Tag: north-korea
-
Google ‘Careers’ scam lands job seekers in credential traps
Tags: attack, authentication, breach, control, credentials, cybersecurity, defense, google, identity, infrastructure, jobs, login, mfa, monitoring, north-korea, phishing, scam, strategy, threat, trainingWhat must organizations must: Sublime observed a sophisticated backend infrastructure supporting the phishing operation. Rather than just relying on a static fake login page, the attackers used newly registered domains (like gappywave[.]com, gcareerspeople[.]com) and what appeared to be command-and-control (C2) servers such as satoshicommands[.]com to process stolen credentials.Additionally, the HTML and JavaScript of the fake…
-
Google ‘Careers’ scam lands job seekers in credential traps
Tags: attack, authentication, breach, control, credentials, cybersecurity, defense, google, identity, infrastructure, jobs, login, mfa, monitoring, north-korea, phishing, scam, strategy, threat, trainingWhat must organizations must: Sublime observed a sophisticated backend infrastructure supporting the phishing operation. Rather than just relying on a static fake login page, the attackers used newly registered domains (like gappywave[.]com, gcareerspeople[.]com) and what appeared to be command-and-control (C2) servers such as satoshicommands[.]com to process stolen credentials.Additionally, the HTML and JavaScript of the fake…
-
North Korea’s WaterPlum APT Deploys Node.js OtterCandy RAT for Crypto Theft with Anti-Forensic Module
The post North Korea’s WaterPlum APT Deploys Node.js OtterCandy RAT for Crypto Theft with Anti-Forensic Module appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/north-koreas-waterplum-apt-deploys-node-js-ottercandy-rat-for-crypto-theft-with-anti-forensic-module/
-
North Korea’s UNC5342 APT Uses EtherHiding to Store Malware in Blockchain Smart Contracts for Stealthy C2
The post North Korea’s UNC5342 APT Uses EtherHiding to Store Malware in Blockchain Smart Contracts for Stealthy C2 appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/north-koreas-unc5342-apt-uses-etherhiding-to-store-malware-in-blockchain-smart-contracts-for-stealthy-c2/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 67
Tags: banking, control, github, international, korea, malicious, malware, north-korea, resilience, rustSecurity Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Astaroth: Banking Trojan Abusing GitHub for Resilience North Korea’s Contagious Interview Campaign Escalates: 338 Malicious npm Packages, 50,000 Downloads New Rust Malware >>ChaosBot
-
Nordkorea setzt auf Blockchain: Staatshacker nutzen >>EtherHiding<<
Die Google Threat Intelligence Group hat eine neuartige Angriffsmethode nordkoreanischer Hacker dokumentiert. Erstmals nutzt eine staatlich geförderte Gruppe dezentrale Blockchains, um Malware-Befehle zu verschleiern eine Technik, die sich kaum unterbinden lässt. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/nordkorea-setzt-auf-blockchain-staatshacker-nutzen-etherhiding
-
Hackers Dox ICE, DHS, DOJ, and FBI Officials
Plus: A secret FBI anti-ransomware task force gets exposed, the mystery of the CIA’s Kryptos sculpture is finally solved, North Koreans busted hiding malware in the Ethereum blockchain, and more. First seen on wired.com Jump to article: www.wired.com/story/security-news-this-week-hackers-dox-ice-dhs-doj-and-fbi-officials/
-
Nordkorea nutzt EtherHiding: Staatliche Malware versteckt sich in Blockchains
Der Einsatz der EtherHiding-Technik durch UNC5342 bietet eine äußerst widerstandsfähige Methode, um Angriffe fortzusetzen und Sicherheitsmaßnahmen zu umgehen. Sie erschwert es erheblich, bösartige Aktivitäten zu blockieren oder die Infrastruktur der Angreifer stillzulegen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/nordkorea-nutzt-etherhiding-staatliche-malware-versteckt-sich-in-blockchains/a42401/
-
North Korean Hackers Use Blockchain to Hide Crypto-Stealing Malware
North Korean hackers are using blockchain smart contracts to hide malware and steal cryptocurrency. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/north-korean-hackers-use-blockchain-to-hide-crypto-stealing-malware/
-
North Korean Hackers Use Blockchain to Hide Crypto-Stealing Malware
North Korean hackers are using blockchain smart contracts to hide malware and steal cryptocurrency. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/north-korean-hackers-use-blockchain-to-hide-crypto-stealing-malware/
