Tag: korea
-
North Korean IT Scammers Targeting European Companies
by
in SecurityNewsInside North Korea’s IT Scam Network Now Shifting to Europe. North Koreans posing as remote IT workers have spread to Europe, where one Pyongyang fraudster assumed at least 12 personas to target companies in Germany, Portugal and the United Kingdom. Western companies have grappled for years with the prospect of unintentionally hiring a North Korean…
-
North Korean IT worker scam spreading to Europe after US law enforcement crackdown
by
in SecurityNewsNorth Korea’s IT worker scam has expanded widely into Europe after years of focusing on U.S. companies, according to new research. First seen on therecord.media Jump to article: therecord.media/north-korean-it-worker-scam-spreads-to-europe
-
North Korea’s IT Operatives Are Exploiting Remote Work Globally
by
in SecurityNewsThe global rise of North Korean IT worker infiltration poses a serious cybersecurity risk”, using fake identities, remote access, and extortion to compromise organizations. The post North Korea’s IT Operatives Are Exploiting Remote Work Globally appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/north-koreas-it-operatives-are-exploiting-remote-work-globally/
-
North Korea IT Workers Expand Their Employment Across Europe To Infiltrate the Company Networks
by
in SecurityNewsNorth Korean IT workers have intensified their global operations, expanding their employment footprint across Europe to infiltrate corporate networks and generate revenue for the regime. According to the latest report by Google Threat Intelligence Group (GTIG), these workers pose as legitimate remote employees, leveraging advanced technical skills and deceptive tactics to gain access to sensitive…
-
Lazarus Uses ClickFix Tactics in Fake Cryptocurrency Job Attacks
by
in SecurityNewsNorth Korea’s Lazarus hackers are using the ClickFix technique for malware deployment in fresh attacks targeting the cryptocurrency ecosystem. The post Lazarus Uses ClickFix Tactics in Fake Cryptocurrency Job Attacks appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/lazarus-uses-clickfix-tactics-in-fake-cryptocurrency-job-attacks/
-
North Korea’s Fake IT Worker Scheme Sets Sights on Europe
by
in SecurityNewsGoogle has found a significant increase in North Korean actors attempting to gain employment as IT workers in European companies, leading to data theft and extortion First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/north-korea-fake-it-worker-europe/
-
North Korea’s fake tech workers now targeting European employers
by
in SecurityNewsWith help from UK operatives, because it’s getting tougher to run the scam in the USA First seen on theregister.com Jump to article: www.theregister.com/2025/04/02/north_korean_fake_techies_target_europe/
-
North Korean IT worker army expands operations in Europe
by
in SecurityNewsNorth Korea’s IT workers have expanded operations beyond the United States and are now increasingly targeting organizations across Europe. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/north-korean-it-worker-army-expands-operations-in-europe/
-
The North Korea worker problem is bigger than you think
by
in SecurityNewsThe yearslong scheme goes much deeper than contract work, extending to roles beyond traditional IT and sometimes granting the insider threat “keys to the kingdom,” DTEX President Mohan Koo said. First seen on cyberscoop.com Jump to article: cyberscoop.com/north-korea-technical-workers-full-time-jobs/
-
North Korean Kimsuky Hackers Deploy New Tactics and Malicious Scripts in Recent Attacks
by
in SecurityNewsSecurity researchers have uncovered a new attack campaign by the North Korean state-sponsored APT group Kimsuky, also known as >>Black Banshee.
-
North Korea Launches Military Research Facility to Strengthen Cyber Warfare Operations
by
in SecurityNewsNorth Korea has taken a significant step in enhancing its cyber warfare capabilities by establishing a new research center, known as Research Center 227, under the military’s Reconnaissance General Bureau (RGB). This move is part of a broader strategy to bolster the country’s offensive cyber operations, particularly focusing on AI-powered hacking technologies. Background and Objectives…
-
North Korea launches hacking hub focused on artificial intelligence
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/north-korea-launches-hacking-hub-focused-on-artificial-intelligence
-
U.S. Treasury removed sanctions against the crypto mixer service Tornado Cash
by
in SecurityNewsThe U.S. Treasury is lifting sanctions on Tornado Cash, a crypto mixer accused of helping North Korea’s Lazarus Group launder illicit funds. The U.S. Treasury Department removed sanctions against the cryptocurrency mixer service Tornado Cash. In August 2022, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned the crypto mixer service Tornado Cash used by…
-
U.S. Treasury Lifts Tornado Cash Sanctions Amid North Korea Money Laundering Probe
by
in SecurityNewsThe U.S. Treasury Department has announced that it’s removing sanctions against Tornado Cash, a cryptocurrency mixer service that has been accused of aiding the North Korea-linked Lazarus Group to launder their ill-gotten proceeds.”Based on the Administration’s review of the novel legal and policy issues raised by use of financial sanctions against financial and commercial activity…
-
North Korea launches new unit with a focus on AI hacking, per report
by
in SecurityNewsNorth Korea is reportedly launching a new cybersecurity unit called Research Center 227 within its intelligence agency Reconnaissance General Bureau (RGB). © 2025 TechCrunch. All rights reserved. For personal use only. First seen on techcrunch.com Jump to article: techcrunch.com/2025/03/20/north-korea-launches-new-unit-with-a-focus-on-ai-hacking-per-report/
-
State-Backed Hackers Exploiting Windows Zero-Day Since 2017
by
in SecurityNewsAt least 11 state-sponsored hacking groups from North Korea, Iran, Russia, and China have been actively exploiting a newly uncovered Windows zero-day vulnerability in cyber espionage and data theft attacks since 2017. Despite clear evidence of exploitation, Microsoft has declined… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/zdi-can-25373-zero-day-exploited-since-2017/
-
New Windows zero-day feared abused in widespread espionage for years
