Tag: north-korea

Fake job recruiters hide malware in developer coding challenges

Feb 13, 2026 11:58 PM

Tags: crypto, jobs, malware, north-korea, threat

A new variation of the fake recruiter campaign from North Korean threat actors is targeting JavaScript and Python developers with cryptocurrency-related tasks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-job-recruiters-hide-malware-in-developer-coding-challenges/
Fake job recruiters hide malware in developer coding challenges

Feb 13, 2026 11:58 PM

Tags: crypto, jobs, malware, north-korea, threat

A new variation of the fake recruiter campaign from North Korean threat actors is targeting JavaScript and Python developers with cryptocurrency-related tasks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-job-recruiters-hide-malware-in-developer-coding-challenges/
State Hackers Turn Google AI Into Attack Acceleration Tool

Feb 13, 2026 7:58 PM

Tags: ai, attack, china, cyberattack, exploit, google, hacker, intelligence, iran, korea, malware, north-korea, social-engineering, tool

China, Iran, North Korea Hackers Exploit Gemini Across Attack Life Cycle. State-backed hackers weaponized Google’s artificial intelligence model Gemini to accelerate cyberattacks, using the productivity tool as an offensive asset for reconnaissance, social engineering and malware development. Google said it has disabled accounts and strengthened defenses. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/state-hackers-turn-google-ai-into-attack-acceleration-tool-a-30751
State Hackers Turn Google AI Into Attack Acceleration Tool

Feb 13, 2026 7:58 PM

Tags: ai, attack, china, cyberattack, exploit, google, hacker, intelligence, iran, korea, malware, north-korea, social-engineering, tool

China, Iran, North Korea Hackers Exploit Gemini Across Attack Life Cycle. State-backed hackers weaponized Google’s artificial intelligence model Gemini to accelerate cyberattacks, using the productivity tool as an offensive asset for reconnaissance, social engineering and malware development. Google said it has disabled accounts and strengthened defenses. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/state-hackers-turn-google-ai-into-attack-acceleration-tool-a-30751
Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations

Feb 13, 2026 6:58 PM

Tags: china, cyber, defense, google, group, intelligence, iran, korea, north-korea, russia, threat

Several state-sponsored actors, hacktivist entities, and criminal groups from China, Iran, North Korea, and Russia have trained their sights on the defense industrial base (DIB) sector, according to findings from Google Threat Intelligence Group (GTIG).The tech giant’s threat intelligence division said the adversarial targeting of the sector is centered around four key themes: striking defense…
Google fears massive attempt to clone Gemini AI through model extraction

Feb 13, 2026 1:58 PM

Tags: access, ai, api, attack, china, ciso, cybercrime, cybersecurity, defense, exploit, google, government, group, hacker, intelligence, iran, jobs, korea, LLM, malicious, malware, north-korea, phishing, russia, service, social-engineering, threat, vulnerability

Nation-state groups used Gemini to accelerate attack operations: Google sees itself not just as a potential victim of AI cybercrime, but also an unwilling enabler. Its report documented how government-backed threat actors from China, Iran, North Korea, and Russia integrated Gemini into their operations in late 2025. The company said it disabled accounts and assets…
Google Reports State-Backed Hackers Using Gemini AI for Recon and Attack Support

Feb 12, 2026 7:58 PM

Tags: ai, attack, cyber, google, group, hacker, hacking, intelligence, korea, north-korea, threat, tool

Google on Thursday said it observed the North Korea-linked threat actor known as UNC2970 using its generative artificial intelligence (AI) model Gemini to conduct reconnaissance on its targets, as various hacking groups continue to weaponize the tool for accelerating various phases of the cyber attack life cycle, enabling information operations, and even conducting model extraction…
Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems

Feb 12, 2026 7:58 PM

Tags: cybersecurity, korea, lazarus, malicious, north-korea, pypi

Cybersecurity researchers have discovered a fresh set of malicious packages across npm and the Python Package Index (PyPI) repository linked to a fake recruitment-themed campaign orchestrated by the North Korea-linked Lazarus Group.The coordinated campaign has been codenamed graphalgo in reference to the first package published in the npm registry. It’s assessed to be active since…
North Korea’s UNC1069 Hammers Crypto Firms With AI

Feb 11, 2026 11:58 PM

Tags: ai, crypto, deep-fake, finance, korea, LLM, north-korea, threat

In moving away from traditional banks to focus on Web3 companies, the threat actor is leveraging LLMs, deepfakes, legitimate platforms, and ClickFix. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/north-koreas-unc1069-hammers-crypto-firms
North Korea’s UNC1069 Hammers Crypto Firms With AI

Feb 11, 2026 11:58 PM

Tags: ai, crypto, deep-fake, finance, korea, LLM, north-korea, threat

In moving away from traditional banks to focus on Web3 companies, the threat actor is leveraging LLMs, deepfakes, legitimate platforms, and ClickFix. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/north-koreas-unc1069-hammers-crypto-firms
North Korea’s UNC1069 Hammers Crypto Firms With AI

