November 14, 2024 at 11:16AM Hackers are using a new technique called RustyAttr to conceal malware in macOS file metadata, evading detection by employing decoy PDFs. This method, reminiscent of Bundlore adware, attributes the samples to North Korean group Lazarus. The malware remains undetected by security agents, indicating an experimental delivery approach. ### Meeting Takeaways … Read more
November 14, 2024 at 04:57AM A new malware, RustyAttr, has been linked to the North Korean Lazarus Group, utilizing macOS file extended attributes to execute attacks. Disguised as legitimate applications, it uses distractions like error messages and fake PDFs. Protection remains effective on macOS systems, but social engineering may still be needed to bypass safeguards. … Read more
October 24, 2024 at 06:06AM The Lazarus Group exploited a now-patched zero-day vulnerability in Google Chrome to control devices by targeting cryptocurrency sector individuals via a fake game website. Disguised as a decentralized finance game, the attack, discovered by Kaspersky, began in February 2024 and involved advanced social engineering tactics. ### Meeting Takeaways on Lazarus … Read more
October 23, 2024 at 05:20PM The Lazarus Group is targeting cryptocurrency users with a sophisticated scam involving a fake game website, exploiting a Chrome zero-day bug, and utilizing professional social media accounts. Researchers from Kaspersky warn this campaign, launched in February, highlights Lazarus’s evolving tactics and focus on generating revenue for North Korea’s missile program. … Read more
October 23, 2024 at 02:08PM The North Korean Lazarus hacking group exploited a Google Chrome zero-day (CVE-2024-4947) through a fake DeFi game, targeting cryptocurrency users. Discovered by Kaspersky on May 13, 2024, the exploit gained access to sensitive data. Google issued a fix by May 25, 2024, addressing the vulnerability. ### Meeting Takeaways: **Incident Overview:** … Read more
October 7, 2024 at 08:30PM The US government filed two lawsuits to recover over $2.67 million stolen by North Korea’s Lazarus Group. The first lawsuit stems from the 2022 Deribit hack, where about $28 million was drained and $1.7 million worth of Tether was recovered. The second lawsuit involves the alleged theft of $41 million … Read more
October 2, 2024 at 06:45AM In August 2024, North Korean state-sponsored threat actor Andariel targeted three U.S. organizations in a likely financially motivated attack. While unable to deploy ransomware, it’s part of their pattern. Andariel, a sub-cluster of Lazarus Group, is known for deploying ransomware, creating custom backdoors, and using N-day security flaws for network … Read more
September 23, 2024 at 08:06AM The past week’s cybersecurity landscape was a rollercoaster ride. Notable events include the dismantling of the Raptor Train botnet, North Korean hackers deploying a new malware, takedown of criminal networks iServer and Ghost, and developments in the Apple vs. NSO Group lawsuit. These incidents underscore the evolving nature of cyber … Read more
September 4, 2024 at 12:21PM North Korean threat actors have created a malicious campaign called Contagious Interview, using fake job interviews to distribute malware. They have now been using fake video conferencing applications to backdoor developer systems. This activity is attributed to the North Korean threat actor Famous Chollima. The campaign is targeting job seekers … Read more
August 31, 2024 at 12:06PM North Korean threat actors exploited a recently patched security flaw in Google Chrome and Chromium web browsers to deploy the FudModule rootkit. Microsoft attributed this activity to a group known as Citrine Sleet, part of the Lazarus Group, targeting financial institutions involved in cryptocurrency. The attack involved a zero-day exploit … Read more