March 2, 2024 at 10:58AM Microsoft recently patched a high-severity Windows Kernel vulnerability, CVE-2024-21338, which was actively exploited for six months after it was reported. The flaw allowed attackers to gain SYSTEM privileges without user interaction. Avast discovered that North Korean Lazarus hackers used the vulnerability to gain kernel-level access and evade security tools. Windows … Read more
February 29, 2024 at 06:45AM Cybersecurity firm Avast reported that the North Korean group Lazarus exploited a Windows zero-day vulnerability, CVE-2024-21338, using a rootkit called FudModule for privilege escalation. Microsoft patched the flaw but initially did not list it as a zero-day. The attack aimed at evading detection and included a new variant of the … Read more
February 28, 2024 at 10:08AM JPCERT/CC warns of North Korean hacker group Lazarus uploading four malicious PyPI packages to infect developers with malware. These packages allow access to developer networks, enabling financial fraud and supply chain attacks. The malware, named “Comebacker,” connects to the attacker’s server and executes further Windows malware. Previous attacks by Lazarus … Read more
February 16, 2024 at 09:38AM Lazarus, the North Korean hacker collective known for large-scale cryptocurrency heists, has shifted to using YoMix bitcoin mixer for laundering stolen funds. Chainalysis reports a surge in YoMix activity tied to Lazarus, evidencing their adaptability to avoid sanctions on other mixing services. The report also details trends in cryptocurrency laundering … Read more
January 5, 2024 at 08:42AM Security researchers have uncovered SpectralBlur, a new macOS backdoor linked to the North Korean malware family KandyKorn. The malware, with capabilities such as file manipulation and communication with the command-and-control server, shares similarities with KandyKorn. It is believed to be another addition to the arsenal of Lazarus, a prominent North … Read more
December 11, 2023 at 04:29PM Lazarus, the North Korean hacking group, is utilizing CVE-2021-44228 to launch new malware families written in DLang as part of “Operation Blacksmith.” This campaign, targeting various industries, demonstrates the group’s evolving tactics. The new malware includes the remote access trojans NineRAT and DLRAT, as well as the downloader BottomLoader. Lazarus … Read more
December 11, 2023 at 10:12AM Lazarus, a North Korea-linked hacking group, has been using the Dlang malware in attacks on organizations in manufacturing, agriculture, and physical security sectors. Cisco’s Talos security researchers identify Lazarus as the perpetrator of these attacks, using the NineRAT, DLRAT, and BottomLoader malware families against unpatched systems. The attacks are related … Read more
November 24, 2023 at 01:28PM The National Cyber Security Centre (NCSC) and Korea’s National Intelligence Service (NIS) have issued a joint advisory warning about a hacking group called Lazarus, based in North Korea. The group has been using a zero-day vulnerability in the MagicLine4NX software, developed by South Korean company Dream Security, to conduct supply-chain … Read more
November 7, 2023 at 10:03AM Security firm Jamf has discovered a new macOS malware called ObjCShellz that is believed to be used by North Korean hackers to target cryptocurrency exchanges. The malware, tracked as part of the RustBucket Campaign, allows attackers to deliver macOS instructions and collect responses while remaining undetected. Although the purpose of … Read more
November 7, 2023 at 09:48AM North Korean state-sponsored hackers have been observed using a new macOS malware called “ObjCShellz” as part of the RustBucket campaign targeting financial organizations. The malware, attributed to the BlueNoroff group, is written in Objective-C and allows attackers remote shell capabilities. The campaign uses social engineering and disguises itself as a … Read more