jump to article: therecord.media/crypto-platform-accuses-north-korea-hack
-
Konni Deploys EndRAT Through Phishing, Uses KakaoTalk to Propagate Malware
Tags: access, email, group, hacking, intelligence, malicious, malware, north-korea, phishing, spear-phishing, threatNorth Korean threat actors have been observed sending phishing to compromise targets and obtain access to a victim’s KakaoTalk desktop application to distribute malicious payloads to certain contacts.The activity has been attributed by South Korean threat intelligence firm Genians to a hacking group referred to as Konni.”Initial access was achieved through a spear-phishing email disguised…
-
Breach Roundup: Russian State Actors Target Signal, WhatsApp
Also, More ClickFix Attacks and Teen Booters Arrested in Poland. This week, Russian hackers targeted Signal and WhatsApp users, permit-fee phishing hit U.S. applicants, ClickFix on WordPress sites, Microsoft patched 80 bugs, a 14K-router botnet, Polish teens held over DDoS tools and Finland warned of Russian, Chinese espionage. North Korean IT workers for hire. First…
-
US sanctions North Korea IT worker networks in Laos, Vietnam
The latest round of sanctions targeted Amnokgang Technology Development Company, a North Korean company that manages delegations of IT workers, and Quangvietdnbg International Services Company, a Vietnamese firm used by North Korean actors for currency conversion services. First seen on therecord.media Jump to article: therecord.media/us-sanctions-north-korea-it-worker-networks-laos-vietnam
-
North Korean fake IT worker tradecraft exposed
Opportunistic and broadly targeted: These suspect code silos were abused in a variety of illicit projects split between targeting job-seeking programmers and fake IT worker operations.”Based on our visibility, malware operations targeting individual developers seeking employment are most common,” Oliver Smith, senior threat intelligence engineer at GitLab, told CSO. “Threat actors appear to have a…
-
North Korean fake IT worker tradecraft exposed
Opportunistic and broadly targeted: These suspect code silos were abused in a variety of illicit projects split between targeting job-seeking programmers and fake IT worker operations.”Based on our visibility, malware operations targeting individual developers seeking employment are most common,” Oliver Smith, senior threat intelligence engineer at GitLab, told CSO. “Threat actors appear to have a…
-
Fake LinkedIn Interview Used by Lazarus Hackers to Target AllSecure CEO
Researchers at AllSecure have revealed how North Korean hackers from the Lazarus Group used a fake LinkedIn job interview and deepfake technology to target their CEO. First seen on hackread.com Jump to article: hackread.com/fake-linkedin-interview-lazarus-hackers-allsecure-ceo/
-
UNC4899 Breached Crypto Firm After Developer AirDropped Trojanized File to Work Device
The North Korean threat actor known as UNC4899 is suspected to be behind a sophisticated cloud compromise campaign targeting a cryptocurrency organization in 2025 to steal millions of dollars in cryptocurrency.The activity has been attributed with moderate confidence to the state-sponsored adversary, which is also tracked under the cryptonyms Jade Sleet, PUKCHONG, Slow Pisces, and…
-
Microsoft warns North Korean threat groups are scaling up fake worker schemes with generative AI
Attackers have turned AI into a “force multiplier” for the country’s expansive scheme to get and keep operatives hired at global companies, researchers said. First seen on cyberscoop.com Jump to article: cyberscoop.com/microsoft-north-korea-ai-operations/
-
North Korean APTs Use AI to Enhance IT Worker Scams
DPRK worker scams are old hat, but they’re still working, thanks to AI tools that help with everything from face swapping to daily emails. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/north-korean-apts-ai-it-worker-scams
-
North Korean agents using AI to trick western firms into hiring them, Microsoft says
Firm says AI tools are masking identities of false applicants, who then funnel wages from remote IT jobs to North KoreaFake IT workers deployed by North Korea are using AI technology, including voice-changing tools, to trick western companies into hiring them, Microsoft has said.The US tech firm said a signature Pyongyang money-raising ruse is being…
-
One Foothold, 25 Million Victims: The Risk Inside Modern Breaches