-
North Korean Hackers Combine BeaverTail and OtterCookie into Advanced JS Malware
The North Korean threat actor linked to the Contagious Interview campaign has been observed merging some of the functionality of two of its malware programs, indicating that the hacking group is actively refining its toolset.That’s according to new findings from Cisco Talos, which said recent campaigns undertaken by the hacking group have seen the functions…
-
North Korean Hackers Use EtherHiding to Steal Crypto
Google reveals North Korean hackers are using EtherHiding, a blockchain-based technique, to deliver malware and steal cryptocurrency First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/nk-hackers-etherhiding-steal-crypto/
-
ClickFake Interview Campaign Used by Threat Actors to Deliver OtterCandy Malware
A North Korean-linked group, WaterPlum’s Cluster B, has evolved its tactics by introducing OtterCandy”, a Node.jsbased RAT and information stealer”, through the ClickFake Interview campaign, with significant enhancements observed in August 2025. This threat actor, attributed to North Korea, orchestrated two primary campaigns: Contagious Interview and ClickFake Interview. Although multiple clusters operate under the WaterPlum…
-
Deutschland größtes Hacker-Ziel in der EU
Tags: authentication, china, cyberattack, defense, extortion, germany, hacker, iran, login, mail, mfa, microsoft, north-korea, password, phishing, ransomware, software, ukraineLaut einer Studie von Microsoft richteten sich 3,3 Prozent aller Cyberangriffe weltweit im ersten Halbjahr 2025 gegen Ziele in Deutschland.Kein Land in der Europäischen Union steht so sehr im Fokus von kriminellen Hackern wie Deutschland. Das geht aus dem Microsoft Digital Defense Report 2025 hervor, den der Software-Konzern in Redmond veröffentlicht hat. Danach richteten sich…
-
North Korean Hackers Exploit EtherHiding to Spread Malware and Steal Crypto Assets
Tags: attack, blockchain, crypto, cyber, cybercrime, cybersecurity, exploit, hacker, malicious, malware, north-korea, technology, threatThe cybersecurity landscape has witnessed a significant evolution in attack techniques with North Korean threat actors adopting EtherHiding, a sophisticated method that leverages blockchain technology to distribute malware and facilitate cryptocurrency theft. EtherHiding represents a fundamental shift in how cybercriminals store and deliver malicious payloads by embedding malware code within smart contracts on public blockchains…
-
North Korean Hackers Exploit EtherHiding to Spread Malware and Steal Crypto Assets
Tags: attack, blockchain, crypto, cyber, cybercrime, cybersecurity, exploit, hacker, malicious, malware, north-korea, technology, threatThe cybersecurity landscape has witnessed a significant evolution in attack techniques with North Korean threat actors adopting EtherHiding, a sophisticated method that leverages blockchain technology to distribute malware and facilitate cryptocurrency theft. EtherHiding represents a fundamental shift in how cybercriminals store and deliver malicious payloads by embedding malware code within smart contracts on public blockchains…
-
North Korea’s Famous Chollima APT Uses Trojanized Node.js App to Deploy OtterCookie RAT for Crypto Theft
The post North Korea’s Famous Chollima APT Uses Trojanized Node.js App to Deploy OtterCookie RAT for Crypto Theft appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/north-koreas-famous-chollima-apt-uses-trojanized-node-js-app-to-deploy-ottercookie-rat-for-crypto-theft/
-
North Korean operatives spotted using evasive techniques to steal data and cryptocurrency
Research from Cisco Talos and Google Threat Intelligence Group underscores the extent to which North Korea-aligned attackers attempt to avoid detection. First seen on cyberscoop.com Jump to article: cyberscoop.com/north-korea-attackers-evasive-techniques-malware/
-
NK’s Famous Chollima Use BeaverTail and OtterCookie Malware in Job Scam
North Korea’s Famous Chollima is back, merging BeaverTail and OtterCookie malware to target job seekers. Cisco Talos details the new threat. Keylogging, screen recording, and cryptocurrency wallet theft detected in an attack. First seen on hackread.com Jump to article: hackread.com/nk-famous-chollima-beavertail-ottercookie-malware/
-
NK’s Famous Chollima Use BeaverTail and OtterCookie Malware in Job Scam
