Tag: korea
-
A new Linux variant of FASTCash malware targets financial systems
North Korea-linked actors deploy a new Linux variant of FASTCash malware to target financial systems, researcher HaxRob revealed. The cybersecurity researcher HaxRob analyzed a new variant of the FASTCash >>payment switch
-
N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware
Threat actors with ties to North Korea have been observed targeting job seekers in the tech industry to deliver updated versions of known malware families tracked as BeaverTail and InvisibleFerret.The activity cluster, tracked as CL-STA-0240, is part of a campaign dubbed Contagious Interview that Palo Alto Networks Unit 42 first disclosed in November 2023.”The threat…
-
Feds reach for sliver of crypto-cash nicked by North Korea’s notorious Lazarus Group
A couple million will do for a start “¦ but Kim’s crews are suspected of stealing much more First seen on theregister.com Jump to article: www.theregister.com/2024/10/08/us_lazarus_group_crypto_seizure/
-
SHROUDED#SLEEP: APT37’s Advanced Evasion and Persistence Tactics in Southeast Asia
In a recent discovery, the Securonix Threat Research team, led by Den Iuzvyk and Tim Peck, has uncovered a stealthy malware campaign attributed to North Korea’s APT37, also known as... First seen on securityonline.info Jump to article: securityonline.info/shroudedsleep-apt37s-advanced-evasion-and-persistence-tactics-in-southeast-asia/
-
DPRK’s APT37 Targets Cambodia With Khmer, ‘VeilShell’ Backdoor
It’s North Korea versus Cambodia, with Windows default settings and sheer patience allowing the bad guys to avoid easy detection. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/dprk-apt37-cambodia-khmer-veilshell-backdoor
-
North Korea ‘Shrouded Sleep’ malware campaign targeting Cambodia, other Southeast Asian nations
First seen on therecord.media Jump to article: therecord.media/north-korea-malware-espionage-cambodia
-
North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks
Threat actors with ties to North Korea have been observed delivering a previously undocumented backdoor and remote access trojan (RAT) called VeilShell as part of a campaign targeting Cambodia and likely other Southeast Asian countries.The activity, dubbed SHROUDED#SLEEP by Securonix, is believed to be the handiwork of APT37, which is also known as InkySquid, Reaper,…
-
CIA Seeks Informants In North Korea, Iran, And China
First seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/36427/CIA-Seeks-Informants-In-North-Korea-Iran-And-China.html
-
North Korea’s ‘Stonefly’ APT Swarms US Private Co’s. for Profit
Despite a $10 million bounty on one member, APT45 is not slowing down, pivoting from intelligence gathering to extorting funds for Kim Jong-Un’s regime. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/stonefly-apt-us-private-cos-north-korean-profit
-
North Korea-linked APT Kimsuky targeted German defense firm Diehl Defence
North Korea-linked APT Kimsuky has been linked to a cyberattack on Diehl Defence, a German manufacturer of advanced military systems. North Korea-linked APT group Kimsuky has been linked to a cyberattack on Diehl Defence, a defense firm specializing in the production of advanced military systems. Diehl Defence GmbH & Co. KG is a German weapon…
-
Why is Chinese threat actor APT 41 in a tearing hurry?
Tags: apt, attack, backdoor, breach, china, control, cyber, data, data-breach, exploit, group, guide, india, infrastructure, intelligence, korea, leak, military, monitoring, network, risk, risk-assessment, soc, strategy, tactics, technology, threat, tool, trainingSince June 1st 2024, Chinese frontline threat actor APT 41 has been linked to as many as 63 events globally. These include attacks on Taiwanese research agencies in August and attacks on the shipping and logistics, utilities, media and entertainment, technology, and automobile sectors in countries such as Taiwan, Thailand, Italy, UAE, Spain, the United…
-
North Korea Hackers Linked to Breach of German Missile Manufacturer
The targeting of Diehl Defence is significant because the company specializes in the production of missiles and ammunition. The post North Korea Hackers Linked to Breach of German Missile Manufacturer appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/north-korea-hackers-linked-to-breach-of-german-missile-manufacturer/
-
Major companies keep hiring North Korean IT workers
Dozens of Fortune 100 organizations have inadvertently hired workers from North Korea applying for remote jobs, Mandiant said. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/north-korea-it-workers-insider-threat/727892/
-
Major companies keeping hiring North Korean IT workers
Dozens of Fortune 100 organizations have inadvertently hired workers from North Korea applying for remote jobs, Mandiant said. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/north-korea-it-workers-insider-threat/727892/
-
North Korea Targets Software Supply Chain Via PyPI