In last month’s reporting cycle, we saw one of the largest healthcare data breaches in U.S. history, ransomware groups tied to North Korea targeting hospitals, and firewall vulnerabilities that allowed attackers to create rogue administrative accounts almost instantly. Taken together, these incidents raise a more important question than who was hit. They force us to……
-
New ‘StegaBin’ Campaign Deploys Multi-Stage Credential Stealer via 26 Malicious npm Packages
Tags: access, attack, credentials, crypto, cyber, malicious, north-korea, open-source, supply-chain, threatA new supply-chain attack dubbed StegaBin is targeting JavaScript developers through 26 malicious npm packages that appear to be popular open-source libraries but secretly deploy a multi-stage credential-stealing toolkit and a Remote Access Trojan (RAT). The campaign is linked to the North Korean-aligned FAMOUS CHOLLIMA threat actor, known from previous “Contagious Interview” operations against cryptocurrency…
-
North Korean Hackers Target Developers Through npm Packages
Open-source ecosystems power modern software development. Millions of developers rely on public repositories to accelerate innovation and reduce development time. That trust, however, is increasingly being weaponized. New reporting from The Hacker News reveals that North Korean threat actors have published 26 malicious packages to the npm registry in an attempt to compromise developer environments…
-
APT37 combines cloud storage and USB implants to infiltrate air-gapped systems
North Korea-linked APT 37 used Zoho WorkDrive and USB malware to breach air-gapped networks in the Ruby Jumper campaign. North Korean group ScarCruft (aka APT37, Reaper, and Group123) deployed new tools in a campaign dubbed Ruby Jumper, using a backdoor that leverages Zoho WorkDrive for C2 and a USB-based implant to breach air-gapped systems. Zscaler ThreatLabz…
-
North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT
Cybersecurity researchers have disclosed a new iteration of the ongoing Contagious Interview campaign, where the North Korean threat actors have published a set of 26 malicious packages to the npm registry.The packages masquerade as developer tools, but contain functionality to extract the actual command-and-control (C2) by using seemingly harmless Pastebin content as a dead drop…
-
APT37 hackers use new malware to breach air-gapped networks
North Korean hackers are deploying newly uncovered tools to move data between internet-connected and air-gapped systems, spread via removable drives, and conduct covert surveillance. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/apt37-hackers-use-new-malware-to-breach-air-gapped-networks/
-
North Korea’s APT37 Expands Toolkit to Breach Air-Gapped Networks
The security researchers from Zscaler ThreatLabz have also discovered five new tools deployed by the North Korean hacking group First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/north-korea-apt37-expands-toolkit/
-
ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks
The North Korean threat actor known as ScarCruft has been attributed to a fresh set of tools, including a backdoor that uses Zoho WorkDrive for command-and-control (C2) communications to fetch more payloads and an implant that uses removable media to relay commands and breach air-gapped networks.The campaign, codenamed Ruby Jumper by Zscaler ThreatLabz, involves the…
-
North Korean APT37 Unleashes Novel Malware to Target Air-Gapped Systems
North Korean threat group APT37 is using a new multi”‘stage toolset to jump air”‘gaps and conduct deep surveillance by abusing removable media, Ruby, and cloud services in a campaign Zscaler ThreatLabz tracks as “Ruby Jumper.””‹ The campaign’s main goal is to move data and commands between internet”‘connected and air”‘gapped systems while deploying powerful surveillance backdoors.…
-
Breach Roundup: Finnish Hacker Sentenced to Nearly 7 Years
Also, More ShinyHunters Breaches, North Korea Laptop Farm Operator Sentenced. This week, Finland’s Aleksanteri Kivimäki sentenced. ShinyHunters breaches. Laptop farm rancher sentenced. Oregon state agency hacker sentenced. African scammers arrested. MuddyWater AI-assisted hacks. Advantest ransomware incident, SolarWinds and Microsoft patches. FileZen flaw. QualDerm breach. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/breach-roundup-finnish-hacker-sentenced-to-nearly-7-years-a-30863