The notorious Lazarus Group actor has been observed mounting a new campaign that makes use of the Windows Update service to execute its malicious payload, expanding the arsenal of living-off-the-land (LotL) techniques leveraged by the APT group to further its objectives. The Lazarus Group, also known as APT38, Hidden Cobra, Whois Hacking Team, and Zinc, is the moniker assigned … [Read more...] about North Korean Hackers Using Windows Update Service to Infect PCs with Malware
North
North Korean Hackers Stole Millions from Cryptocurrency Startups Worldwide
Operators associated with the Lazarus sub-group BlueNoroff have been linked to a series of cyberattacks targeting small and medium-sized companies worldwide with an aim to drain their cryptocurrency funds, in what's yet another financially motivated operation mounted by the prolific North Korean state-sponsored actor. Russian cybersecurity company Kaspersky, which is tracking … [Read more...] about North Korean Hackers Stole Millions from Cryptocurrency Startups Worldwide
North Korean Hackers Found Behind a Range of Credential Theft Campaigns
A threat actor with ties to North Korea has been linked to a prolific wave of credential theft campaigns targeting research, education, government, media and other organizations, with two of the attacks also attempting to distribute malware that could be used for intelligence gathering. Enterprise security firm Proofpoint attributed the infiltrations to a group it tracks as … [Read more...] about North Korean Hackers Found Behind a Range of Credential Theft Campaigns
North Korea Exploited VPN Flaw to Hack South’s Nuclear Research Institute
South Korea's state-run Korea Atomic Energy Research Institute (KAERI) on Friday disclosed that its internal network was infiltrated by suspected attackers operating out of its northern counterpart. The intrusion is said to have taken place on May 14 through a vulnerability in an unnamed virtual private network (VPN) vendor and involved a total of 13 IP addresses, one of which … [Read more...] about North Korea Exploited VPN Flaw to Hack South’s Nuclear Research Institute
North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware
A prolific North Korean state-sponsored hacking group has been tied to a new ongoing espionage campaign aimed at exfiltrating sensitive information from organizations in the defense industry. Attributing the attacks with high confidence to the Lazarus Group, the new findings from Kaspersky signal an expansion of the APT actor's tactics by going beyond the usual gamut of … [Read more...] about North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware
North Korean hackers targeting South Korea with RokRat Trojan
A North Korean hacking group has been found deploying the RokRat Trojan in a new spear-phishing campaign targeting the South Korean government. Attributing the attack to APT37 (aka Starcruft, Ricochet Chollima, or Reaper), Malwarebytes said it identified a malicious document last December that, when opened, executes a macro in memory to install the aforementioned remote access … [Read more...] about North Korean hackers targeting South Korea with RokRat Trojan
North Korean Hackers Used ‘Torisma’ Spyware in Job Offers-based Attacks
A cyberespionage campaign aimed at aerospace and defense sectors in order to install data gathering implants on victims' machines for purposes of surveillance and data exfiltration may have been more sophisticated than previously thought. The attacks, which targeted IP-addresses belonging to internet service providers (ISPs) in Australia, Israel, Russia, and defense contractors … [Read more...] about North Korean Hackers Used ‘Torisma’ Spyware in Job Offers-based Attacks
New Kimsuky Module Makes North Korean Spyware More Powerful
A week after the US government issued an advisory about a "global intelligence gathering mission" operated by North Korean state-sponsored hackers, new findings have emerged about the threat group's spyware capabilities. The APT — dubbed "Kimsuky" (aka Black Banshee or Thallium) and believed to be active as early as 2012 — has been now linked to as many as three hitherto … [Read more...] about New Kimsuky Module Makes North Korean Spyware More Powerful
EU sanctions hackers from China, Russia, North Korea who’re wanted by the FBI
The Council of the European Union has imposed its first-ever sanctions against persons or entities involved in various cyber-attacks targeting European citizens, and its member states.The directive has been issued against six individuals and three entities responsible for or involved in various cyber-attacks, out of which some publicly known are 'WannaCry', 'NotPetya', and … [Read more...] about EU sanctions hackers from China, Russia, North Korea who’re wanted by the FBI
North Korean Hackers Spotted Using New Multi-Platform Malware Framework
Lazarus Group, the notorious hacking group with ties to the North Korean regime, has unleashed a new multi-platform malware framework with an aim to infiltrate corporate entities around the world, steal customer databases, and distribute ransomware.Capable of targeting Windows, Linux, and macOS operating systems, the MATA malware framework — so-called because of the authors' … [Read more...] about North Korean Hackers Spotted Using New Multi-Platform Malware Framework