Feb 11, 2026 11:58 PM

Tags: ai, crypto, deep-fake, finance, korea, LLM, north-korea, threat

In moving away from traditional banks to focus on Web3 companies, the threat actor is leveraging LLMs, deepfakes, legitimate platforms, and ClickFix. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/north-koreas-unc1069-hammers-crypto-firms
North Korean hackers use new macOS malware in crypto-theft attacks

Feb 11, 2026 12:13 AM

Tags: ai, attack, crypto, hacker, macOS, malware, north-korea, theft, windows

North Korean hackers are running tailored campaigns using AI-generated video and the ClickFix technique to deliver malware for macOS and Windows to targets in the cryptocurrency sector. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/north-korean-hackers-use-new-macos-malware-in-crypto-theft-attacks/
North Korean hackers targeted crypto exec with fake Zoom meeting, ClickFix scam

Feb 10, 2026 5:16 PM

Tags: attack, crypto, hacker, malware, north-korea, scam

The scam involved a ClickFix attack where hackers install malware on a device by having the victim try to resolve fictitious technical issues. First seen on therecord.media Jump to article: therecord.media/north-korean-hackers-targeted-crypto-exec-clickfix
UNC1069 Targets Financial Firms With New Tools and AI-Driven Social Engineering Attacks

Feb 10, 2026 1:13 PM

Tags: ai, attack, crypto, cyber, finance, group, malware, mandiant, north-korea, social-engineering, tactics, threat, tool

North Korean threat actor UNC1069 has escalated attacks against the cryptocurrency and decentralized finance (DeFi) sector using sophisticated AI-powered social engineering tactics and seven distinct malware families, according to a recent Mandiant investigation. The financially motivated group, active since 2018, deployed an unprecedented arsenal of tools, including newly discovered malware dubbed SILENCELIFT, DEEPBREATH, and CHROMEPUSH,…
DPRK IT Workers Use Stolen LinkedIn Identities to Secure Remote Employment

Feb 10, 2026 7:13 AM

Tags: ai, breach, cyber, fraud, identity, jobs, linkedin, north-korea

A new wave of identity fraud has hit the remote job market, with North Korean (DPRK) operatives adopting a sophisticated new tactic to bypass hiring screens. This development marks a significant shift in tradecraft. Previously, these operatives often relied on fabricated profiles with AI-generated headshots and fake resumes. However, hiring managers and security teams have…
ScarCruft Exploits Trusted Cloud Services and OLE Documents to Deliver Malware

Feb 9, 2026 2:13 PM

Tags: attack, cloud, cyber, exploit, group, malware, north-korea, service, threat

The North Korean-backed advanced persistent threat (APT) group known as ScarCruft has significantly evolved its attack techniques. In a departure from their established methods, the group is now using a sophisticated OLE-based dropper to distribute its signature malware, ROKRAT. This new campaign highlights the group’s ability to abuse legitimate cloud services like pCloud and Yandex…
Software developers: Prime cyber targets and a rising risk vector for CISOs

Feb 9, 2026 9:14 AM

Tags: access, ai, api, application-security, attack, automation, backdoor, breach, ceo, ciso, cloud, container, control, credentials, cyber, cyberattack, cybersecurity, data, data-breach, exploit, flaw, Hardware, identity, infrastructure, intelligence, Internet, jobs, leak, least-privilege, LLM, malicious, malware, marketplace, north-korea, open-source, phishing, programming, resilience, risk, saas, scam, service, social-engineering, software, supply-chain, theft, threat, tool, training, unauthorized, update, vulnerability

Credential theft and environment compromise: Attackers aren’t just looking for flaws in code “, they’re looking for access to software development environments.Common security shortcomings, including overprivileged service accounts, long-lived tokens, and misconfigured pipelines, offer a ready means for illicit entry into sensitive software development environments.”Improperly stored access credentials are low-hanging fruit for even the most amateur…
Chollima APT Hackers Weaponize LNK Files to Deploy Sophisticated Malware

Feb 3, 2026 11:13 AM

Tags: apt, attack, cyber, email, group, hacker, korea, malware, north-korea, phishing, spear-phishing, threat

In March 2025, the Ricochet Chollima APT group, widely recognized as APT37 and linked to North Korean state-sponsored operations, launched a targeted spear-phishing campaign against activists focused on North Korean affairs. The threat actors initiated the attack chain via spear-phishing emails impersonating a North Korea-focused security expert based in South Korea. The emails referenced legitimate…
Hydra Tactics: North Korea’s LABYRINTH CHOLLIMA Splits to Hunt Crypto Secrets

Feb 3, 2026 5:13 AM

Tags: crypto, korea, north-korea, tactics

The post Hydra Tactics: North Korea’s LABYRINTH CHOLLIMA Splits to Hunt Crypto Secrets appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/hydra-tactics-north-koreas-labyrinth-chollima-splits-to-hunt-crypto-secrets/
Labyrinth Chollima Evolves into Three North Korean Hacking Groups

Jan 30, 2026 5:22 PM

Tags: crowdstrike, group, hacker, hacking, north-korea, threat

CrowdStrike assessed that two new threat actor groups have spun off from North Korean Labyrinth Chollima hackers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/labyrinth-chollima-dprk-three/
Long-running North Korea threat group splits into 3 distinct operations

