September 30, 2024 at 01:45PM A professional hacking team affiliated with the North Korean government infiltrated the German company Diehl Defence, known for producing air defense systems and missiles, using phishing tactics to target employees. The group, attributed to the Kimsuky APT, employed booby-trapped files and mock job offers to carry out the attack. Kimsuky … Read more
September 23, 2024 at 03:30AM Threat actors linked to North Korea have been using poisoned Python packages to distribute a new malware called PondRAT, part of an ongoing campaign. The attacks are part of an operation known as Operation Dream Job and aim to compromise supply chain vendors and their customers. The attackers have been … Read more
September 20, 2024 at 04:21PM North Korean threat group, Gleaming Pisces, is suspected of covertly embedding remote access malware into open source Python packages for macOS and Linux, targeting developers. The malware, named PondRAT, executes malicious code to download a trojan. The group’s focus on non-Windows systems reflects its audience: developers. Vigilance against phishing attacks … Read more
September 19, 2024 at 09:01PM Geopolitical tensions have led to a surge in cyberattacks on US and allied organizations by North Korean cyber-espionage group Kimsuky. The group has successfully exploited poorly configured DMARC policies for spear-phishing campaigns targeting high-profile individuals and organizations. Ensuring properly configured DMARC is critical to defend against these attacks and protect … Read more
September 18, 2024 at 11:14AM UNC2970, a North Korean threat actor, has been using job-themed lures to distribute new malware to individuals in critical infrastructure sectors. Mandiant reported that UNC2970 targeted individuals in the US, UK, Netherlands, Cyprus, Germany, Sweden, Singapore, Hong Kong, and Australia. The group has been using fake job descriptions to target … Read more
September 18, 2024 at 07:03AM North Korea-linked cyber-espionage group UNC2970, alias TEMP.Hermit/Lazarus Group, is phishing energy and aerospace targets with job-themed baits, using a backdoor MISTPEN. Mandiant identified its history in strategic intelligence collection for North Korean interests. The group’s Operation Dream Job leverages weaponized PDFs and older software to execute attacks, evolving to avoid … Read more
September 11, 2024 at 06:27AM Cybersecurity researchers have discovered new malicious Python packages targeting software developers, using fake job interviews as lures. Linked to North Korea-backed Lazarus Group, the ongoing campaign dubbed VMConnect employs modified legit PyPI libraries to embed malicious code. Attackers impersonate legitimate companies and use LinkedIn to contact and infect unsuspecting developers. … Read more
September 7, 2024 at 03:39AM North Korean threat actors are using LinkedIn for fake job recruiting operations to target developers, disguising malware as coding challenges. They also employ recruiting-themed lures to deliver malware, as seen in a social engineering campaign involving a malicious PDF. This activity, including crypto heists, is a conduit for generating illicit … Read more
September 4, 2024 at 09:23PM The FBI warned of North Korean operatives planning intricate social engineering attacks on DeFi organization employees to steal cryptocurrency. The scammers use sophisticated tactics and target cryptocurrency-related businesses. North Korea’s efforts to obtain digital assets have become more refined, posing cybersecurity risks. The FBI also provided indicators of potential scam … Read more
August 31, 2024 at 12:06PM North Korean threat actors exploited a recently patched security flaw in Google Chrome and Chromium web browsers to deploy the FudModule rootkit. Microsoft attributed this activity to a group known as Citrine Sleet, part of the Lazarus Group, targeting financial institutions involved in cryptocurrency. The attack involved a zero-day exploit … Read more