January 22, 2024 at 12:06PM In December 2023, media organizations and North Korea experts were targeted by a cyber campaign orchestrated by the threat actor ScarCruft. This North Korea-linked group, also known as APT37, targeted individuals with malicious files, displaying a sophisticated and evolving approach. The attack is indicative of the group’s ongoing efforts to … Read more
January 8, 2024 at 12:09AM North Korean threat actors plundered over $600 million in cryptocurrency in 2023, amounting to almost a third of all funds stolen in crypto attacks. These financially-motivated attacks support the nation’s weapons programs, with stolen assets typically converted to hard currency. The U.S. Treasury Department’s sanctions have not halted their evolving … Read more
January 5, 2024 at 03:06PM TA444, a North Korean state-backed threat actor, has introduced “SpectralBlur,” a new macOS-targeting malware. It offers various capabilities, including file upload/download, shell execution, and command execution. This development underscores the group’s consistent generation of proprietary malware. The malware shares similarities with Lazarus Group’s tools, indicating a significant focus on macOS … Read more
December 29, 2023 at 04:36AM North Korean state actors are using spear-phishing attacks to distribute various malware and backdoors to infiltrate compromised systems. An advanced persistent threat group known as Kimsuky is responsible for the malicious activity, with a focus on targeting entities in South Korea and expanding globally. The group has been sanctioned by … Read more
December 14, 2023 at 09:14AM Summary: Authorities warn that Russia’s SVR’s cyber unit is exploiting a critical vulnerability in JetBrains TeamCity CI/CD server. The exploit could enable manipulation of source code, and potentially facilitate future attacks. The advisory outlines the SVR’s cyber operations and their long-term objectives in cyberspace. Mitigations and indicators of compromise are … Read more
November 24, 2023 at 01:28PM The National Cyber Security Centre (NCSC) and Korea’s National Intelligence Service (NIS) have issued a joint advisory warning about a hacking group called Lazarus, based in North Korea. The group has been using a zero-day vulnerability in the MagicLine4NX software, developed by South Korean company Dream Security, to conduct supply-chain … Read more
November 23, 2023 at 01:06AM North Korean threat actor Diamond Sleet is using a trojanized version of a legitimate app developed by CyberLink in a supply chain attack. The poisoned file, hosted on CyberLink’s infrastructure, downloads a second-stage payload. The campaign has affected over 100 devices in Japan, Taiwan, Canada, and the U.S. Microsoft has … Read more
November 22, 2023 at 08:37PM Palo Alto Networks’ Unit 42 has identified two hacking schemes linked to state-sponsored actors in North Korea. The first scheme, called Contagious Interview, involves threat actors posing as job recruiters on job boards and tricking software engineers into downloading malware. The second scheme, Wagemole, sees threat actors pretending to be … Read more
November 7, 2023 at 09:48AM North Korean state-sponsored hackers have been observed using a new macOS malware called “ObjCShellz” as part of the RustBucket campaign targeting financial organizations. The malware, attributed to the BlueNoroff group, is written in Objective-C and allows attackers remote shell capabilities. The campaign uses social engineering and disguises itself as a … Read more
October 18, 2023 at 12:15PM North Korea’s Kimsuky cyber threat group has been found to be using Remote Desktop Protocol (RDP) and other tools to remotely take over targeted systems. The group has also been leveraging open source software such as TightVNC and Chrome Remote Desktop. Kimsuky continues to use spear phishing as its initial … Read more