Tag: north-korea

North Korean companies, people sanctioned for money laundering from cybercrime, IT worker schemes

Nov 4, 2025 10:20 PM

Tags: breach, cybercrime, government, korea, north-korea

The Treasury Department on Tuesday sanctioned eight people and two companies it accused of laundering money obtained from cybercrime and IT worker schemes to fund North Korean government objectives. According to the department, over the last three years North Korea-linked cybercriminals have stolen over $3 billion, mostly in cryptocurrency. In addition, it said, North Korean…
Treasury sanctions 8 for laundering North Korea earnings from cybercrime, IT worker scheme

Nov 4, 2025 8:19 PM

Tags: cybercrime, finance, government, korea, north-korea, scam

An IT company, a financial institution and eight men accused of aiding cybercrime and IT worker scams are now on the U.S. government’s list of sanctioned North Korean entities. First seen on therecord.media Jump to article: therecord.media/north-korea-us-sanctions-it-worker-scams-cybercrime
Modern supply-chain attacks and their real-world impact

Nov 4, 2025 9:19 AM

Tags: access, ai, apache, attack, authentication, backdoor, breach, china, control, credentials, crowdstrike, crypto, cybersecurity, data, defense, email, espionage, exploit, github, group, infection, infosec, injection, intelligence, korea, lazarus, LLM, malicious, malware, marketplace, mfa, microsoft, network, north-korea, open-source, password, phishing, pypi, qr, risk, social-engineering, software, supply-chain, tactics, theft, threat, tool, worm, zero-day

This is what modern software supply-chain attacks look like. Since the industry-shaking SolarWinds compromise of 2020, the threat landscape has changed dramatically. Early high-profile incidents targeted build servers or tampered software updates. Today’s attackers prefer a softer entry point: the humans maintaining open-source projects.In the last two years, the majority of large-scale supply-chain intrusions have…
Modern supply-chain attacks and their real-world impact

Nov 4, 2025 9:19 AM

Tags: access, ai, apache, attack, authentication, backdoor, breach, china, control, credentials, crowdstrike, crypto, cybersecurity, data, defense, email, espionage, exploit, github, group, infection, infosec, injection, intelligence, korea, lazarus, LLM, malicious, malware, marketplace, mfa, microsoft, network, north-korea, open-source, password, phishing, pypi, qr, risk, social-engineering, software, supply-chain, tactics, theft, threat, tool, worm, zero-day

This is what modern software supply-chain attacks look like. Since the industry-shaking SolarWinds compromise of 2020, the threat landscape has changed dramatically. Early high-profile incidents targeted build servers or tampered software updates. Today’s attackers prefer a softer entry point: the humans maintaining open-source projects.In the last two years, the majority of large-scale supply-chain intrusions have…
Modern supply-chain attacks and their real-world impact

Nov 4, 2025 9:19 AM

Tags: access, ai, apache, attack, authentication, backdoor, breach, china, control, credentials, crowdstrike, crypto, cybersecurity, data, defense, email, espionage, exploit, github, group, infection, infosec, injection, intelligence, korea, lazarus, LLM, malicious, malware, marketplace, mfa, microsoft, network, north-korea, open-source, password, phishing, pypi, qr, risk, social-engineering, software, supply-chain, tactics, theft, threat, tool, worm, zero-day

This is what modern software supply-chain attacks look like. Since the industry-shaking SolarWinds compromise of 2020, the threat landscape has changed dramatically. Early high-profile incidents targeted build servers or tampered software updates. Today’s attackers prefer a softer entry point: the humans maintaining open-source projects.In the last two years, the majority of large-scale supply-chain intrusions have…
Drohn-Gebärden aus Nordkorea: Lazarus greift europäische UAV-Hersteller an

Nov 4, 2025 5:19 AM

Tags: cyberespionage, lazarus, north-korea

ESET Forscher analysieren eine aktuelle Cyberspionage-Kampagne der berüchtigten nordkoreanischen Hackergruppe First seen on welivesecurity.com Jump to article: www.welivesecurity.com/drohn-gebarden-aus-nordkorea-lazarus-greift-europaische-uav-hersteller-an/
North Korean Hackers Caught on Video Using AI Filters in Fake Job Interviews

Nov 3, 2025 2:19 PM

Tags: ai, breach, crypto, deep-fake, group, hacker, jobs, north-korea

North Korean hackers from the Famous Chollima group used AI deepfakes and stolen identities in fake job interviews to infiltrate crypto and Web3 companies. First seen on hackread.com Jump to article: hackread.com/north-korean-hackers-video-ai-filter-fake-job-interview/
North Korean Hackers Caught on Video Using AI Filters in Fake Job Interviews

Nov 3, 2025 2:19 PM

Tags: ai, breach, crypto, deep-fake, group, hacker, jobs, north-korea

North Korean hackers from the Famous Chollima group used AI deepfakes and stolen identities in fake job interviews to infiltrate crypto and Web3 companies. First seen on hackread.com Jump to article: hackread.com/north-korean-hackers-video-ai-filter-fake-job-interview/
New HttpTroy Backdoor Poses as VPN Invoice in Targeted Cyberattack on South Korea

