#NorthKorea – Page 3

North Korean Hackers Target Energy and Aerospace Industries with New MISTPEN Malware

September 18, 2024 by Xynik

September 18, 2024 at 07:03AM North Korea-linked cyber-espionage group UNC2970, alias TEMP.Hermit/Lazarus Group, is phishing energy and aerospace targets with job-themed baits, using a backdoor MISTPEN. Mandiant identified its history in strategic intelligence collection for North Korean interests. The group’s Operation Dream Job leverages weaponized PDFs and older software to execute attacks, evolving to avoid … Read more

Developers Beware: Lazarus Group Uses Fake Coding Tests to Spread Malware

September 11, 2024 by Xynik

September 11, 2024 at 06:27AM Cybersecurity researchers have discovered new malicious Python packages targeting software developers, using fake job interviews as lures. Linked to North Korea-backed Lazarus Group, the ongoing campaign dubbed VMConnect employs modified legit PyPI libraries to embed malicious code. Attackers impersonate legitimate companies and use LinkedIn to contact and infect unsuspecting developers. … Read more

North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams

September 7, 2024 by Xynik

September 7, 2024 at 03:39AM North Korean threat actors are using LinkedIn for fake job recruiting operations to target developers, disguising malware as coding challenges. They also employ recruiting-themed lures to deliver malware, as seen in a social engineering campaign involving a malicious PDF. This activity, including crypto heists, is a conduit for generating illicit … Read more

North Korean scammers plan wave of stealth attacks on crypto companies, FBI warns

September 4, 2024 by Xynik

September 4, 2024 at 09:23PM The FBI warned of North Korean operatives planning intricate social engineering attacks on DeFi organization employees to steal cryptocurrency. The scammers use sophisticated tactics and target cryptocurrency-related businesses. North Korea’s efforts to obtain digital assets have become more refined, posing cybersecurity risks. The FBI also provided indicators of potential scam … Read more

North Korean Hackers Deploy FudModule Rootkit via Chrome Zero-Day Exploit

August 31, 2024 by Xynik

August 31, 2024 at 12:06PM North Korean threat actors exploited a recently patched security flaw in Google Chrome and Chromium web browsers to deploy the FudModule rootkit. Microsoft attributed this activity to a group known as Citrine Sleet, part of the Lazarus Group, targeting financial institutions involved in cryptocurrency. The attack involved a zero-day exploit … Read more

North Korean Hackers Target Developers with Malicious npm Packages

August 30, 2024 by Xynik

August 30, 2024 at 02:42AM Threat actors linked to North Korea are targeting developers with malware to steal cryptocurrency assets. The campaign involves publishing malicious packages to the npm registry. The attackers use various tactics, including fake job interviews and obfuscated JavaScript, to deploy malware and exfiltrate sensitive data. CrowdStrike has linked the group to … Read more

DOJ Charges Nashville Man for Helping North Koreans Get U.S. Tech Jobs

August 9, 2024 by Xynik

August 9, 2024 at 03:33AM The U.S. Department of Justice has charged a man from Nashville for running a “laptop farm” to help North Korean actors obtain remote IT jobs with American and British companies. Matthew Isaac Knoot faces multiple charges and potential imprisonment. The scheme aimed to fund North Korea’s weapons program by defrauding … Read more

University Professors Targeted by North Korean Cyber Espionage Group

August 8, 2024 by Xynik

August 8, 2024 at 12:21PM Kimsuky, a North Korea-linked threat actor, has been identified in new cyber attacks targeting university staff for intelligence gathering. The attacks involve spear-phishing campaigns and use of a web shell to capture credentials and stage phishing pages. To combat this, users are advised to enable multi-factor authentication and scrutinize URLs … Read more

North Korea-Linked Malware Targets Developers on Windows, Linux, and macOS

July 31, 2024 by Xynik

July 31, 2024 at 09:45AM A malware campaign, DEV#POPPER, is targeting software developers across Windows, Linux, and macOS systems. Linked to North Korea, the threat actors use social engineering to trick victims into divulging information or downloading malicious software. The campaign uses obfuscated JavaScript and Python backdoors, along with enhanced obfuscation and remote monitoring to … Read more

US Offers $10M Reward for Information on North Korean Hacker

July 26, 2024 by Xynik

July 26, 2024 at 02:34PM The US Department of Justice has unsealed an indictment of a North Korean military intelligence operative, Rom Jong Hyok, accused of carrying out ransomware attacks against US healthcare facilities, and funneling the ransom payments to other breaches globally. The hacking crew, Andariel, controlled by DPRK’s military intelligence agency, poses an … Read more