That Asian meal you eat on holidays could launder money for North Korea

March 25, 2024 at 02:36AM The United Nations Panel of Experts’ annual report on sanctions against North Korea reveals that North Korea operates restaurants in several countries to launder approximately $700 million per year. The report also highlights the country’s involvement in cyber attacks and crypto heists, urging stricter compliance activities and international info-sharing to … Read more

N. Korea-linked Kimsuky Shifts to Compiled HTML Help Files in Ongoing Cyberattacks

March 24, 2024 at 02:57AM Kimsuky, a North Korea-linked threat actor, has been observed utilizing Compiled HTML Help (CHM) files to distribute malware, targeting entities in South Korea, North America, Asia, and Europe. The cybersecurity firm Rapid7 has attributed this activity to Kimsuky with moderate confidence. The group’s tactics include deploying an Endoor backdoor malware … Read more

North Korea Hits ScreenConnect Bugs to Drop ‘ToddleShark’ Malware

March 5, 2024 at 03:02PM North Korean hackers exploit ConnectWise’s ScreenConnect software vulnerability with ToddleShark malware. Kimsuky, a DPRK-based APT, targets organizations using the CVE-2024-1709 bug. ToddleShark gathers system info and sends it to attacker-controlled servers via encrypted channels. It evades detection through randomization and junk code. Organizations are urged to patch their systems promptly. … Read more

Lazarus Exploits Typos to Sneak PyPI Malware into Dev Systems

February 29, 2024 at 03:33AM North Korean hackers, Lazarus, uploaded four malware-containing packages to PyPI repository, collectively downloaded 3,269 times. The packages, now removed, targeted Python developers by capitalizing on typos during installation. The attack mirrors Phylum’s discovery of rogue npm packages targeting developers. Both campaigns conceal malicious code within test scripts. JPCERT/CC urges caution … Read more

Lovers’ Spat? North Korea Backdoors Russian Foreign Affairs Ministry

February 23, 2024 at 01:56PM North Korean hackers have been found spying on Russia by planting a backdoor within Russian government software. The backdoor was bundled inside a Russian-language installer associated with an internal tool, “Statistika KZU,” used by Russia’s Ministry of Foreign Affairs. This reveals a targeted and precise approach by North Korean hackers … Read more

New Report Reveals North Korean Hackers Targeting Defense Firms Worldwide

February 20, 2024 at 06:27AM North Korean-sponsored threat actors are conducting cyber espionage targeting the defense sector worldwide. The Lazarus Group is blamed for using social engineering to infiltrate the defense sector through a long-standing operation called Dream Job. Another incident involved an intrusion into a defense research center, executed by a North Korea-based threat … Read more

North Korean hackers linked to defense sector supply-chain attack

February 19, 2024 at 03:26PM The BfV and NIS issued a joint advisory warning of cyber-espionage operations by North Korean actors targeting the global defense sector. The attacks focus on stealing military technology and utilizing tactics like supply-chain attacks and social engineering. The advisory provides detailed steps and recommends security measures such as limiting access, … Read more

South Korea Says Presumed North Korean Hackers Breached Personal Emails of Presidential Staffer

February 14, 2024 at 11:39AM North Korean hackers breached the personal emails of a South Korean President’s staff member before his Europe trip. The cyberattack only affected the staff member’s personal account, and security protocols were violated by using commercial email services for official duties. Yoon’s office detected the breach in advance and ensured overall … Read more

United Nations Digging Into DPRK Crypto Cyberattacks Totaling $3B

February 12, 2024 at 03:46PM The UN is investigating multiple crypto cyberattacks linked to the North Korean regime, believed to have generated billions for funding its nuclear program. Based on the meeting notes, it seems that the UN is looking into numerous cyberattacks related to cryptocurrency that are believed to have generated significant funds for … Read more

North Korea’s ScarCruft Attackers Gear Up to Target Cybersecurity Pros

January 22, 2024 at 03:46PM ScarCruft, a North Korea-sponsored APT group, is preparing for targeted cyberattacks on threat intelligence professionals. They aim to steal nonpublic threat intel and enhance their offensive tactics. The innovative campaign involves using lure related to the Kimsuky APT group to target cybersecurity professionals, and the group is refining their malicious … Read more