Jan 29, 2026 1:23 PM

Tags: crypto, espionage, group, korea, lazarus, north-korea, theft, threat

The trio, which share lineage with the more broadly defined Lazarus Group, are focused on espionage and cryptocurrency theft, according to CrowdStrike. First seen on cyberscoop.com Jump to article: cyberscoop.com/north-korea-labyrinth-chollima-splits-crowdstrike/
DPRK’s Konni Targets Blockchain Developers With AI-Generated Backdoor

Jan 26, 2026 6:21 PM

Tags: ai, backdoor, blockchain, crypto, group, north-korea, powershell, threat

The North Korean threat group is using a new PowerShell backdoor to compromise development environments and target cryptocurrency holdings, according to researchers. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/dprks-konni-targets-blockchain-developers-ai-generated-backdoor
Lazarus Hackers Target European Drone Manufacturers in Active Campaign

Jan 26, 2026 4:21 PM

Tags: attack, cyber, cyberespionage, defense, group, hacker, hacking, korea, lazarus, north-korea

The North Korean state-sponsored Lazarus hacking group has launched a sophisticated cyberespionage campaign targeting European defense contractors involved in uncrewed aerial vehicle (UAV) manufacturing. The attacks appear directly linked to North Korea’s efforts to accelerate its domestic drone production capabilities through industrial espionage. The targeted organizations include a metal engineering firm, an aircraft component manufacturer,…
New DPRK Interview Campaign Uses Fake Fonts to Deliver Malware

Jan 26, 2026 4:21 PM

Tags: attack, cyber, github, malicious, malware, microsoft, north-korea, software, threat

A dangerous new iteration of the >>Contagious Interview<< campaign that weaponizes Microsoft Visual Studio Code task files to distribute sophisticated malware targeting software developers. This campaign, which began over 100 days ago, has intensified dramatically in recent weeks with 17 malicious GitHub repositories identified across 11 distinct attack variants. North Korean threat actors linked to…
New DPRK Interview Campaign Uses Fake Fonts to Deliver Malware

Jan 26, 2026 4:21 PM

Tags: attack, cyber, github, malicious, malware, microsoft, north-korea, software, threat

A dangerous new iteration of the >>Contagious Interview<< campaign that weaponizes Microsoft Visual Studio Code task files to distribute sophisticated malware targeting software developers. This campaign, which began over 100 days ago, has intensified dramatically in recent weeks with 17 malicious GitHub repositories identified across 11 distinct attack variants. North Korean threat actors linked to…
Konni Hackers Deploy AI-Generated PowerShell Backdoor Against Blockchain Developers

Jan 26, 2026 11:21 AM

Tags: ai, backdoor, blockchain, hacker, india, intelligence, korea, malware, north-korea, phishing, powershell, russia, threat, tool, ukraine

The North Korean threat actor known as Konni has been observed using PowerShell malware generated using artificial intelligence (AI) tools to target developers and engineering teams in the blockchain sector.The phishing campaign has targeted Japan, Australia, and India, highlighting the adversary’s expansion of the targeting scope beyond South Korea, Russia, Ukraine, and European nations, Check…
The Developer’s Backdoor: North Korea Weaponizes Visual Studio Code

Jan 26, 2026 5:21 AM

Tags: backdoor, korea, north-korea

The post The Developer’s Backdoor: North Korea Weaponizes Visual Studio Code appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/the-developers-backdoor-north-korea-weaponizes-visual-studio-code/
Konni hackers target blockchain engineers with AI-built malware

Jan 24, 2026 5:31 PM

Tags: ai, blockchain, group, hacker, malware, north-korea, powershell

The North Korean hacker group Konni (Opal Sleet, TA406) is using AI-generated PowerShell malware to target developers and engineers in the blockchain sector. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/konni-hackers-target-blockchain-engineers-with-ai-built-malware/
Breach Roundup: DOGE Uploaded Social Security Data to Cloud

Jan 22, 2026 11:30 PM

Tags: attack, breach, cloud, cve, data, hacker, north-korea, phishing, ransomware

Also, CIRO Phishing Breach, Ingram Micro Ransomware and CVE Surge. This week, DOGE posted sensitive data on an outside server. A phishing attack affected 750,000 Canadians. A hacktivism warning from the U.K. NCSC. An Ingram Micro breach. CVEs surged in 2025. SK Telecom challenged a fine. Researchers disclosed Chainlit flaws. North Korean hackers abused VS…
North Korean PurpleBravo Campaign Targeted 3,136 IP Addresses via Fake Job Interviews

Jan 21, 2026 7:34 PM

Tags: ai, crypto, finance, intelligence, jobs, middle-east, north-korea, programming, service, software

As many as 3,136 individual IP addresses linked to likely targets of the Contagious Interview activity have been identified, with the campaign claiming 20 potential victim organizations spanning artificial intelligence (AI), cryptocurrency, financial services, IT services, marketing, and software development sectors in Europe, South Asia, the Middle East, and Central America.The new findings First seen…