October 15, 2024 at 05:31PM North Korean threat actors are leveraging a Linux variant of the FASTCash malware to conduct a financial cyber campaign, targeting banks and interbank processors. Originally aimed at Windows systems, the malware manipulates transaction messages to authorize unauthorized withdrawals. Researchers recommend enhanced security measures, including chip and PIN requirements for debit … Read more
October 3, 2024 at 09:03PM APT37, a North Korean state-sponsored threat actor, has targeted Cambodian organizations with a new campaign called “Shrouded#Sleep.” Through spreading malicious emails related to Cambodian affairs in the Khmer language, APT37 introduces a backdoor called “VeilShell” disguised as shortcut files in an infection routine. This campaign demonstrates sophisticated persistence and stealth … Read more
October 3, 2024 at 09:45AM Threat actors linked to North Korea have been identified launching a new campaign named SHROUDED#SLEEP targeting Cambodia and other Southeast Asian countries using the VeilShell backdoor and RAT. The group, APT37, is associated with North Korea’s MSS and uses varied tactics for intelligence gathering. The campaign involves sophisticated techniques and … Read more
October 2, 2024 at 05:49PM North Korean APT group “Stonefly” has pivoted to targeting US private companies for financial gain, evading a recent US indictment and $10 million bounty. Previously focused on espionage, the group deployed Backdoor.Preft and Nukebot in August attacks, intending ransomware deployment. Businesses should watch for Stonefly’s indicators of compromise to guard … Read more
October 2, 2024 at 06:45AM In August 2024, North Korean state-sponsored threat actor Andariel targeted three U.S. organizations in a likely financially motivated attack. While unable to deploy ransomware, it’s part of their pattern. Andariel, a sub-cluster of Lazarus Group, is known for deploying ransomware, creating custom backdoors, and using N-day security flaws for network … Read more
September 30, 2024 at 01:45PM A professional hacking team affiliated with the North Korean government infiltrated the German company Diehl Defence, known for producing air defense systems and missiles, using phishing tactics to target employees. The group, attributed to the Kimsuky APT, employed booby-trapped files and mock job offers to carry out the attack. Kimsuky … Read more
September 23, 2024 at 03:30AM Threat actors linked to North Korea have been using poisoned Python packages to distribute a new malware called PondRAT, part of an ongoing campaign. The attacks are part of an operation known as Operation Dream Job and aim to compromise supply chain vendors and their customers. The attackers have been … Read more
September 20, 2024 at 04:21PM North Korean threat group, Gleaming Pisces, is suspected of covertly embedding remote access malware into open source Python packages for macOS and Linux, targeting developers. The malware, named PondRAT, executes malicious code to download a trojan. The group’s focus on non-Windows systems reflects its audience: developers. Vigilance against phishing attacks … Read more
September 19, 2024 at 09:01PM Geopolitical tensions have led to a surge in cyberattacks on US and allied organizations by North Korean cyber-espionage group Kimsuky. The group has successfully exploited poorly configured DMARC policies for spear-phishing campaigns targeting high-profile individuals and organizations. Ensuring properly configured DMARC is critical to defend against these attacks and protect … Read more
September 18, 2024 at 11:14AM UNC2970, a North Korean threat actor, has been using job-themed lures to distribute new malware to individuals in critical infrastructure sectors. Mandiant reported that UNC2970 targeted individuals in the US, UK, Netherlands, Cyprus, Germany, Sweden, Singapore, Hong Kong, and Australia. The group has been using fake job descriptions to target … Read more