Tag: north-korea
-
ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks
The North Korean threat actor known as ScarCruft has been attributed to a fresh set of tools, including a backdoor that uses Zoho WorkDrive for command-and-control (C2) communications to fetch more payloads and an implant that uses removable media to relay commands and breach air-gapped networks.The campaign, codenamed Ruby Jumper by Zscaler ThreatLabz, involves the…
-
North Korean APT37 Unleashes Novel Malware to Target Air-Gapped Systems
North Korean threat group APT37 is using a new multi”‘stage toolset to jump air”‘gaps and conduct deep surveillance by abusing removable media, Ruby, and cloud services in a campaign Zscaler ThreatLabz tracks as “Ruby Jumper.””‹ The campaign’s main goal is to move data and commands between internet”‘connected and air”‘gapped systems while deploying powerful surveillance backdoors.…
-
Breach Roundup: Finnish Hacker Sentenced to Nearly 7 Years
Also, More ShinyHunters Breaches, North Korea Laptop Farm Operator Sentenced. This week, Finland’s Aleksanteri Kivimäki sentenced. ShinyHunters breaches. Laptop farm rancher sentenced. Oregon state agency hacker sentenced. African scammers arrested. MuddyWater AI-assisted hacks. Advantest ransomware incident, SolarWinds and Microsoft patches. FileZen flaw. QualDerm breach. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/breach-roundup-finnish-hacker-sentenced-to-nearly-7-years-a-30863
-
Hacker kompromittieren immer schneller
Tags: access, ai, crowdstrike, cyberattack, cybercrime, hacker, LLM, malware, north-korea, threat, toolDer Einsatz von KI-Tools macht Cyberangriffe nicht nur schneller, sondern erhöht auch die Taktzahl.Crowdstrike hat die aktuelle Ausgabe seines Global Threat Report veröffentlicht mit mehreren bemerkenswerten Erkenntnissen.So benötigte ein Angreifer im Jahr 2025 im Schnitt nur noch 29 Minuten, um sich vollständigen Zugriff auf ein Netzwerk zu verschaffen. Damit läuft die Kompromittierung rund 65 Prozent…
-
Malicious Next.js Repos Target Developers Via Fake Job Interviews
Linked to North Korean fake job-recruitment campaigns, the poisoned repositories are aimed at establishing persistent access to infected machines. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/malicious-nextjs-repos-developers-fake-job-interviews
-
Lazarus APT group deployed Medusa Ransomware against Middle East target
North Korea’s Lazarus Group used Medusa ransomware in an attack on an unnamed Middle East organization, researchers report. The North Korea-linked Lazarus APT Group, also known as Diamond Sleet and Pompilus, has been spotted deploying Medusa ransomware against an unnamed organization in the Middle East, according a new report from the Symantec and Carbon Black…
-
North Korea’s Lazarus Group targets healthcare orgs with Medusa ransomware
New ransomware of choice, same critical targets First seen on theregister.com Jump to article: www.theregister.com/2026/02/24/north_koreas_lazarus_group_healthcare_medusa_ransomware/
-
North Korean Lazarus Group Expands Ransomware Activity With Medusa
Ransomware Medusa linked to North Korean hackers targets US healthcare amid ongoing attacks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/north-korean-lazarus-group-medusa/
-
North Korean Hackers Continue to Target US Healthcare
Tags: attack, extortion, group, hacker, healthcare, intelligence, lazarus, north-korea, ransomware, threatReport: Lazarus Group Pivoting to Medusa Ransomware for Extortion Attacks. North Korean-state backed Lazarus Group hackers are using Medusa ransomware in extortion attacks on U.S. healthcare entities despite a 2024 U.S. indictment of Rim Jong Hyok, an alleged member of the Lazarus subgroup Stonefly, according to a new threat intelligence report. First seen on govinfosecurity.com…
-
Lazarus Group Uses Medusa Ransomware in Middle East and U.S. Healthcare Attacks
Tags: attack, group, healthcare, intelligence, korea, lazarus, middle-east, north-korea, ransomware, threatThe North Korea-linked Lazarus Group (aka Diamond Sleet and Pompilus) has been observed using Medusa ransomware in an attack targeting an unnamed entity in the Middle East, according to a new report by the Symantec and Carbon Black Threat Hunter Team.Broadcom’s threat intelligence division said it also identified the same threat actors mounting an unsuccessful…
