Tag: north-korea
-
The Developer’s Backdoor: North Korea Weaponizes Visual Studio Code
The post The Developer’s Backdoor: North Korea Weaponizes Visual Studio Code appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/the-developers-backdoor-north-korea-weaponizes-visual-studio-code/
-
Konni hackers target blockchain engineers with AI-built malware
The North Korean hacker group Konni (Opal Sleet, TA406) is using AI-generated PowerShell malware to target developers and engineers in the blockchain sector. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/konni-hackers-target-blockchain-engineers-with-ai-built-malware/
-
Breach Roundup: DOGE Uploaded Social Security Data to Cloud
Also, CIRO Phishing Breach, Ingram Micro Ransomware and CVE Surge. This week, DOGE posted sensitive data on an outside server. A phishing attack affected 750,000 Canadians. A hacktivism warning from the U.K. NCSC. An Ingram Micro breach. CVEs surged in 2025. SK Telecom challenged a fine. Researchers disclosed Chainlit flaws. North Korean hackers abused VS…
-
North Korean PurpleBravo Campaign Targeted 3,136 IP Addresses via Fake Job Interviews
Tags: ai, crypto, finance, intelligence, jobs, middle-east, north-korea, programming, service, softwareAs many as 3,136 individual IP addresses linked to likely targets of the Contagious Interview activity have been identified, with the campaign claiming 20 potential victim organizations spanning artificial intelligence (AI), cryptocurrency, financial services, IT services, marketing, and software development sectors in Europe, South Asia, the Middle East, and Central America.The new findings First seen…
-
North Korean PurpleBravo Campaign Targeted 3,136 IP Addresses via Fake Job Interviews
Tags: ai, crypto, finance, intelligence, jobs, middle-east, north-korea, programming, service, softwareAs many as 3,136 individual IP addresses linked to likely targets of the Contagious Interview activity have been identified, with the campaign claiming 20 potential victim organizations spanning artificial intelligence (AI), cryptocurrency, financial services, IT services, marketing, and software development sectors in Europe, South Asia, the Middle East, and Central America.The new findings First seen…
-
North Korean PurpleBravo Campaign Targeted 3,136 IP Addresses via Fake Job Interviews
Tags: ai, crypto, finance, intelligence, jobs, middle-east, north-korea, programming, service, softwareAs many as 3,136 individual IP addresses linked to likely targets of the Contagious Interview activity have been identified, with the campaign claiming 20 potential victim organizations spanning artificial intelligence (AI), cryptocurrency, financial services, IT services, marketing, and software development sectors in Europe, South Asia, the Middle East, and Central America.The new findings First seen…
-
Germany and Israel Pledge Cybersecurity Alliance
Berlin Readies Legislation Authorizing More Aggressive Stance in Cyberspace. Germany wants to drastically step up defenses against cyberattacks from foes such as Russia, China, Iran and North Korea, and it’s looking to key ally Israel for lessons and cooperation. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/germany-israel-pledge-cybersecurity-alliance-a-30568
-
North Korea-Linked Hackers Target Developers via Malicious VS Code Projects
The North Korean threat actors associated with the long-running Contagious Interview campaign have been observed using malicious Microsoft Visual Studio Code (VS Code) projects as lures to deliver a backdoor on compromised endpoints.The latest finding demonstrates continued evolution of the new tactic that was first discovered in December 2025, Jamf Threat Labs said.”This activity involved…
-
The culture you can’t see is running your security operations
Tags: apache, breach, business, compliance, control, credentials, cyber, data, email, exploit, finance, firewall, flaw, identity, intelligence, jobs, network, north-korea, phishing, risk, technology, threat, tool, training, update, vulnerabilityNon-observable culture: The hidden drivers: Now we get interesting.Non-observable culture is everything happening inside people’s heads. Their beliefs about cyber risk. Their attitudes toward security. Their values and priorities when security conflicts with convenience or speed.This is where the real decisions get made.You can’t see someone’s belief that “we’re too small to be targeted” or…
-
North Korean Hackers Exploit Code Repositories in “Contagious Interview” Campaign
A newly documented campaign dubbed “Contagious Interview” shows North Korean threat actors weaponising developer tooling and code-repository workflows to steal credentials, cryptocurrency wallets and establish remote access even when victims never “run” the code they are sent. In a recent case analysed by SEAL, a malicious Bitbucket repository (hxxps://bitbucket[.]org/0xmvptechlab/ctrading) was delivered as a take”‘home technical…
-
More than 40 countries impacted by North Korea IT worker scams, crypto thefts
Eleven countries led a session at the UN headquarters in New York centered around a 140-page report released last fall that covered North Korea’s extensive cyber-focused efforts to fund its nuclear and ballistic weapons program. First seen on therecord.media Jump to article: therecord.media/40-countries-impacted-nk-it-thefts-united-nations
-
FBI Flags Quishing Attacks From North Korean APT
A state-sponsored threat group tracked as Kimsuky sent QR-code-filled phishing emails to US and foreign government agencies, NGOs, and academic institutions. First seen on darkreading.com Jump to article: www.darkreading.com/mobile-security/fbi-quishing-attacks-north-korean-apt
-
FBI Warns of North Korean QR Phishing Campaigns
The FBI says North Korea’s Kimsuky APT group is using QR codes in spear phishing campaigns First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fbi-warns-north-korean-qr-phishing/
-
FBI Warns of North Korean QR Phishing Campaigns
