October 31, 2024 at 11:37AM North Korea’s Andariel group has begun using Play ransomware, marking their first collaboration with an underground ransomware network. This shift indicates a potential increase in high-impact attacks. Researchers recommend heightened vigilance against future ransomware incidents, as the group remains a significant threat, particularly in sectors vulnerable to cyber attacks. ### … Read more
October 30, 2024 at 12:01PM The North Korean hacking group Andariel is linked to the Play ransomware operation, potentially as an affiliate or initial access broker. Researchers found they compromised a network to deploy Play ransomware. This collaboration may help evade sanctions, similar to tactics used by other sanctioned groups like Evil Corp and Iranian … Read more
October 2, 2024 at 06:45AM In August 2024, North Korean state-sponsored threat actor Andariel targeted three U.S. organizations in a likely financially motivated attack. While unable to deploy ransomware, it’s part of their pattern. Andariel, a sub-cluster of Lazarus Group, is known for deploying ransomware, creating custom backdoors, and using N-day security flaws for network … Read more
July 26, 2024 at 07:03AM The US Department of State is offering a $10 million reward for information on Rim Jong Hyok, a North Korean national charged with hacking hospitals, military bases, and NASA. Operating on behalf of a North Korean military intelligence agency, Rim and his group, APT45, have targetted foreign businesses, government entities, … Read more
July 25, 2024 at 05:32PM A cyber-espionage group, Andariel, sponsored by North Korea, is targeting organizations across the world, especially in the US. The group is stealing technical and intellectual property for its nuclear and military programs. They fund their activities through ransomware attacks on US healthcare entities. The US government has issued a warning … Read more
June 3, 2024 at 04:36AM Andariel, a North Korea-linked threat actor, has been using a new Golang-based backdoor called Dora RAT in cyber attacks targeting South Korean educational institutes, manufacturing firms, and construction businesses. The attacks involve the use of multiple malware strains, a vulnerable Apache Tomcat server, and known security vulnerabilities in software. Andariel … Read more
December 11, 2023 at 01:13PM Research revealed that Lazarus Group used novel malware strains written in the atypical programming language DLang. The attacks, part of “Operation Blacksmith,” targeted organizations in various industries. This included the use of NineRAT and BottomLoader, with DLang’s usage representing a shift towards newer languages in malware coding, mirroring trends in … Read more
December 11, 2023 at 11:22AM North Korean hackers, under the Andariel group within the Lazarus collective, continue to exploit Log4Shell by launching attacks using new remote access Trojans written in the “D” programming language. These attacks illustrate their uniqueness as they exploit rare programming languages to evade detection, adding complexity to malware detection efforts. Their … Read more
December 11, 2023 at 09:12AM The Lazarus Group, a North Korea-linked threat actor, has launched a global campaign exploiting Log4j security flaws to deploy remote access trojans. Cisco Talos named the operation “Operation Blacksmith,” noting the use of DLang-based malware families. The group’s tactics overlap with Andariel, targeting various sectors and using NineRAT through a … Read more
October 19, 2023 at 03:21AM North Korean threat actors are exploiting a security flaw in JetBrains TeamCity to breach vulnerable servers. The attacks are attributed to Diamond Sleet and Onyx Sleet, both part of the Lazarus Group. The attacks involve compromising TeamCity servers and deploying known implants or malicious DLLs. Microsoft observed the use of … Read more