November 29, 2023 at 11:54AM The U.S. Treasury has sanctioned and international authorities have seized Sinbad.io, a crypto mixer allegedly used by North Korean Lazarus hackers for laundering money, including millions from high-profile crypto heists. The operation involved the U.S., Netherlands, and Poland, targeting the service to prevent illegal activities. Meeting Takeaways: 1. The U.S. … Read more
November 28, 2023 at 12:06AM The Lazarus Group, a North Korean threat actor, has been observed combining elements from two separate macOS malware strains, RustBucket and KANDYKORN. They are using RustBucket droppers to deliver the KANDYKORN malware. Another macOS-specific malware called ObjCShellz has also been linked to the RustBucket campaign by cybersecurity firm SentinelOne. This … Read more
November 24, 2023 at 01:20PM The National Cyber Security Centre (NCSC) and Korea’s National Intelligence Service (NIS) have warned that the North Korean Lazarus hacking group has been breaching companies using a zero-day vulnerability in the MagicLine4NX software. The group primarily targets South Korean institutions and is known for utilizing supply-chain attacks and zero-day vulnerabilities … Read more
November 24, 2023 at 07:36AM A Taiwanese software company was breached by a North Korean threat group known as Diamond Sleet. The hackers manipulated a legitimate application installer to download and execute a malicious payload. Microsoft has detected their activity and provided indicators of compromise for detection. The threat actor is known for data theft … Read more
November 23, 2023 at 08:44AM The UK and South Korea’s national cybersecurity organizations have issued a joint advisory warning about an increase in the volume and sophistication of North Korean software supply chain attacks. The advisory highlights the use of zero-day and N-day vulnerabilities and multiple exploits to achieve North Korea’s priorities, which include generating … Read more
November 23, 2023 at 01:06AM North Korean threat actor Diamond Sleet is using a trojanized version of a legitimate app developed by CyberLink in a supply chain attack. The poisoned file, hosted on CyberLink’s infrastructure, downloads a second-stage payload. The campaign has affected over 100 devices in Japan, Taiwan, Canada, and the U.S. Microsoft has … Read more
November 8, 2023 at 06:52AM Monero Project’s community crowdfunding system (CCS) wallet was drained of 2,675.73 XMR, amounting to around $437,000, in September. The project suspects that the breach is related to ongoing wallet-draining attacks since April. The team is investigating the breach and has taken additional security measures to protect other wallets. Atomic Wallet … Read more
November 7, 2023 at 09:24AM The BlueNoroff nation-state group, which has connections to North Korea, is behind a newly discovered macOS malware called ObjCShellz. It is used as part of the RustBucket malware campaign and is suspected to be delivered through social engineering. BlueNoroff is a sub-group of the Lazarus Group, known for financial crimes … Read more
November 1, 2023 at 05:36AM State-sponsored threat actors from North Korea’s Lazarus Group have been targeting blockchain engineers of a crypto exchange platform through Discord using a new macOS malware called KANDYKORN. The attacks involve social engineering lures and a multi-stage process to deliver the malware. The Lazarus Group has previously used macOS malware in … Read more
October 27, 2023 at 11:43AM The Lazarus Group, a North Korea-linked threat actor, has launched a new cyber attack campaign targeting a software vendor through known security flaws in another software. The attack involved the deployment of malware families such as SIGNBT and LPEClient. The Lazarus Group has demonstrated advanced evasion techniques and targeted other … Read more