November 24, 2023 at 01:28PM The National Cyber Security Centre (NCSC) and Korea’s National Intelligence Service (NIS) have issued a joint advisory warning about a hacking group called Lazarus, based in North Korea. The group has been using a zero-day vulnerability in the MagicLine4NX software, developed by South Korean company Dream Security, to conduct supply-chain … Read more
November 23, 2023 at 01:06AM North Korean threat actor Diamond Sleet is using a trojanized version of a legitimate app developed by CyberLink in a supply chain attack. The poisoned file, hosted on CyberLink’s infrastructure, downloads a second-stage payload. The campaign has affected over 100 devices in Japan, Taiwan, Canada, and the U.S. Microsoft has … Read more
November 22, 2023 at 08:37PM Palo Alto Networks’ Unit 42 has identified two hacking schemes linked to state-sponsored actors in North Korea. The first scheme, called Contagious Interview, involves threat actors posing as job recruiters on job boards and tricking software engineers into downloading malware. The second scheme, Wagemole, sees threat actors pretending to be … Read more
November 7, 2023 at 09:48AM North Korean state-sponsored hackers have been observed using a new macOS malware called “ObjCShellz” as part of the RustBucket campaign targeting financial organizations. The malware, attributed to the BlueNoroff group, is written in Objective-C and allows attackers remote shell capabilities. The campaign uses social engineering and disguises itself as a … Read more
October 18, 2023 at 12:15PM North Korea’s Kimsuky cyber threat group has been found to be using Remote Desktop Protocol (RDP) and other tools to remotely take over targeted systems. The group has also been leveraging open source software such as TightVNC and Chrome Remote Desktop. Kimsuky continues to use spear phishing as its initial … Read more