Nov 3, 2025 12:19 PM

Tags: attack, backdoor, cyberattack, email, korea, north-korea, phishing, spear-phishing, threat, vpn

The North Korea-linked threat actor known as Kimsuky has distributed a previously undocumented backdoor codenamed HttpTroy as part of a likely spear-phishing attack targeting a single victim in South Korea.Gen Digital, which disclosed details of the activity, did not reveal any details on when the incident occurred, but noted that the phishing email contained a…
North Korean APTs Upgrade Arsenal: Kimsuky Uses Stealthy HttpTroy, Lazarus Deploys New BLINDINGCAN RAT

Nov 3, 2025 5:19 AM

Tags: apt, lazarus, north-korea, rat

The post North Korean APTs Upgrade Arsenal: Kimsuky Uses Stealthy HttpTroy, Lazarus Deploys New BLINDINGCAN RAT appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/north-korean-apts-upgrade-arsenal-kimsuky-uses-stealthy-httptroy-lazarus-deploys-new-blindingcan-rat/
Kimsuky and Lazarus Hackers Deploy New Backdoor Tools for Remote Access Attacks

Oct 31, 2025 9:19 AM

Tags: access, attack, backdoor, cyber, group, hacker, hacking, intelligence, lazarus, malware, north-korea, threat, tool

North Korean state-sponsored threat actors have escalated their cyber operations with the deployment of sophisticated new malware variants designed to establish persistent backdoor access to compromised systems. Recent investigations by threat intelligence researchers have uncovered two distinct toolsets from prominent DPRK-aligned hacking groups: Kimsuky’s newly identified HttpTroy backdoor and an upgraded version of Lazarus’s BLINDINGCAN…
How to Block North Korean IT Worker Scams in Remote Hiring

Oct 31, 2025 12:19 AM

Tags: jobs, north-korea, scam

Attorney Jonathan Armstrong on Vetting Job Applicants, Red Flags and Compliance. North Korean operatives are using fake identities and remote job listings to bypass sanctions and infiltrate companies. But employers can avoid becoming unwitting accomplices, said legal expert Jonathan Armstrong, who advises firms to adopt stronger vetting practices and structured investigations. First seen on govinfosecurity.com…
North Korea’s BlueNoroff Expands Scope of Crypto Heists

Oct 28, 2025 6:27 PM

Tags: apt, business, crypto, fintech, jobs, korea, north-korea

Two campaigns targeting fintech execs and Web3 developers show the APT going cross-platform in financially motivated campaigns that use fake business collaboration and job recruitment lures. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/north-korea-bluenoroff-expands-crypto-heists
Researchers Expose GhostCall and GhostHire: BlueNoroff’s New Malware Chains

Oct 28, 2025 6:27 PM

Tags: blockchain, group, kaspersky, korea, lazarus, malware, north-korea, threat

Threat actors tied to North Korea have been observed targeting the Web3 and blockchain sectors as part of twin campaigns tracked as GhostCall and GhostHire.According to Kaspersky, the campaigns are part of a broader operation called SnatchCrypto that has been underway since at least 2017. The activity is attributed to a Lazarus Group sub-cluster called…
BlueNoroff Shifts Tactics: Targets C-Suite and Managers with New Infiltration Methods

Oct 28, 2025 10:26 AM

Tags: attack, blockchain, cyber, finance, group, north-korea, strategy, tactics, threat

The North Korean-linked threat group BlueNoroff, also known by aliases including Sapphire Sleet, APT38, and Alluring Pisces, continues to evolve its attack tactics while maintaining its primary focus on financial gain. The group has shifted its strategy to employ sophisticated new infiltration methods targeting high-value victims including C-level executives, managers, and blockchain developers within the…
North Korean Chollima Actors Added BeaverTail and OtterCookie to its Arsenal

Oct 27, 2025 8:26 AM

Tags: credentials, crypto, cyber, group, jobs, malicious, north-korea, threat

Famous Chollima, a DPRK-aligned threat group, has evolved its arsenal, with BeaverTail and OtterCookie increasingly merging functionalities to steal credentials and cryptocurrency via deceptive job offers. A recent campaign involved a trojanized Node.js application distributed through a malicious NPM package, highlighting the group’s adaptation in delivery methods. In the campaign, Famous Chollima notes merged BeaverTail…
North Korea led the world in nation-state hacking in Q2 and Q3

Oct 24, 2025 3:26 PM

Tags: detection, hacking, korea, north-korea, zero-trust

Security leaders should prioritize anomalous-activity detection and zero-trust principles, a new report recommends. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/north-korea-hacking-trellix-report/803641/
Lazarus group targets European drone makers in new espionage campaign

Oct 24, 2025 3:26 PM

Tags: attack, data, defense, detection, espionage, github, group, injection, intelligence, korea, lazarus, mitre, north-korea, software, supply-chain, theft

Drone-component theft meets geopolitical ambition: The targeting of firms linked to UAV design and manufacture is no coincidence. At least two of the companies compromised were tied to critical drone component supply chains and software systems.”The in-the-wild attacks successively targeted three European companies active in the defense sector,” researchers added. “Although their activities are somewhat…
North Korean Hackers Target UAV Industry to Steal Confidential Data

