Tag: north-korea
-
North Korea’s ScarCruft Targets Academics With RokRAT Malware
A new report reveals North Korea-linked ScarCruft is using RokRAT malware to target academics in a phishing campaign…. First seen on hackread.com Jump to article: hackread.com/north-korea-scarcruft-target-academics-rokrat-malware/
-
North Korea’s APT37 deploys RokRAT in new phishing campaign against academics
ScarCruft (APT37) launches Operation HanKook Phantom, a phishing campaign using RokRAT to target academics, ex-officials, and researchers. Cybersecurity firm Seqrite Labs uncovered a phishing campaign, tracked as dubbed Operation HanKook Phantom, by the North Korea-linked group APT37 (aka Ricochet Chollima, ScarCruft, Reaper, and Group123). Threat actors are using a fake “National Intelligence Research Society Newsletter…
-
ScarCruft Uses RokRAT Malware in Operation HanKook Phantom Targeting South Korean Academics
Cybersecurity researchers have discovered a new phishing campaign undertaken by the North Korea-linked hacking group called ScarCruft (aka APT37) to deliver a malware known as RokRAT.The activity has been codenamed Operation HanKook Phantom by Seqrite Labs, stating the attacks appear to target individuals associated with the National Intelligence Research Association, including academic figures First seen…
-
North Korean Hackers Weaponize Seoul Intelligence Files to Target South Koreans
Pyongyang-backed hacking group APT37 leveraged an internal South Korean intelligence briefing in a spear phishing campaign First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/north-korea-apt37-spear-phishing/
-
DPRK Remote Work Tactics: Leveraging Code-Sharing Platforms
DPRK IT workers have leveraged popular code-sharing platforms such as GitHub, CodeSandbox, and Medium to cultivate convincing developer portfolios and land remote positions under fabricated identities. Investigations reveal approximately 50 active GitHub profiles operated by North Korean actors, supplemented by dozens of profiles across niche freelancing and forum sites. These operatives employ deepfake profile photos,…
-
US targets North Korean IT worker army with new sanctions
The U.S. Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned two individuals and two companies associated with North Korean IT worker schemes that operate at the expense of American organizations. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/legal/us-targets-north-korean-it-worker-army-with-new-sanctions/
-
Anthropic Warns of AI-Powered Cybercrime in New Threat Report
Anthropic’s August report reveals hackers, North Korean operatives, and state actors misused its Claude AI for extortion, fraud, and espionage. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-anthropic-warns-ai-powered-cyber-crime/
-
U.S. Treasury Sanctions North Korean IT Worker Network Funding Weapons Programs
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has imposed sanctions on Russian national Vitaliy Sergeyevich Andreyev, DPRK official Kim Ung Sun, Chinese entity Shenyang Geumpungri Network Technology Co., Ltd. DPRK-based Korea Sinjin Trading Corporation for their involvement in a sophisticated fraudulent scheme involving information technology workers orchestrated by the Democratic…
-
U.S. Treasury Sanctions DPRK IT-Worker Scheme, Exposing $600K Crypto Transfers and $1M+ Profits
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced a fresh round of sanctions against two individuals and two entities for their role in the North Korean remote information technology (IT) worker scheme to generate illicit revenue for the regime’s weapons of mass destruction and ballistic missile programs.”The North Korean regime…
-
Treasury sanctions North Korea IT worker scheme facilitators and front organizations
As the sanctions-evading scheme has grown, so too has the U.S. government’s response. First seen on cyberscoop.com Jump to article: cyberscoop.com/treasury-department-sanctions-north-korea-worker-scheme/
-
US sanctions Russian national and Chinese company over North Korean IT worker schemes
The U.S. Treasury Department announced new sanctions targeting key players in North Korea’s ongoing scheme to get its citizens hired as IT workers at American companies. First seen on therecord.media Jump to article: therecord.media/us-sanctions-company-national-north
-
US sanctions fraud network used by North Korean ‘remote IT workers’ to seek jobs and steal money
Treasury officials say the North Korea government used the fraud network to generate money for the regime’s nuclear weapons program. First seen on techcrunch.com Jump to article: techcrunch.com/2025/08/27/us-sanctions-fraud-network-used-by-north-korea-to-seek-jobs-and-steal-money/
-
Governments, tech companies meet in Tokyo to share tips on fighting North Korea IT worker scheme
The U.S. State Department said it worked with the Ministries of Foreign Affairs in Japan and South Korea to organize the forum, which had more than 130 attendees from freelance work platforms, payment service providers, cryptocurrency companies, AI firms and more. First seen on therecord.media Jump to article: therecord.media/japan-us-south-korea-forum-north-korea-it-worker-scheme
-
Chinese APT Leverages Proxy and VPN Services to Obfuscate Infrastructure
Tags: apt, china, cyber, cybersecurity, data, group, infrastructure, korea, leak, north-korea, service, threat, vpnA significant data dump surfaced on DDoSecrets.com, purportedly extracted from a workstation belonging to a threat actor targeting organizations in South Korea and Taiwan. The leak, detailed in an accompanying article, attributes the activity to the North Korean advanced persistent threat (APT) group known as Kimsuky, a sophisticated actor previously highlighted in cybersecurity advisories for…
-
Kimsuky APT Exposed: GPKI Certificates, Rootkits, and Cobalt Strike Assets Uncovered
