February 20, 2024 at 06:27AM North Korean-sponsored threat actors are conducting cyber espionage targeting the defense sector worldwide. The Lazarus Group is blamed for using social engineering to infiltrate the defense sector through a long-standing operation called Dream Job. Another incident involved an intrusion into a defense research center, executed by a North Korea-based threat … Read more
February 19, 2024 at 03:26PM The BfV and NIS issued a joint advisory warning of cyber-espionage operations by North Korean actors targeting the global defense sector. The attacks focus on stealing military technology and utilizing tactics like supply-chain attacks and social engineering. The advisory provides detailed steps and recommends security measures such as limiting access, … Read more
February 14, 2024 at 11:39AM North Korean hackers breached the personal emails of a South Korean President’s staff member before his Europe trip. The cyberattack only affected the staff member’s personal account, and security protocols were violated by using commercial email services for official duties. Yoon’s office detected the breach in advance and ensured overall … Read more
February 12, 2024 at 03:46PM The UN is investigating multiple crypto cyberattacks linked to the North Korean regime, believed to have generated billions for funding its nuclear program. Based on the meeting notes, it seems that the UN is looking into numerous cyberattacks related to cryptocurrency that are believed to have generated significant funds for … Read more
January 22, 2024 at 03:46PM ScarCruft, a North Korea-sponsored APT group, is preparing for targeted cyberattacks on threat intelligence professionals. They aim to steal nonpublic threat intel and enhance their offensive tactics. The innovative campaign involves using lure related to the Kimsuky APT group to target cybersecurity professionals, and the group is refining their malicious … Read more
January 22, 2024 at 12:06PM In December 2023, media organizations and North Korea experts were targeted by a cyber campaign orchestrated by the threat actor ScarCruft. This North Korea-linked group, also known as APT37, targeted individuals with malicious files, displaying a sophisticated and evolving approach. The attack is indicative of the group’s ongoing efforts to … Read more
January 8, 2024 at 12:09AM North Korean threat actors plundered over $600 million in cryptocurrency in 2023, amounting to almost a third of all funds stolen in crypto attacks. These financially-motivated attacks support the nation’s weapons programs, with stolen assets typically converted to hard currency. The U.S. Treasury Department’s sanctions have not halted their evolving … Read more
January 5, 2024 at 03:06PM TA444, a North Korean state-backed threat actor, has introduced “SpectralBlur,” a new macOS-targeting malware. It offers various capabilities, including file upload/download, shell execution, and command execution. This development underscores the group’s consistent generation of proprietary malware. The malware shares similarities with Lazarus Group’s tools, indicating a significant focus on macOS … Read more
December 29, 2023 at 04:36AM North Korean state actors are using spear-phishing attacks to distribute various malware and backdoors to infiltrate compromised systems. An advanced persistent threat group known as Kimsuky is responsible for the malicious activity, with a focus on targeting entities in South Korea and expanding globally. The group has been sanctioned by … Read more
December 14, 2023 at 09:14AM Summary: Authorities warn that Russia’s SVR’s cyber unit is exploiting a critical vulnerability in JetBrains TeamCity CI/CD server. The exploit could enable manipulation of source code, and potentially facilitate future attacks. The advisory outlines the SVR’s cyber operations and their long-term objectives in cyberspace. Mitigations and indicators of compromise are … Read more