Tag: north-korea
-
Künstliche Intelligenz: Nordkorea erforscht KI-gestütztes Hacking
by
in SecurityNewsMit KI-gestützten Technologien will Nordkorea in Echtzeit auf Informationen reagieren und seine Cyberkriegsführung im Ausland verbessern. First seen on golem.de Jump to article: www.golem.de/news/kuenstliche-intelligenz-nordkorea-erforscht-ki-gestuetztes-hacking-2503-194552.html
-
Windows Shortcut-Exploit seit 2017 von staatlichen Hackers als 0-Day genutzt
by
in SecurityNewsSicherheitsforscher der Trend Micro Zero Day Initiative (ZDI) weisen auf eine 0-Day-Schwachstelle ( ZDI-CAN-25373) in Windows hin, die wohl seit 2017 von 11 staatlich unterstützten Hackergruppen aus Nordkorea, Iran, Russland und China ausgenutzt wird. Microsoft hat die Schwachstelle in Verknüpfungsdateien … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/03/20/windows-shortcut-exploit-seit-2017-von-staatlichen-hackers-als-0-day-genutzt/
-
North Korea launches new unit with a focus on AI hacking, per report
by
in SecurityNewsNorth Korea is reportedly launching a new cybersecurity unit called Research Center 227 within its intelligence agency Reconnaissance General Bureau (RGB). © 2025 TechCrunch. All rights reserved. For personal use only. First seen on techcrunch.com Jump to article: techcrunch.com/2025/03/20/north-korea-launches-new-unit-with-a-focus-on-ai-hacking-per-report/
-
North Korean IT Workers Exploit GitHub to Launch Global Cyberattacks
by
in SecurityNewsA recent investigation by cybersecurity firm Nisos has uncovered a coordinated effort by North Korean IT workers to exploit GitHub for creating fake personas, enabling them to secure remote jobs in Japan and the United States. These individuals, posing as professionals from countries like Vietnam, Japan, and Singapore, primarily target roles in engineering and blockchain…
-
State-Backed Hackers Exploiting Windows Zero-Day Since 2017
by
in SecurityNewsAt least 11 state-sponsored hacking groups from North Korea, Iran, Russia, and China have been actively exploiting a newly uncovered Windows zero-day vulnerability in cyber espionage and data theft attacks since 2017. Despite clear evidence of exploitation, Microsoft has declined… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/zdi-can-25373-zero-day-exploited-since-2017/
-
New Windows zero-day feared abused in widespread espionage for years
by
in SecurityNews.The zero-day vulnerability, tracked as ZDI-CAN-25373, has yet to be publicly acknowledged and assigned a CVE-ID by Microsoft. ZDI-CAN-25373 has to do with the way Windows displays the contents of .lnk files, a type of binary file used by Windows to act as a shortcut to a file, folder, or application, through the Windows UI.A…
-
China, Russia, North Korea Hackers Exploit Windows Security Flaw
by
in SecurityNews
Tags: attack, china, exploit, flaw, government, group, hacker, infrastructure, korea, microsoft, north-korea, russia, threat, update, windowsAmost a dozen state-sponsored threat groups from Russia, China, and North Korea have been exploiting a security flaw in WIndows in attacks on governments and critical infrastructure that date back to 2017. According to Trend Micro’s VDI unit, Microsoft has no plans to patch the vulnerability. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/03/china-russia-north-korea-hackers-exploit-windows-security-flaw/
-
Hacker nutzen alte Windows-Sicherheitslücke aus Microsoft tut nichts
by
in SecurityNews
Tags: bug, bug-bounty, china, cyberattack, exploit, germany, hacker, iran, microsoft, military, north-korea, update, vulnerability, windowsExperten des Sicherheits-Unternehmens Trend Micro haben eine als ZDI-CAN-25373 bezeichnete Sicherheitslücke in Windows entdeckt, die Angreifer seit mindestens 2017 ausnutzen. Über die Lücke können die Angreifer Schadcode auf den betroffenen Windows-Rechnern ausführen, sofern der Benutzer eine verseuchte Webseite besucht oder eine infizierte Datei öffnet.Die Lücke steckt in der Vorgehensweise, wie Windows .lnk-Dateien (Verknüpfungsdateien) verarbeitet. Angreifer können Kommandozeilen-Befehle, die…
-
Web3 Laundering Fears: OKX Suspends Platform Amidst Scrutiny
by
in SecurityNewsEarlier, OKX’s Web3 platform was accused of facilitating money laundering for North Korean hacking groups, with the illicit First seen on securityonline.info Jump to article: securityonline.info/web3-laundering-fears-okx-suspends-platform-amidst-scrutiny/
-
New Windows zero-day exploited by 11 state hacking groups since 2017