A comprehensive operational dump from the North Korean Kimsuky APT organization, also known as APT43, Thallium, or Velvet Chollima, appeared on a dark web forum in an uncommon instance of state-sponsored cyber espionage. This leak, comprising virtual machine images, VPS dumps, phishing kits, rootkits, and over 20,000 browser history records, provides an unparalleled glimpse into…
-
US Government Seeks Medical Records of Trans Youth
Plus: Google wants billions of Chrome users to install an emergency fix, Kristi Noem is on the move, and North Korean IT workers are everywhere. First seen on wired.com Jump to article: www.wired.com/story/us-government-seeks-medical-records-of-trans-youth/
-
Breach Roundup: Scattered Spider Hacker Gets 10 Years
Also: New ‘Quishing’ Tactics, Pro-Houthi Hacker Sentenced to 20 Months. This week, a Scattered Spider hacker sentenced, new squishing tricks, a pro-Houthi hacker gets 20 months in the United Kingdom, a Taiwanese web hosting provider hacked, the Business Council of New York and Ohio Medical Cannabis Center breached, North Korean hackers target Seoul and an…
-
Hackers who exposed North Korean government hacker explain why they did it
The two self-described hacktivists said they had access to the North Korean spy’s computer for around four months before deciding what they had found should be made public. First seen on techcrunch.com Jump to article: techcrunch.com/2025/08/21/hackers-who-exposed-north-korean-government-hacker-explain-why-they-did-it/
-
Hack of North Korean Spy’s Computer Exposes 8.9 GB of Espionage Operations
A North Korean spy’s computer was hacked, leaking phishing logs, stolen South Korean government email platform source code, and links to Chinese hackers. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-north-korea-spy-hack-espionage/
-
DPRK, China Suspected in South Korean Embassy Attacks
Detailed spear-phishing emails sent to European government entities in Seoul are being tied to North Korea, China, or both. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/china-dprk-south-korean-embassy-attacks
-
North Korea Uses GitHub in Diplomat Cyber Attacks as IT Worker Scheme Hits 320+ Firms
North Korean threat actors have been attributed to a coordinated cyber espionage campaign targeting diplomatic missions in their southern counterpart between March and July 2025.The activity manifested in the form of at least 19 spear-phishing emails that impersonated trusted diplomatic contacts with the goal of luring embassy staff and foreign ministry personnel with convincing meeting…
-
North Korea-linked hackers target embassies in Seoul in new espionage campaign
North Korea-linked hackers were seen targeting more than a dozen embassies in Seoul with phishing emails. First seen on therecord.media Jump to article: therecord.media/north-korean-hackers-target-foreign-embassies
-
North Korean Kimsuky Hackers Use GitHub to Target Foreign Embassies with XenoRAT Malware
Tags: cyber, data-breach, email, espionage, github, group, hacker, malware, north-korea, password, phishing, spear-phishingThe Trellix Advanced Research Center exposed a DPRK-linked espionage operation attributed to the Kimsuky group (APT43), targeting diplomatic missions in South Korea. Between March and July, at least 19 spear-phishing emails impersonated trusted diplomatic contacts, delivering malware via password-protected ZIP archives hosted on Dropbox and Daum. These emails lured embassy staff with credible invitations to…
-
North Korean Hackers’ Secret Linux Malware Surfaces Online
Phrack Magazine’s latest issue #72 has unveiled a significant data leak from a suspected North Korean hacking operation, including exploit tactics, compromised system details, and a sophisticated Linux rootkit. The dump, linked to a Chinese threat actor targeting South Korean and Taiwanese government and private sectors, shows overlaps with the North Korean Kimsuky APT group.…
-
North Korea Attacks South Koreans With Ransomware
DPRK hackers are throwing every kind of malware at the wall and seeing what sticks, deploying stealers, backdoors, and ransomware all at once. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/north-korea-attacks-south-koreans-ransomware
-
Hackers breach and expose a major North Korean spying operation
Two hackers broke into the computer of a North Korean government hacker and leaked its contents, offering a rare glimpse inside the secretive nation’s spying operations. First seen on techcrunch.com Jump to article: techcrunch.com/2025/08/12/hackers-breach-and-expose-a-major-north-korean-spying-operation/
-
North Korean Kimsuky Hackers Suffer Data Breach as Insiders Leak Information Online
A member of North Korea’s notorious Kimsuky espionage group has experienced a significant data breach after insiders leaked hundreds of gigabytes of internal files and tools to the public. The breach, which emerged in early June 2025, exposed the group’s sophisticated backdoors, phishing frameworks, and reconnaissance operations, marking a rare setback for the state-sponsored threat…
-
North Korean Kimsuky Hackers Suffer Data Breach as Insiders Leak Information Online
A member of North Korea’s notorious Kimsuky espionage group has experienced a significant data breach after insiders leaked hundreds of gigabytes of internal files and tools to the public. The breach, which emerged in early June 2025, exposed the group’s sophisticated backdoors, phishing frameworks, and reconnaissance operations, marking a rare setback for the state-sponsored threat…
-
North Korean Kimsuky hackers exposed in alleged data breach
The North Korean state-sponsored hackers known as Kimsuky has reportedly suffered a data breach after two hackers, who describe themselves as the opposite of Kimsuky’s values, stole the group’s data and leaked it publicly online. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/north-korean-kimsuky-hackers-exposed-in-alleged-data-breach/