by
in SecurityNews.The zero-day vulnerability, tracked as ZDI-CAN-25373, has yet to be publicly acknowledged and assigned a CVE-ID by Microsoft. ZDI-CAN-25373 has to do with the way Windows displays the contents of .lnk files, a type of binary file used by Windows to act as a shortcut to a file, folder, or application, through the Windows UI.A…
-
China, Russia, North Korea Hackers Exploit Windows Security Flaw
by
in SecurityNews
Tags: attack, china, exploit, flaw, government, group, hacker, infrastructure, korea, microsoft, north-korea, russia, threat, update, windowsAmost a dozen state-sponsored threat groups from Russia, China, and North Korea have been exploiting a security flaw in WIndows in attacks on governments and critical infrastructure that date back to 2017. According to Trend Micro’s VDI unit, Microsoft has no plans to patch the vulnerability. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/03/china-russia-north-korea-hackers-exploit-windows-security-flaw/
-
New Windows zero-day exploited by 11 state hacking groups since 2017
by
in SecurityNewsAt least 11 state-backed hacking groups from North Korea, Iran, Russia, and China have been exploiting a new Windows vulnerability in data theft and cyber espionage zero-day attacks since 2017. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-windows-zero-day-exploited-by-11-state-hacking-groups-since-2017/
-
Microsoft isn’t fixing 8-year-old shortcut exploit abused for spying
‘Only’ a local access bug but important part of N Korea, Russia, and China attack picture First seen on theregister.com Jump to article: www.theregister.com/2025/03/18/microsoft_trend_flaw/
-
Unpatched Windows Zero-Day Flaw Exploited by 11 State-Sponsored Threat Groups Since 2017
by
in SecurityNewsAn unpatched security flaw impacting Microsoft Windows has been exploited by 11 state-sponsored groups from China, Iran, North Korea, and Russia as part of data theft, espionage, and financially motivated campaigns that date back to 2017.The zero-day vulnerability, tracked by Trend Micro’s Zero Day Initiative (ZDI) as ZDI-CAN-25373, refers to an issue that allows bad…
-
Crypto exchange OKX shuts down tool used by North Korean hackers to launder stolen funds
by
in SecurityNewsOKX said it detected a coordinated effort by one of North Korea’s most prolific hacking outfits to misuse its decentralized finance (DeFi) services. First seen on therecord.media Jump to article: therecord.media/crypto-okx-shuts-down-exchange
-
GitHub accounts targeted with fake security alerts
by
in SecurityNewsPossible DPRK links: Luc4m’s X post hinted at possible nation-state connections, adding, “Smells #DPRK?” While nothing else was said on the X thread, North Korea is known for using click-fix attacks for its cyber espionage activities, with Contagious Interviews being a prominent one of those campaigns.All GitHub fake alerts included the same login information, location:…
-
Attackers attempted hijacking 12,000 GitHub accounts with click-fix alerts
by
in SecurityNewsPossible DPRK links: Luc4m’s X post hinted at possible nation-state connections, adding, “Smells #DPRK?” While nothing else was said on the X thread, North Korea is known for using click-fix attacks for its cyber espionage activities, with Contagious Interviews being a prominent one of those campaigns.All GitHub fake alerts included the same login information, location:…
-
The most notorious and damaging ransomware of all time
by
in SecurityNews
Tags: access, android, attack, backdoor, backup, banking, botnet, breach, communications, computer, control, credentials, cryptography, cyber, cybercrime, dark-web, data, defense, detection, email, encryption, endpoint, exploit, extortion, finance, flaw, framework, germany, google, government, group, hacker, hacking, healthcare, infection, infrastructure, international, jobs, korea, law, lazarus, leak, linux, malicious, malware, microsoft, mobile, msp, network, north-korea, office, open-source, oracle, password, phishing, phone, powershell, ransom, ransomware, russia, service, software, spam, switch, technology, threat, tool, ukraine, update, usa, virus, vulnerability, windowsConti: History: First appearing in May 2020, the Conti RaaS platform is considered the successor to the Ryuk ransomware. As of January 2021, Conti is believed to have infected over 150 organizations and earned millions of dollars for its criminal developers and their affiliates. At least three new versions have been found since its inception.How it works: Conti uses the…
-
North Korea-linked APT group ScarCruft spotted using new Android spyware KoSpy
by
in SecurityNewsNorth Korea-linked APT group ScarCruft used a new Android spyware dubbed KoSpy to target Korean and English-speaking users. North Korea-linked threat actor ScarCruft (aka APT37, Reaper, and Group123) is behind a previously undetected Android surveillance tool named KoSpy that was used to target Korean and English-speaking users. ScarCruft has been active since at least 2012, it made the…
-
North Korea’s ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps
by
in SecurityNewsThe North Korea-linked threat actor known as ScarCruft is said to have been behind a never-before-seen Android surveillance tool named KoSpy targeting Korean and English-speaking users.Lookout, which shared details of the malware campaign, said the earliest versions date back to March 2022. The most recent samples were flagged in March 2024. It’s not clear how…
-
North Korean Hackers Distributed Android Spyware via Google Play
by
in SecurityNewsThe North Korea-linked APT37 has been observed targeting Android users with spyware distributed via Google Play. The post North Korean Hackers Distributed Android Spyware via Google Play appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/north-korean-hackers-distributed-android-spyware-via-google-play/
-
Suspected North Korea Group Targets Android Devices with Spyware
by
in SecurityNewsA North Korea-backed threat group, APT37, disguised KoSpy as utility apps in Google Play to infect Android devices, using the spyware for such activities as gathering sensitive information, tracking locations, capturing screenshots, recording keystrokes, and accessing files. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/03/suspected-north-korea-group-targets-android-devices-with-spyware/