-
North Korean state hackers seen using Medusa ransomware in attacks on US, Middle East
Tags: attack, country, cybersecurity, hacker, hacking, healthcare, lazarus, middle-east, military, north-korea, ransomwareCybersecurity researchers said they saw Medusa attacks launched by members of Lazarus, a well-known North Korean hacking operation housed within the country’s military, against a company in the Middle East and a healthcare organization in the U.S. First seen on therecord.media Jump to article: therecord.media/north-korean-hackers-using-medusa-ransomware
-
North Korean Lazarus group linked to Medusa ransomware attacks
North Korean state-backed hackers associated with the Lazarus threat group are targeting U.S. healthcare organizations in extortion attacks using the Medusa ransomware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/north-korean-lazarus-group-linked-to-medusa-ransomware-attacks/
-
The rise of the evasive adversary
Tags: access, ai, attack, authentication, breach, china, cloud, credentials, crime, crowdstrike, crypto, data, defense, endpoint, exploit, finance, firewall, group, identity, infrastructure, intelligence, korea, lazarus, leak, mail, malicious, malware, microsoft, monitoring, network, north-korea, open-source, phishing, ransomware, remote-code-execution, russia, saas, service, software, strategy, supply-chain, tactics, theft, threat, tool, update, vpn, vulnerability, windows, zero-dayBig game hunters tighten their grip: CrowdStrike’s research highlights how big game hunting (BGH) ransomware actors have remained the dominant force in the eCrime landscape.Punk Spider, a group responsible for developing and maintaining Russian-language Akira ransomware, and its associated Akira dedicated leak site, conducted 198 intrusions in 2025, a 134% increase year over year. Victim-shaming operations…
-
North Korean Hackers Exploit Fake IT Worker Schemes and Malicious Interview Lures
North Korean state-backed hackers are running large-scale fake IT worker and “Contagious Interview” campaigns that abuse developer hiring workflows to deliver JavaScript-based malware, steal code and credentials, and covertly generate revenue for the regime. Since at least 2022, North Korean threat actors have impersonated recruiters and hiring managers, luring software developers into executing booby-trapped code…
-
DPRK-Linked Hackers Continue Aggressive Crypto Attacks One Year After Bybit Breach
DPRK-linked operators are maintaining a relentless focus on the crypto sector, with activity accelerating rather than slowing in the year since the record-breaking Bybit breach. On 21 February 2025, threat actors linked to North Korea stole around 1.46 billion dollars in cryptoassets from Dubai-based exchange Bybit, in what remains the largest confirmed crypto theft to date. By…
-
How to Spot a North Korean Job Candidate
Prompt Candidates to Wave, Check IP Addresses and Ask About Their Supposed Location. They’re young, tech-savvy and often the most productive remote worker on the team. They’re a major security risk numbering in the thousands that a multitude of Fortune 500 companies have unwittingly ushered into their network. They are North Korean IT workers. First…
-
Ukrainian national gets 5-year sentence for involvement in North Korea IT worker scheme
A Ukrainian man was sentenced to five years in U.S. prison for his years-long role in a scheme that helped North Koreans get illegally hired in IT roles at 40 American companies. First seen on therecord.media Jump to article: therecord.media/north-korea-laptop-farm-ukraine
-
Ukrainian man jailed for identity theft that helped North Koreans get jobs at US companies
A Ukrainian man has been sentenced for helping North Koreans gain fraudulent employment at dozens of U.S. companies and funnel that money back to the regime to fund its nuclear weapons program. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/20/ukrainian-man-jailed-for-identity-theft-that-helped-north-koreans-get-jobs-at-us-companies/
-
Ukrainian gets five years for helping North Koreans secure US tech jobs
Polish arrest leads to extradition and federal prison sentence First seen on theregister.com Jump to article: www.theregister.com/2026/02/20/north_korean_it_worker_prison/
-
North Korean IT worker scam nets Ukrainian five-year sentence in the U.S.