The FBI says North Korea’s Kimsuky APT group is using QR codes in spear phishing campaigns First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fbi-warns-north-korean-qr-phishing/
-
FBI Warns North Korean Hackers Using Malicious QR Codes in Spear-Phishing
The U.S. Federal Bureau of Investigation (FBI) on Thursday released an advisory warning of North Korean state-sponsored threat actors leveraging malicious QR codes in spear-phishing campaigns targeting entities in the country.”As of 2025, Kimsuky actors have targeted think tanks, academic institutions, and both U.S. and foreign government entities with embedded malicious Quick Response (QR) First…
-
FBI warns about Kimsuky hackers using QR codes to phish U.S. orgs
The North Korean state-sponsored hacker group Kimsuki is using malicious QR codes in spearphishing campaigns that target U.S. organizations, the Federal Bureau of Investigation warns in a flash alert. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fbi-warns-about-kimsuky-hackers-using-qr-codes-to-phish-us-orgs/
-
Amazon Fends Off 1,800 Suspected DPRK IT Job Scammers
The tech giant has been beset by a deluge of state-sponsored North Korean operatives, showcasing the sheer scale of the IT worker scam problem. First seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/amazon-fends-off-dprk-it-job-scammers
-
Amazon has stopped 1,800 job applications from North Korean agents
North Korean group infiltrated 100-plus companies with imposter IT pros: CrowdStrike reportHow not to hire a North Korean IT spyNorth Korean hackers impersonated recruiters to steal credentials from over 1,500 developer systemsNorth Korean fake IT workers up the ante in targeting tech firms First seen on csoonline.com Jump to article: www.csoonline.com/article/4111148/amazon-has-stopped-1800-job-applications-from-north-korean-agents.html
-
10 Major Cyberattacks And Data Breaches In 2025
Among the major cyberattacks and data breaches in 2025 were nation-state infiltration by China and North Korea, as well as massive data theft and ransomware attacks. First seen on crn.com Jump to article: www.crn.com/news/security/2025/10-major-cyberattacks-and-data-breaches-in-2025
-
Amazon Warns Perncious Fake North Korea IT Worker Threat Has Become Widespread
Amazon is warning organizations that a North Korean effort to impersonate IT workers is more extensive than many cybersecurity teams may realize after discovering the cloud service provider was also victimized. A North Korean imposter was uncovered working as a remote systems administrator in the U.S. after their keystroke input lag raised suspicions. Normally, keystroke..…
-
Keyboard Lag Leads Amazon to North Korean Impostor in Remote Role
Amazon Security Chief explains how a subtle keyboard delay exposed a North Korean impostor. Read about the laptop farm scheme and how 110 milliseconds of lag ended a major corporate infiltration. First seen on hackread.com Jump to article: hackread.com/keyboard-lag-amazon-north-korea-impostor-remote-role/
-
Amazon Detects North Korean IT Infiltrator via Latency Clues
Amazon uncovered a North Korean IT infiltrator through keystroke latency, highlighting risks in remote hiring and the need for stronger identity controls. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/amazon-detects-north-korean-it-infiltrator-via-latency-clues/
-
A Good Year for North Korean Cybercriminals
North Korea shifted its strategy to patiently target bigger fish for larger payouts, using sophisticated methods to execute attacks at opportune times. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/good-year-north-korean-cybercriminals
-
Amazon Identified North Korean IT Worker by Tracking Keystroke Activity
Amazon has uncovered a North Korean imposter posing as a U.S.-based systems administrator. The discovery was made not through traditional background checks but by analyzing the subtle timing of the worker’s typing. According to a report from Bloomberg, Amazon security specialists flagged the employee due to suspicious >>keystroke input lag.
-
North Korean Hackers Set Record with $2 Billion Crypto Heist in 2025
North Korean cybercriminals shattered previous records in 2025, stealing at least $2.02 billion in cryptocurrency through a sophisticated campaign that represents the most successful year ever for state-sponsored digital theft despite fewer confirmed attacks. This unprecedented haul marks a 51% increase year-over-year. It brings the regime’s cumulative cryptocurrency theft to a staggering $6.75 billion, cementing…
-
Amazon blocked 1,800 suspected North Korean scammers seeking jobs
Plus: Lazarus Group has a brand new BeaverTail First seen on theregister.com Jump to article: www.theregister.com/2025/12/18/amazon_blocked_fake_dprk_workers/
-
New Lazarus and Kimsuky Infrastructure Discovered with Active Tools and Tunneling Nodes
Tags: control, credentials, cyber, group, infrastructure, lazarus, network, north-korea, theft, threat, toolSecurity researchers from Hunt.io and Acronis Threat Research Unit have uncovered a sophisticated network of operational infrastructure controlled by North Korean state-sponsored threat actors Lazarus and Kimsuky. The collaborative investigation revealed previously undocumented connections between these groups’ campaigns, exposing active command-and-control servers, credential-theft environments, tunneling nodes, and certificate-linked infrastructure that had remained hidden from public…
-
New Lazarus and Kimsuky Infrastructure Discovered with Active Tools and Tunneling Nodes
Tags: control, credentials, cyber, group, infrastructure, lazarus, network, north-korea, theft, threat, toolSecurity researchers from Hunt.io and Acronis Threat Research Unit have uncovered a sophisticated network of operational infrastructure controlled by North Korean state-sponsored threat actors Lazarus and Kimsuky. The collaborative investigation revealed previously undocumented connections between these groups’ campaigns, exposing active command-and-control servers, credential-theft environments, tunneling nodes, and certificate-linked infrastructure that had remained hidden from public…