July 17, 2024 at 03:12PM North Korea state-sponsored hackers have targeted macOS users with a new variant of BeaverTail malware, posing as a fake job interview to trick victims into downloading a malicious version of Microtalk. Cybersecurity researcher Patrick Wardle uncovered the campaign, highlighting the hackers’ use of social engineering tactics and the execution of … Read more
June 28, 2024 at 12:51PM The North Korea-linked threat actor Kimsuky has been using a new malicious Google Chrome extension, codenamed TRANSLATEXT, to conduct cyber espionage targeting South Korean academia. This extension gathers sensitive information and is designed to bypass security measures, capture browser screenshots, and exfiltrate stolen data. Kimsuky is known for orchestrating cyber … Read more
June 25, 2024 at 08:48AM CoinStats, a cryptocurrency portfolio manager, was back online after hackers drained over $2 million from 1,590 hosted wallets. The platform assured that only 1.3% of CoinStats Wallets were affected. CoinStats requires read-only access to connected wallets, mitigating the risk to users’ funds. The CEO revealed the attack was likely orchestrated … Read more
June 14, 2024 at 03:12AM North Korean threat actors have been increasingly targeting Brazil, mainly focusing on government, aerospace, technology, and financial sectors. These attacks involve using job-themed social engineering campaigns and spreading malware through cryptocurrency professionals and fake npm packages. Google and Microsoft have highlighted tactics used by different North Korean groups, shedding light … Read more
June 3, 2024 at 04:36AM Andariel, a North Korea-linked threat actor, has been using a new Golang-based backdoor called Dora RAT in cyber attacks targeting South Korean educational institutes, manufacturing firms, and construction businesses. The attacks involve the use of multiple malware strains, a vulnerable Apache Tomcat server, and known security vulnerabilities in software. Andariel … Read more
May 17, 2024 at 02:36PM Three individuals have been arrested for allegedly facilitating North Korea’s attempts to fund its weapons program using US money. They are accused of using various methods, such as securing jobs and running a laptop farm, to extract funds from the US economy. The scheme involved defrauding major US companies and … Read more
May 17, 2024 at 12:58PM The U.S. Justice Department charged five individuals, including a U.S. Citizen woman and a Ukrainian man, for their involvement in North Korea’s cyber schemes to infiltrate U.S. job markets and generate revenue for the country’s nuclear weapons program. The State Department announced a reward of up to $5 million for … Read more
May 17, 2024 at 06:18AM The U.S. Justice Department charged five individuals, including a U.S. citizen woman, a Ukrainian man, and three foreign nationals, for participation in cyber schemes benefiting North Korea’s nuclear weapons program. The defendants are accused of fraud, money laundering, and identity theft, with alleged involvement in a campaign to infiltrate U.S. … Read more
May 17, 2024 at 05:33AM The Kimsuky APT group, associated with North Korea’s Reconnaissance General Bureau, has been observed deploying the Gomir backdoor on Linux to target South Korean organizations. The malware shares extensive code with GoBear and is distributed through trojanized security programs. The campaign highlights the preference for software installation packages as infiltration … Read more
May 16, 2024 at 10:16AM Kimsuky, a North Korean hacker group, has been using trojanized software packages to deliver Gomir, a Linux malware, linked to the Reconnaissance General Bureau. The malware shares similarities with GoBear and allows various operations on the infected system, indicating a sophisticated espionage attack method against South Korean targets.Symantec provided indicators … Read more