Kimsuky hackers deploy new Linux backdoor via trojanized installers

May 16, 2024 at 09:35AM North Korean hacker group Kimsuki, linked to military intelligence, used trojanized software packages to deliver Linux malware Gomir in cyberespionage campaigns against South Korean targets. The malware, a variant of GoBear, exhibits persistent behaviors on Linux machines and supports 17 operations through HTTP POST requests. It’s part of a supply-chain … Read more

NSA warns of North Korean hackers exploiting weak DMARC email policies

May 3, 2024 at 03:24PM The NSA and FBI warned of APT43, a North Korea-linked hacking group exploiting weak DMARC policies to launch spearphishing attacks. The attacks aim to gather intelligence on geopolitical events and gain access to private documents and communications. To mitigate this, organizations are advised to update their DMARC policies to prevent … Read more

US Says North Korean Hackers Exploiting Weak DMARC SettingsĀ 

May 3, 2024 at 12:15PM The US government warns of North Korea-linked hacking group Kimsuky exploiting weak email DMARC settings to conceal spear phishing attacks. They collect intelligence on geopolitical events and maintain access to information affecting North Korean interests. Kimsuky has been engaging in cyber activities since 2012 and conducts well-researched spear phishing campaigns. … Read more

North Korea APT Triumvirate Spied on South Korean Defense Industry For Years

April 24, 2024 at 12:35PM North Korea’s APTs have been spying on South Korean defense contractors for at least a year and a half. Andariel, Kimsuky, and the broader Lazarus Group were involved in espionage campaigns, with details released by South Korean police. The announcement came after North Korea conducted its first-ever nuclear counterattack drill. … Read more

Microsoft Warns: North Korean Hackers Turn to AI-Fueled Cyber Espionage

April 22, 2024 at 03:30AM Microsoft reports that North Korea-linked cyber actors are using AI for more efficient operations. The group, identified as Emerald Sleet, employs AI language models for spear-phishing and reconnaissance efforts. They’ve also engaged in cryptocurrency theft and supply chain attacks, utilizing tactics to generate revenue and collect intelligence on the US, … Read more

That Asian meal you eat on holidays could launder money for North Korea

March 25, 2024 at 02:36AM The United Nations Panel of Experts’ annual report on sanctions against North Korea reveals that North Korea operates restaurants in several countries to launder approximately $700 million per year. The report also highlights the country’s involvement in cyber attacks and crypto heists, urging stricter compliance activities and international info-sharing to … Read more

N. Korea-linked Kimsuky Shifts to Compiled HTML Help Files in Ongoing Cyberattacks

March 24, 2024 at 02:57AM Kimsuky, a North Korea-linked threat actor, has been observed utilizing Compiled HTML Help (CHM) files to distribute malware, targeting entities in South Korea, North America, Asia, and Europe. The cybersecurity firm Rapid7 has attributed this activity to Kimsuky with moderate confidence. The group’s tactics include deploying an Endoor backdoor malware … Read more

North Korea Hits ScreenConnect Bugs to Drop ‘ToddleShark’ Malware

March 5, 2024 at 03:02PM North Korean hackers exploit ConnectWise’s ScreenConnect software vulnerability with ToddleShark malware. Kimsuky, a DPRK-based APT, targets organizations using the CVE-2024-1709 bug. ToddleShark gathers system info and sends it to attacker-controlled servers via encrypted channels. It evades detection through randomization and junk code. Organizations are urged to patch their systems promptly. … Read more

Lazarus Exploits Typos to Sneak PyPI Malware into Dev Systems

February 29, 2024 at 03:33AM North Korean hackers, Lazarus, uploaded four malware-containing packages to PyPI repository, collectively downloaded 3,269 times. The packages, now removed, targeted Python developers by capitalizing on typos during installation. The attack mirrors Phylum’s discovery of rogue npm packages targeting developers. Both campaigns conceal malicious code within test scripts. JPCERT/CC urges caution … Read more

Lovers’ Spat? North Korea Backdoors Russian Foreign Affairs Ministry

February 23, 2024 at 01:56PM North Korean hackers have been found spying on Russia by planting a backdoor within Russian government software. The backdoor was bundled inside a Russian-language installer associated with an internal tool, “Statistika KZU,” used by Russia’s Ministry of Foreign Affairs. This reveals a targeted and precise approach by North Korean hackers … Read more