Backdoored Python Packages Likely Work of ‘Gleaming Pisces,’ Says Palo Alto. A North Korean hacking group with a history of a stealing cryptocurrency is likely behind a raft of poisoned Python packages targeting developers working on the Linux and macOS operating systems in an apparent attempt at a supply chain attack. First seen on govinfosecurity.com…
-
North Korea-linked APT Gleaming Pisces deliver new PondRAT backdoor via malicious Python packages
North Korea-linked APT group Gleaming Pisces is distributing a new malware called PondRAT through tainted Python packages. Unit 42 researchers uncovered an ongoing campaign distributing Linux and macOS malwar PondRAT through poisoned Python packages. The campaign is attributed to North Korea-linked threat actor Gleaming Pisces (also known as Citrine Sleet), who previously distributed the macOS…
-
New PondRAT Malware Hidden in Python Packages Targets Software Developers
Threat actors with ties to North Korea have been observed using poisoned Python packages as a way to deliver a new malware called PondRAT as part of an ongoing campaign.PondRAT, according to new findings from Palo Alto Networks Unit 42, is assessed to be a lighter version of POOLRAT (aka SIMPLESEA), a known macOS backdoor…
-
Exploding pagers and the new face of asset-centric warfare
Tags: attack, backdoor, csf, cybersecurity, exploit, guide, Hardware, infrastructure, korea, nist, north-korea, risk, risk-assessment, software, supply-chain, technology, warfareAttacks on critical infrastructure The explosion of the Soviet gas pipeline in 1982 was one of the first well-known instances of critical infrastructure being targeted through a software modification that contained a hidden malfunction. In this instance, the Soviets were stealing Western technology and the CIA slipped the flawed software to them without their knowledge.…
-
North Korean Hackers Target Energy and Aerospace Industries with New MISTPEN Malware
A North Korea-linked cyber-espionage group has been observed leveraging job-themed phishing lures to target prospective victims in energy and aerospace verticals and infect them with a previously undocumented backdoor dubbed MISTPEN.The activity cluster is being tracked by Google-owned Mandiant under the moniker UNC2970, which it said overlaps with a threat group known as TEMP.Hermit, which…
-
UNC2970’s Backdoor Deployed via Trojanized PDF Reader Targets Critical Infrastructure
Mandiant has unveiled a new wave of cyber-espionage attacks orchestrated by the North Korea-linked group UNC2970. This group has recently employed a sophisticated method to deliver a custom backdoor named... First seen on securityonline.info Jump to article: securityonline.info/unc2970s-backdoor-deployed-via-trojanized-pdf-reader-targets-critical-infrastructure/
-
North Korea-backed cyber espionage campaign targets UK military
National Cyber Security Centre warns of global hacking effort to obtain nuclear and defence intelligence</p><p>North Korean state-backed h… First seen on theguardian.com Jump to article: www.theguardian.com/world/article/2024/jul/25/north-korea-backed-cyber-espionage-campaign-targets-uk-military
-
Telegram apologizes to South Korea and takes down smutty deepfakes
First seen on theregister.com Jump to article: www.theregister.com/2024/09/04/telegram_south_korea_deepfake_apology/
-
Windows 0-day was exploited by North Korea to install advanced rootkit
First seen on arstechnica.com Jump to article: arstechnica.com/
-
North Korea’s ‘Citrine Sleet’ APT Exploits Zero-Day Chromium Bug
Microsoft warned that the DPRK’s latest innovative tack chains together previously unknown browser issues, then adds a rootkit to the mix to gain deep… First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/north-korean-apt-exploits-novel-chromium-windows-bugs-steal-crypto
-
Fake Recruiter Coding Tests Target Developers with Malicious Python Packages in Ongoing North Korean Cyber Campaign
A new report from ReversingLabs has uncovered a sophisticated cyber campaign targeting developers, using fake recruiter tactics to deliver malicious Python packages. Linked to North Korea’s Lazarus Group, this campaign... Source: securityonline.info/fake-recruiter-coding-tests-target-developers-with-malicious-python-packages-in-ongoing-north-korean-cyber-campaign/ comments: 0
-
North Korea Targeting Crypto Industry, Says FBI
First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/north-korea-targeting-crypto/
-
North Korean Hackers Target Developers with Malicious npm Packages
Threat actors with ties to North Korea have been observed publishing a set of malicious packages to the npm registry, indicating coordinated and relen… First seen on thehackernews.com Jump to article: thehackernews.com/2024/08/north-korean-hackers-target-developers.html
-
North Korea Uses Fraudulent Job Lures to Launch Attacks
Source: www.scmagazine.com/brief/north-korea-uses-fraudulent-job-lures-to-launch-attacks comments: 0