October 30, 2024 at 12:00PM North Korean threat actor Jumpy Pisces, linked to various aliases, has collaborated with the Play ransomware group, marking a significant first. This incident involved compromised accounts, credential harvesting, and deployment of Play ransomware. The connection remains unclear—Jumpy Pisces may be an affiliate or merely an initial access broker. ### Meeting … Read more
October 18, 2024 at 10:48AM North Korean IT workers are infiltrating Western companies under false identities, stealing intellectual property, and demanding ransoms, indicating a shift towards more aggressive tactics. Secureworks highlights evolving risks, advocating for rigorous recruitment checks and awareness regarding suspicious behaviors and financial activities to mitigate insider threats and data extortion. ### Meeting … Read more
October 18, 2024 at 06:40AM North Korean nationals posing as IT workers have been extorting employers by gaining insider access and stealing data. This highlights the security risks associated with hiring foreign IT professionals, particularly those from North Korea. **Meeting Takeaways:** 1. **Issue Identified:** North Korean nationals are posing as IT workers. 2. **Motivation:** They … Read more
October 18, 2024 at 12:33AM Companies increasingly hire North Korean operatives disguised as IT contractors, who exfiltrate data and demand ransoms after being dismissed for poor performance. Secureworks highlights this emerging trend in cyber extortion, urging firms to verify candidates thoroughly, restrict remote software use, and be cautious of suspicious hiring practices. ### Meeting Takeaways: … Read more
October 17, 2024 at 02:08PM North Korean IT professionals are deceiving Western companies to gain employment, access confidential data, and subsequently extort ransoms to prevent data leaks. Cybersecurity firms like Secureworks and KnowBe4 have identified these schemes, involving fraudulent identities and sophisticated tactics to cover their tracks. Companies are advised to be vigilant during hiring … Read more
October 15, 2024 at 05:31PM North Korean threat actors are leveraging a Linux variant of the FASTCash malware to conduct a financial cyber campaign, targeting banks and interbank processors. Originally aimed at Windows systems, the malware manipulates transaction messages to authorize unauthorized withdrawals. Researchers recommend enhanced security measures, including chip and PIN requirements for debit … Read more
October 3, 2024 at 09:03PM APT37, a North Korean state-sponsored threat actor, has targeted Cambodian organizations with a new campaign called “Shrouded#Sleep.” Through spreading malicious emails related to Cambodian affairs in the Khmer language, APT37 introduces a backdoor called “VeilShell” disguised as shortcut files in an infection routine. This campaign demonstrates sophisticated persistence and stealth … Read more
October 3, 2024 at 09:45AM Threat actors linked to North Korea have been identified launching a new campaign named SHROUDED#SLEEP targeting Cambodia and other Southeast Asian countries using the VeilShell backdoor and RAT. The group, APT37, is associated with North Korea’s MSS and uses varied tactics for intelligence gathering. The campaign involves sophisticated techniques and … Read more
October 2, 2024 at 05:49PM North Korean APT group “Stonefly” has pivoted to targeting US private companies for financial gain, evading a recent US indictment and $10 million bounty. Previously focused on espionage, the group deployed Backdoor.Preft and Nukebot in August attacks, intending ransomware deployment. Businesses should watch for Stonefly’s indicators of compromise to guard … Read more
October 2, 2024 at 06:45AM In August 2024, North Korean state-sponsored threat actor Andariel targeted three U.S. organizations in a likely financially motivated attack. While unable to deploy ransomware, it’s part of their pattern. Andariel, a sub-cluster of Lazarus Group, is known for deploying ransomware, creating custom backdoors, and using N-day security flaws for network … Read more