April 26, 2024 at 10:23AM A campaign named “Dev Popper” is targeting developers with fake job interviews to trick them into downloading and running a Python remote access trojan (RAT), enabling the threat actors to gather system information and gain remote access. Analysts suspect North Korean involvement based on observed tactics. Similar tactics have been … Read more
April 23, 2024 at 01:00PM The National Police Agency in South Korea issued an urgent warning about North Korean hacking groups targeting defense industry entities in South Korea. Groups Lazarus, Andariel, and Kimsuky breached companies by exploiting vulnerabilities, stealing critical technology information. Special inspection found multiple companies compromised since late 2022, leading to recommendations for … Read more
April 23, 2024 at 10:59AM North Korean hackers have exploited the eScan antivirus updating mechanism to plant backdoors on corporate networks. Using malware named GuptiMiner, they perform DNS requests, extract payloads, and exploit system-level privileges via eScan updates. The hackers have deployed various malware tools, including backdoors and a cryptocurrency miner. Avast researchers identified and … Read more
April 11, 2024 at 04:09PM MITRE is adding two new techniques to its ATT&CK database due to exploits by North Korean threat actors. One technique involves TCC manipulation on Apple’s macOS, enabling privileged access for espionage. The other technique, phantom DLL hijacking on Windows, involves exploiting nonexistent DLL files. Both have been used by North … Read more
March 4, 2024 at 06:31PM North Korean hackers stole South Korean microchip manufacturing technology, prompting NIS to call for improved cyber defenses. The hackers compromised the servers of two microchip manufacturers and stole semiconductor designs and facility photos. NIS believes North Korea may be preparing to produce its own semiconductors due to sanctions. Based on … Read more
March 4, 2024 at 09:47AM The National Intelligence Service (NIS) of South Korea has warned of increased cyber espionage attacks by North Korean hackers targeting domestic semiconductor manufacturers. The attacks exploit known vulnerabilities in internet-exposed servers to steal sensitive data. South Korean chipmakers, including Samsung Electronics and SK Hynix, are crucial in the global semiconductor … Read more
February 29, 2024 at 07:09AM The Lazarus Group exploited a zero-day privilege escalation flaw in the Windows Kernel, gaining kernel-level access and disabling security software. Microsoft patched the vulnerability (CVE-2024-21338) as part of Patch Tuesday updates. The group used an in-the-wild admin-to-kernel exploit, allowing them to run the FudModule rootkit, bypass security checks, and disable … Read more
February 29, 2024 at 06:45AM Cybersecurity firm Avast reported that the North Korean group Lazarus exploited a Windows zero-day vulnerability, CVE-2024-21338, using a rootkit called FudModule for privilege escalation. Microsoft patched the flaw but initially did not list it as a zero-day. The attack aimed at evading detection and included a new variant of the … Read more
February 26, 2024 at 07:39AM Fake npm packages linked to North Korean state-sponsored actors were discovered on the Node.js repository, posing a software supply chain attack. The malicious packages, posing as legitimate ones, installed cryptocurrency and credential stealers. The attackers made efforts to conceal the code and made connections to North Korean threat actors. Vigilance … Read more
February 16, 2024 at 09:38AM Lazarus, the North Korean hacker collective known for large-scale cryptocurrency heists, has shifted to using YoMix bitcoin mixer for laundering stolen funds. Chainalysis reports a surge in YoMix activity tied to Lazarus, evidencing their adaptability to avoid sanctions on other mixing services. The report also details trends in cryptocurrency laundering … Read more