September 23, 2024 at 01:30PM An American collaborator helped fake North Korean IT workers secure jobs at US companies, generating $7 million in revenue over three years. The scheme impacted 300 companies, with one facilitator compromising over 60 identities. This operation aims to fund North Korea’s nuclear and ballistic missile programs while using sophisticated evasion … Read more
September 16, 2024 at 09:27AM Cybersecurity researchers warn about North Korean threat actors targeting LinkedIn users with RustDoor malware, posing as cryptocurrency recruiters. The attackers aim at infiltrating financial and cryptocurrency networks through social engineering campaigns, prompting victims to download malicious coding challenges. The RustDoor backdoor persists in macOS and Windows machines, highlighting evolving tactics … Read more
September 4, 2024 at 12:21PM North Korean threat actors have created a malicious campaign called Contagious Interview, using fake job interviews to distribute malware. They have now been using fake video conferencing applications to backdoor developer systems. This activity is attributed to the North Korean threat actor Famous Chollima. The campaign is targeting job seekers … Read more
August 30, 2024 at 04:51PM Microsoft’s threat intelligence team identified a North Korean hacking team exploiting a Chrome vulnerability, marked as actively exploited. The flaw, CVE-2024-7971, was used for targeting the cryptocurrency sector for financial gain. The hacker group, known as ‘Citrine Sleet,’ has been linked to North Korea’s Reconnaissance General Bureau, and was observed … Read more
August 21, 2024 at 12:36PM A new remote access trojan called MoonPeak is being used by a state-sponsored North Korean threat activity cluster in a new campaign. This variant of Xeno RAT malware is developed to access and set up new infrastructure to support the campaign, with constant evolution and obfuscation techniques to prevent analysis. … Read more
July 10, 2024 at 01:14PM Japanese organizations are being targeted by the North Korean ‘Kimsuky’ threat actors, who use social engineering and phishing to gain network access. They deploy custom malware to steal data and retain persistence. The latest attacks involved distributing a CHM malware strain and utilizing sophisticated obfuscation to evade detection. Vigilance against … Read more
May 29, 2024 at 04:57PM Microsoft researchers have identified Moonstone Sleet, a North Korean threat group, carrying out espionage and financial cyberattacks using a variety of techniques against aerospace, education, and software organizations. Moonstone Sleet’s multifaceted strategies blend cybercriminal and nation-state actor methodologies, including creating fake companies and distributing custom ransomware and a fake video … Read more
May 29, 2024 at 08:12AM Microsoft reports a new North Korean threat actor, Moonstone Sleet, targeting education, defense, and IT for espionage and revenue. The group combines tactics of other North Korean actors with unique methods, using fake companies and job opportunities to engage potential targets, employing trojanized tools, launching a custom ransomware, and engaging … Read more
May 29, 2024 at 07:00AM A new North Korean threat actor, Moonstone Sleet, is attributed to cyber attacks targeting various sectors with ransomware and bespoke malware previously associated with the infamous Lazarus Group. Moonstone Sleet uses a combination of old and unique techniques to achieve its objectives, posing a significant threat. The disclosure warns of … Read more
May 10, 2024 at 11:27AM North Korean threat actor Kimsuky deployed Golang-based malware Durian in targeted cyber attacks on South Korean cryptocurrency firms, per Kaspersky’s APT trends report. The attacks used legitimate South Korean software, establishing a connection to the attacker’s server to execute the infection. Kimsuky aims to steal data and geopolitical insight for … Read more