August 23, 2024 at 10:05AM The federal police in Argentina arrested a 29-year-old Russian national in Buenos Aires for money laundering charges related to cryptocurrency proceeds of the North Korean hackers’ Lazarus Group. Based on the meeting notes, it seems that the federal police in Argentina (PFA) have arrested a 29-year-old Russian national in Buenos … Read more
August 21, 2024 at 07:33AM Cybersecurity researchers recently discovered a new macOS malware, TodoSwift, with similarities to known malicious software linked to North Korean hacking groups. It exhibits behaviors seen in previous DPRK malware, such as RustBucket and KANDYKORN, and is associated with the Lazarus Group’s attempts to target cryptocurrency businesses. TodoSwift is distributed as … Read more
August 19, 2024 at 03:15AM A critical privilege escalation bug in the Windows Ancillary Function Driver (AFD.sys) for WinSock, tracked as CVE-2024-38193, was exploited by North Korean state-sponsored actor Lazarus Group. The flaw allowed unauthorized access to sensitive system areas and was addressed in Microsoft’s Patch Tuesday update. The attacks also involved the use of … Read more
August 5, 2024 at 01:24PM The South Korean National Cyber Security Center (NCSC) warns that state-backed DPRK hackers exploited VPN software flaws to deploy malware and breach networks. The activity is connected to a nationwide industrial modernization project announced by Kim Jong-un. The threat groups implicated are Kimsuky and Andariel, targeting the same sector simultaneously. … Read more
July 3, 2024 at 12:15AM An unnamed South Korean enterprise resource planning (ERP) vendor’s product update server was compromised, leading to the delivery of a Go-based backdoor called Xctdoor. AhnLab Security Intelligence Center identified the attack, which shares similarities with tactics used by the infamous Lazarus Group. The attack also involved a malware injector called … Read more
June 25, 2024 at 08:48AM CoinStats, a cryptocurrency portfolio manager, was back online after hackers drained over $2 million from 1,590 hosted wallets. The platform assured that only 1.3% of CoinStats Wallets were affected. CoinStats requires read-only access to connected wallets, mitigating the risk to users’ funds. The CEO revealed the attack was likely orchestrated … Read more
May 29, 2024 at 07:00AM A new North Korean threat actor, Moonstone Sleet, is attributed to cyber attacks targeting various sectors with ransomware and bespoke malware previously associated with the infamous Lazarus Group. Moonstone Sleet uses a combination of old and unique techniques to achieve its objectives, posing a significant threat. The disclosure warns of … Read more
April 25, 2024 at 01:51PM The Lazarus Group utilized job lures to distribute the Kaolin RAT, enabling deployment of the FudModule rootkit. This advanced operation, deemed overkill by Avast, involves a multi-stage sequence to ultimately establish communications with the RAT’s C2 server. The malware is capable of various operations including file manipulation and process execution, … Read more
April 24, 2024 at 12:35PM North Korea’s APTs have been spying on South Korean defense contractors for at least a year and a half. Andariel, Kimsuky, and the broader Lazarus Group were involved in espionage campaigns, with details released by South Korean police. The announcement came after North Korea conducted its first-ever nuclear counterattack drill. … Read more
April 11, 2024 at 06:05PM MITRE will add two sub-techniques to ATT&CK database, exploited by North Korean threat actors. TCC manipulation involves Apple macOS application permissions. “Phantom” DLL hijacking exploits nonexistent DLLs in Windows. These techniques allow hackers to gain privileged access and perform espionage. It’s crucial to keep SIP enabled and monitor DLL loading … Read more