A Ukrainian man was sentenced to five years in the U.S. for helping North Korean IT workers use stolen identities to get hired by U.S. firms. Oleksandr “Alexander” Didenko, a 29-year-old Ukrainian national, has been sentenced to five years in a U.S. prison for supporting North Korea’s fraudulent IT worker scheme. Didenko admitted stealing U.S.…
-
Ukrainian National Sentenced to 5 Years in North Korea IT Worker Fraud Case
A 29-year-old Ukrainian national has been sentenced to five years in prison in the U.S. for his role in facilitating North Korea’s fraudulent information technology (IT) worker scheme.In November 2025, Oleksandr “Alexander” Didenko pleaded guilty to wire fraud conspiracy and aggravated identity theft for stealing the identities of U.S. citizens and selling them to IT…
-
Man gets five years for aiding North Korean IT employment scam
Ukrainian national Oleksandr Didenko, 29, was sentenced in U.S. District Court to 5 years in prison for an identity theft scheme that enabled North Korean workers to secure … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/20/ukrainian-national-sentenced-id-entity-theft-north-korea-it-workers-identity-theft/
-
Ukrainian gets 5 years for helping North Koreans infiltrate US firms
A Ukrainian national was sentenced to five years in prison for providing North Korean IT workers with stolen identities that helped them infiltrate U.S. companies. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ukrainian-gets-5-years-for-helping-north-koreans-infiltrate-us-firms/
-
Ukrainian sentenced to 5 years in prison for facilitating North Korean remote worker scheme
Oleksandr Didenko ran laptop farms and provided forged or stolen identities to North Korean operatives who gained remote employment at 40 U.S. businesses. First seen on cyberscoop.com Jump to article: cyberscoop.com/doj-ukrainian-north-korea-remote-worker-scheme-facilitator-sentenced/
-
MCSC 2026: ‘Politik und Wirtschaft müssen zusammenarbeiten”
Tags: bsi, china, conference, control, cyber, cybercrime, cybersecurity, cyersecurity, north-korea, office, usaDas Motto der Munich Cybersecurity Conference 2026: “Command Control, Really? Confronting The Illusion Of Deterrence In The Age Of Relentless Cyber Threats.” Julia MutzbauerAuch in diesem Jahr waren wieder zahlreiche internationale Institutionen auf der Münchner Cybersicherheitskonferenz (MCSC) vertreten. Darunter das Weiße Haus, FBI, Europol, OECD, BSI, BND und die Europäische Kommission sowie das National Cybersecurity…
-
Top Security Incidents of 2025: Lazarus Group’s Cryptocurrency Heist
Tags: apt, attack, breach, crypto, cyber, data-breach, group, korea, lazarus, network, north-korea, security-incident, supply-chainEvent Summary In February 2025, the North Korea-linked APT group Lazarus launched a highly sophisticated supply chain attack against the prominent cryptocurrency exchange Bybit, successfully stealing over 400,000 ETH and stETH”, valued at approximately $1.5 billion. This incident marks the largest single security breach in the global cryptocurrency sector to date. The attack exposed critical…
-
10 years later, Bangladesh Bank cyberheist still offers cyber-resiliency lessons
Tags: access, ai, application-security, attack, automation, backdoor, banking, ceo, cisco, ciso, compliance, control, credentials, crypto, cyber, cybercrime, cybersecurity, data-breach, defense, detection, endpoint, exploit, finance, fintech, firewall, framework, infrastructure, intelligence, international, malware, monitoring, network, north-korea, oracle, password, risk, service, software, theft, threat, tool, vulnerabilitySecurity shortcomings: Adrian Cheek, senior cybercrime researcher at threat exposure management firm Flare, said the Bangladesh Bank heist was possible because of a number of security shortcomings, including a failure to air gap critical infrastructure.”The Bank of Bangladesh had four servers and the same number of desktops connected to SWIFT,” Cheek says. “This infrastructure, however,…
-
Malicious npm and PyPI packages linked to Lazarus APT fake recruiter campaign
Researchers found malicious npm and PyPI packages tied to a fake recruitment campaign linked to North Korea’s Lazarus Group. ReversingLabs researcher uncovered new malicious packages on npm and PyPI connected to a fake job recruitment campaign attributed to the North Korea-linked Lazarus Group. The campaign uses deceptive hiring themes to trick developers into downloading infected…