Oct 24, 2025 12:26 PM

Tags: attack, cyber, cyberespionage, data, defense, group, hacker, korea, lazarus, north-korea

ESET researchers have uncovered a sophisticated cyberespionage campaign targeting European defense companies specializing in unmanned aerial vehicle (UAV) technology. The attacks, attributed to the North Korea-aligned Lazarus group operating under Operation DreamJob, reveal a coordinated effort to steal proprietary manufacturing data and design specifications from critical players in the drone industry. The campaign, observed beginning…
North Korean Hackers Target UAV Industry to Steal Confidential Data

Oct 24, 2025 12:26 PM

Tags: attack, cyber, cyberespionage, data, defense, group, hacker, korea, lazarus, north-korea

ESET researchers have uncovered a sophisticated cyberespionage campaign targeting European defense companies specializing in unmanned aerial vehicle (UAV) technology. The attacks, attributed to the North Korea-aligned Lazarus group operating under Operation DreamJob, reveal a coordinated effort to steal proprietary manufacturing data and design specifications from critical players in the drone industry. The campaign, observed beginning…
North Korean hacking group targeting European drone maker with ScoringMathTea malware

Oct 24, 2025 5:26 AM

Tags: email, group, hacking, korea, lazarus, malware, north-korea

Researchers at ESET said they found evidence of a new tentacle of the long-running Operation DreamJob campaign, where North Korea’s Lazarus group sends malware-laden emails purporting to be from recruiters at top companies. First seen on therecord.media Jump to article: therecord.media/north-korea-hackers-target-europe-drone-makers
North Korea’s Lazarus group attacked three companies involved in drone development

Oct 24, 2025 12:26 AM

Tags: attack, group, jobs, korea, lazarus, north-korea, social-engineering

The attacks, which involved fake job offers as a social engineering lure, were likely aimed at stealing proprietary information about drone manufacturing, ESET said in a report. First seen on cyberscoop.com Jump to article: cyberscoop.com/north-korea-lazarus-attacks-drone-companies/
Lazarus targets European defense firms in UAV-themed Operation DreamJob

Oct 23, 2025 9:26 PM

Tags: access, apt, defense, group, hacker, korea, lazarus, north-korea, technology, threat

North Korean Lazarus hackers targeted 3 European defense firms via Operation DreamJob, using fake recruitment lures to hit UAV tech staff. North Korea-linked Lazarus APT group (aka Hidden Cobra) launched Operation DreamJob, compromising three European defense companies. Threat actors used fake recruiter profiles to lure employees into UAV technology roles, aiming to gain access to…
North Korean Hackers Lure Defense Engineers With Fake Jobs to Steal Drone Secrets

Oct 23, 2025 6:26 PM

Tags: attack, defense, hacker, jobs, korea, north-korea, threat

Threat actors with ties to North Korea have been attributed to a new wave of attacks targeting European companies active in the defense industry as part of a long-running campaign known as Operation Dream Job.”Some of these [companies’ are heavily involved in the unmanned aerial vehicle (UAV) sector, suggesting that the operation may be linked…
Lazarus Group’s Operation DreamJob Targets European Defense Firms

Oct 23, 2025 4:26 PM

Tags: attack, cyber, defense, group, korea, lazarus, north-korea

Cyber-attacks by North Korea’s Lazarus Group target European defense firms in drone development First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/lazarus-groups-operation-dreamjob/
North Korean Lazarus hackers targeted European defense companies

Oct 23, 2025 3:26 PM

Tags: defense, hacker, lazarus, north-korea

North Korean Lazarus hackers compromised three European companies in the defense sector through a coordinated Operation DreamJob campaign leveraging fake recruitment lures. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-targeted-european-defense-companies/
North Korean Lazarus hackers targeted European defense companies

Oct 23, 2025 3:26 PM

Tags: defense, hacker, lazarus, north-korea

North Korean Lazarus hackers compromised three European companies in the defense sector through a coordinated Operation DreamJob campaign leveraging fake recruitment lures. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-targeted-european-defense-companies/
How Lazarus Group used fake job ads to spy on Europe’s drone and defense sector

Oct 23, 2025 7:26 AM

Tags: defense, group, jobs, korea, lazarus, north-korea, spy

ESET researchers have uncovered a fresh wave of Operation DreamJob, a long-running campaign linked to North Korea’s Lazarus Group. This latest activity targeted several … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/23/eset-lazarus-operation-dreamjob/
Lazarus Group Hunts European Drone Manufacturing Data

Oct 23, 2025 6:26 AM

Tags: data, group, lazarus, north-korea, threat

The campaign is the latest effort by the North Korean threat actor to collect data of strategic interest to Pyongyang. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/lazarus-group-hunts-european-drone-manufacturing-data
Lazarus Group Hunts European Drone Manufacturing Data

Oct 23, 2025 6:26 AM

Tags: data, group, lazarus, north-korea, threat

The campaign is the latest effort by the North Korean threat actor to collect data of strategic interest to Pyongyang. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/lazarus-group-hunts-european-drone-manufacturing-data