November 25, 2024 at 08:01AM Microsoft reports that North Korean fake IT workers have infiltrated global markets, particularly in the US, UK, and Australia, generating revenue for the regime while potentially stealing data. Numerous fake profiles exist online, and various North Korean threat actors engage in phishing and cryptocurrency theft, targeting sensitive sectors like aerospace … Read more
November 21, 2024 at 07:15AM Threat actors linked to North Korea are impersonating U.S. tech companies to evade sanctions and fund weapons programs. Using forged identities, they secure jobs and funnel earnings back to the DPRK. The U.S. seized numerous fraudulent websites as part of efforts to counter these illicit operations. ### Meeting Takeaways: Malware … Read more
November 12, 2024 at 10:46AM North Korean threat actors are targeting macOS systems with trojanized cryptocurrency-themed apps built using Flutter, which bypassed Apple’s security checks. Discovered by Jamf Threat Labs, these signed and notarized apps connected to DPRK servers and executed scripts. Apple revoked their signatures, but the full extent of the operation is unclear. … Read more
November 7, 2024 at 01:16PM North Korean cryptocurrency hackers have been targeting macOS users by using deceptive PDF applications, backdoors, and innovative persistence techniques to infiltrate systems. ### Meeting Takeaways: 1. **Threat Overview**: North Korean cryptocurrency thieves are actively targeting macOS users. 2. **Method of Attack**: Attackers are utilizing fake PDF applications to execute their … Read more
November 6, 2024 at 09:40PM The EU, US, and South Korea are concerned about Russia transferring military technology to North Korea in exchange for troop assistance against Ukraine. Secretary Blinken indicated that North Korean soldiers are being trained in Russia, with potential destabilizing implications for international security due to possible technology exchanges. ### Meeting Takeaways: … Read more
October 30, 2024 at 12:00PM North Korean threat actor Jumpy Pisces, linked to various aliases, has collaborated with the Play ransomware group, marking a significant first. This incident involved compromised accounts, credential harvesting, and deployment of Play ransomware. The connection remains unclear—Jumpy Pisces may be an affiliate or merely an initial access broker. ### Meeting … Read more
October 18, 2024 at 10:48AM North Korean IT workers are infiltrating Western companies under false identities, stealing intellectual property, and demanding ransoms, indicating a shift towards more aggressive tactics. Secureworks highlights evolving risks, advocating for rigorous recruitment checks and awareness regarding suspicious behaviors and financial activities to mitigate insider threats and data extortion. ### Meeting … Read more
October 18, 2024 at 06:40AM North Korean nationals posing as IT workers have been extorting employers by gaining insider access and stealing data. This highlights the security risks associated with hiring foreign IT professionals, particularly those from North Korea. **Meeting Takeaways:** 1. **Issue Identified:** North Korean nationals are posing as IT workers. 2. **Motivation:** They … Read more
October 18, 2024 at 12:33AM Companies increasingly hire North Korean operatives disguised as IT contractors, who exfiltrate data and demand ransoms after being dismissed for poor performance. Secureworks highlights this emerging trend in cyber extortion, urging firms to verify candidates thoroughly, restrict remote software use, and be cautious of suspicious hiring practices. ### Meeting Takeaways: … Read more
October 17, 2024 at 02:08PM North Korean IT professionals are deceiving Western companies to gain employment, access confidential data, and subsequently extort ransoms to prevent data leaks. Cybersecurity firms like Secureworks and KnowBe4 have identified these schemes, involving fraudulent identities and sophisticated tactics to cover their tracks. Companies are advised to be vigilant during hiring … Read more