October 14, 2024 at 06:21PM North Korean hackers are deploying a new Linux variant of FASTCash malware, targeting payment switch systems at financial institutions for unauthorized cash withdrawals. This variant, first noted in June 2023, manipulates transaction messages to bypass declines, facilitating thefts akin to previous FASTCash operations since 2016. **Meeting Takeaways:** 1. **New Threat … Read more
September 4, 2024 at 09:48AM The FBI warns that North Korean hackers are aggressively targeting the cryptocurrency industry using sophisticated social engineering techniques. They aim to deploy malware and steal virtual assets. The attackers conduct extensive research on potential victims and engage in prolonged conversations to establish trust before delivering malware. Organizations and individuals in … Read more
September 3, 2024 at 01:47PM The FBI warns of North Korean hackers targeting cryptocurrency companies and employees with sophisticated social engineering attacks to steal crypto assets through deploying malware. Based on the meeting notes, the key takeaway is that the FBI has issued a warning about North Korean hackers employing sophisticated social engineering tactics to … Read more
August 30, 2024 at 01:06PM North Korean hackers utilized a patched Google Chrome zero-day to distribute the FudModule rootkit, gaining SYSTEM privileges through a Windows Kernel exploit. Microsoft attributed the attacks to the North Korean threat actor Citrine Sleet, known for targeting the cryptocurrency sector for financial gain. The group is also associated with other … Read more
August 23, 2024 at 10:05AM The federal police in Argentina arrested a 29-year-old Russian national in Buenos Aires for money laundering charges related to cryptocurrency proceeds of the North Korean hackers’ Lazarus Group. Based on the meeting notes, it seems that the federal police in Argentina (PFA) have arrested a 29-year-old Russian national in Buenos … Read more
August 21, 2024 at 07:33AM Cybersecurity researchers recently discovered a new macOS malware, TodoSwift, with similarities to known malicious software linked to North Korean hacking groups. It exhibits behaviors seen in previous DPRK malware, such as RustBucket and KANDYKORN, and is associated with the Lazarus Group’s attempts to target cryptocurrency businesses. TodoSwift is distributed as … Read more
August 19, 2024 at 11:37PM The North Korean Lazarus hacking group exploited a zero-day flaw in Windows AFD.sys driver to install the FUDModule rootkit on targeted systems. Microsoft fixed the flaw (CVE-2024-38193) in August 2024, along with seven other zero-day vulnerabilities. Gen Digital warned about the activities and targeting of the notorious group, which is … Read more
August 6, 2024 at 08:06AM North Korean threat actor Moonstone Sleet is distributing malicious npm packages to infect Windows systems. Security researchers are tracking the threat actor, which is linked to a newly discovered North Korean malicious activity cluster. The actor’s attack chains involve bogus ZIP archives and fake technical skills assessments to deliver malicious … Read more
July 25, 2024 at 01:19PM The U.S. State Department is offering a $10 million reward for information on North Korean military hacker Rim Jong Hyok, linked to Andariel hacking group. Hyok faces charges of computer hacking and money laundering and is tied to ransomware attacks on U.S. healthcare and defense organizations. This group is an … Read more
May 28, 2024 at 02:01PM Microsoft has linked the North Korean hacking group Moonstone Sleet to FakePenny ransomware attacks, causing millions of dollars in ransom demands. Moonstone Sleet has adopted novel attack methods and infrastructure, targeting various industries and employing trojanized software, malicious games, and fake companies. This expansion into ransomware may indicate a shift … Read more