April 11, 2024 at 04:09PM MITRE is adding two new techniques to its ATT&CK database due to exploits by North Korean threat actors. One technique involves TCC manipulation on Apple’s macOS, enabling privileged access for espionage. The other technique, phantom DLL hijacking on Windows, involves exploiting nonexistent DLL files. Both have been used by North … Read more
March 11, 2024 at 12:30AM Microsoft took six months to patch a rootkit vulnerability in Windows discovered by North Korean hackers Lazarus Group. Avast researchers notified Microsoft of an admin-to-kernel exploit, but Microsoft did not prioritize the matter, waiting until February’s patch Tuesday to fix the issue. Critical vulnerabilities were also found in recent Apple … Read more
March 10, 2024 at 08:02PM Japanese cybersecurity officials issued a warning about North Korea’s Lazarus Group targeting the PyPI software repository with tainted Python packages, infecting Windows machines with the Comebacker Trojan. Gartner’s Dale Gardner describes Comebacker as a general purpose Trojan. The attack is a form of typosquatting and may disproportionately impact developers in … Read more
March 4, 2024 at 03:07PM North Korean government spies have conducted digital intrusions into chipmakers, stealing product designs to promote their domestic semiconductor industry. The South Korean National Intelligence Service (NIS) warned of ongoing cyber espionage, suspecting North Korea’s preparation for semiconductor production due to procurement difficulties. The NIS has notified victim companies and is … Read more
February 29, 2024 at 07:09AM The Lazarus Group exploited a zero-day privilege escalation flaw in the Windows Kernel, gaining kernel-level access and disabling security software. Microsoft patched the vulnerability (CVE-2024-21338) as part of Patch Tuesday updates. The group used an in-the-wild admin-to-kernel exploit, allowing them to run the FudModule rootkit, bypass security checks, and disable … Read more
February 29, 2024 at 03:33AM North Korean hackers, Lazarus, uploaded four malware-containing packages to PyPI repository, collectively downloaded 3,269 times. The packages, now removed, targeted Python developers by capitalizing on typos during installation. The attack mirrors Phylum’s discovery of rogue npm packages targeting developers. Both campaigns conceal malicious code within test scripts. JPCERT/CC urges caution … Read more
February 28, 2024 at 12:26PM The Lazarus Group exploited a zero-day flaw in the Windows AppLocker driver to gain kernel-level access and disable security tools. Avast analysts reported the activity, leading to a fix by Microsoft (CVE-2024-21338). The new FudModule rootkit by Lazarus includes advanced evasion techniques. Avast also discovered a previously undocumented RAT used … Read more
February 20, 2024 at 06:27AM North Korean-sponsored threat actors are conducting cyber espionage targeting the defense sector worldwide. The Lazarus Group is blamed for using social engineering to infiltrate the defense sector through a long-standing operation called Dream Job. Another incident involved an intrusion into a defense research center, executed by a North Korea-based threat … Read more
February 19, 2024 at 03:26PM The BfV and NIS issued a joint advisory warning of cyber-espionage operations by North Korean actors targeting the global defense sector. The attacks focus on stealing military technology and utilizing tactics like supply-chain attacks and social engineering. The advisory provides detailed steps and recommends security measures such as limiting access, … Read more
February 14, 2024 at 11:22AM Hackers exploited a stolen private key to generate and steal 1.79 billion PLA tokens from PlayDapp, a blockchain platform for trading non-fungible tokens (NFTs) in games. PlayDapp took immediate measures, including offering a $1 million reward to recover the stolen assets. The attack, potentially by the “Lazarus Group,” resulted in … Read more