North Korea’s Famous Chollima is back, merging BeaverTail and OtterCookie malware to target job seekers. Cisco Talos details the new threat. Keylogging, screen recording, and cryptocurrency wallet theft detected in an attack. First seen on hackread.com Jump to article: hackread.com/nk-famous-chollima-beavertail-ottercookie-malware/
-
North Korean hackers seen using blockchain to hide crypto-stealing malware
Google security researchers said on Thursday that they observed a Pyongyang-backed hacking group, tracked as UNC5342, deploying a method known as EtherHiding, a way of embedding malicious code inside smart contracts on decentralized networks such as Ethereum and BNB Smart Chain. First seen on therecord.media Jump to article: therecord.media/north-korean-hackers-using-blockchain-hiding-malware
-
Hackers Use Blockchain to Hide Malware in Plain Sight
Tags: attack, blockchain, google, group, hacker, hacking, intelligence, korea, malware, north-korea, threatState, Criminal Hackers Use Blockchain Technique to Evade Takedowns. Google’s Threat Intelligence Group found hacking groups like North Korea’s UNC5342 and criminal group UNC5142 using a public blockchain technique called EtherHiding to distribute malware. The method makes attacks tougher to trace, block or dismantle. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/hackers-use-blockchain-to-hide-malware-in-plain-sight-a-29741
-
Hackers Use Blockchain to Hide Malware in Plain Sight
Tags: attack, blockchain, google, group, hacker, hacking, intelligence, korea, malware, north-korea, threatState, Criminal Hackers Use Blockchain Technique to Evade Takedowns. Google’s Threat Intelligence Group found hacking groups like North Korea’s UNC5342 and criminal group UNC5142 using a public blockchain technique called EtherHiding to distribute malware. The method makes attacks tougher to trace, block or dismantle. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/hackers-use-blockchain-to-hide-malware-in-plain-sight-a-29741
-
North Korean Hackers Use EtherHiding to Hide Malware Inside Blockchain Smart Contracts
Tags: blockchain, crypto, google, group, hacker, hacking, intelligence, korea, malware, north-korea, theft, threatA threat actor with ties to the Democratic People’s Republic of Korea (aka North Korea) has been observed leveraging the EtherHiding technique to distribute malware and enable cryptocurrency theft, marking the first time a state-sponsored hacking group has embraced the method.The activity has been attributed by Google Threat Intelligence Group (GTIG) to a threat cluster…
-
Hackers Use Blockchain to Hide Malware in Plain Sight
Tags: attack, blockchain, google, group, hacker, hacking, intelligence, korea, malware, north-korea, threatState, Criminal Hackers Use Blockchain Technique to Evade Takedowns. Google’s Threat Intelligence Group found hacking groups like North Korea’s UNC5342 and criminal group UNC5142 using a public blockchain technique called EtherHiding to distribute malware. The method makes attacks tougher to trace, block or dismantle. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/hackers-use-blockchain-to-hide-malware-in-plain-sight-a-29741
-
North Korean hackers use EtherHiding to hide malware on the blockchain
North Korean hackers were observed employing the ‘EtherHiding’ tactic to deliver malware, steal cryptocurrency, and perform espionage with stealth and resilience. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/north-korean-hackers-use-etherhiding-to-hide-malware-on-the-blockchain/
-
North Korean hackers use EtherHiding to hide malware on the blockchain
North Korean hackers were observed employing the ‘EtherHiding’ tactic to deliver malware, steal cryptocurrency, and perform espionage with stealth and resilience. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/north-korean-hackers-use-etherhiding-to-hide-malware-on-the-blockchain/
-
North Korean Hackers Deploy BeaverTailOtterCookie Combo for Keylogging Attacks
Researchers at Cisco Talos have uncovered a sophisticated campaign by the Famous Chollima subgroup of Lazarus, wherein attackers deploy blended JavaScript tools”, BeaverTail and OtterCookie”, to carry out stealthy keylogging, screenshot capture, and data exfiltration. This cluster of activity, part of the broader “Contagious Interview” operation, has evolved significantly since first noted, blurring lines between…