by
in SecurityNewsAt least 11 state-backed hacking groups from North Korea, Iran, Russia, and China have been exploiting a new Windows vulnerability in data theft and cyber espionage zero-day attacks since 2017. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-windows-zero-day-exploited-by-11-state-hacking-groups-since-2017/
-
Unpatched Windows Zero-Day Flaw Exploited by 11 State-Sponsored Threat Groups Since 2017
by
in SecurityNewsAn unpatched security flaw impacting Microsoft Windows has been exploited by 11 state-sponsored groups from China, Iran, North Korea, and Russia as part of data theft, espionage, and financially motivated campaigns that date back to 2017.The zero-day vulnerability, tracked by Trend Micro’s Zero Day Initiative (ZDI) as ZDI-CAN-25373, refers to an issue that allows bad…
-
GitHub wird immer mehr zu einem digitalen Minenfeld
by
in SecurityNews
Tags: access, authentication, cloud, computer, cyberattack, cyberespionage, cybersecurity, github, malware, mfa, north-korea, password, updateZuerst waren nur einzelne GitHub-Repositories mit Malware infiziert. Mittlerweile geraten auch Entwickler und deren Konten direkt in das Visier von Cyberkriminellen.Die Plattform GitHub sorgt seit geraumer Zeit für negative Schlagzeilen, da ihre Repositories vermehrt mit Malware infiziert sind. Hierdurch versuchen Cyberkriminelle auf Geräte und Daten zuzugreifen.Jetzt wurden diese Aktivitäten auf Entwickler direkt ausgeweitet. Ziel dieser…
-
DocSwap Malware Masquerades as Security Document Viewer to Attack Android Users Worldwide
by
in SecurityNewsThe cybersecurity landscape has witnessed a new threat with the emergence of the DocSwap malware, which disguises itself as a >>Document Viewing Authentication App
-
Crypto Platform OKX Suspends Tool Abused by North Korean Hackers
by
in SecurityNewsCryptocurrency platform OKX has announced the temporary suspension of its Decentralized Exchange (DEX) aggregator tool. This decision comes on the heels of coordinated attacks by certain media outlets and unsuccessful attempts by the notorious Lazarus Group”, a hacking entity linked to North Korea”, to exploit OKX’s DeFi services. Background on the Lazarus Group The Lazarus…
-
Crypto exchange OKX shuts down tool used by North Korean hackers to launder stolen funds
by
in SecurityNewsOKX said it detected a coordinated effort by one of North Korea’s most prolific hacking outfits to misuse its decentralized finance (DeFi) services. First seen on therecord.media Jump to article: therecord.media/crypto-okx-shuts-down-exchange
-
OKX suspends DEX aggregator after Lazarus hackers try to launder funds
by
in SecurityNewsOKX Web3 has decided to suspend its DEX aggregator services to implement security upgrades following reports of abuse by the notorious North Korean Lazarus hackers, who recently conducted a $1.5 billion crypto heist. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/okx-suspends-dex-aggregator-after-lazarus-hackers-try-to-launder-funds/
-
GitHub accounts targeted with fake security alerts
by
in SecurityNewsPossible DPRK links: Luc4m’s X post hinted at possible nation-state connections, adding, “Smells #DPRK?” While nothing else was said on the X thread, North Korea is known for using click-fix attacks for its cyber espionage activities, with Contagious Interviews being a prominent one of those campaigns.All GitHub fake alerts included the same login information, location:…
-
Attackers attempted hijacking 12,000 GitHub accounts with click-fix alerts
by
in SecurityNewsPossible DPRK links: Luc4m’s X post hinted at possible nation-state connections, adding, “Smells #DPRK?” While nothing else was said on the X thread, North Korea is known for using click-fix attacks for its cyber espionage activities, with Contagious Interviews being a prominent one of those campaigns.All GitHub fake alerts included the same login information, location:…
-
Lazarus Group Weaponizes IIS Servers for Deploying Malicious ASP Web Shells
by
in SecurityNewsThe notorious Lazarus group has been identified as leveraging compromised IIS servers to deploy malicious ASP web shells. These sophisticated attacks have been reported to facilitate the spread of malware, including the LazarLoader variant, and utilize privilege escalation tools to gain extensive control over infected systems. The Lazarus group, associated with North Korean actors, has…
-
The most notorious and damaging ransomware of all time
by
in SecurityNews
Tags: access, android, attack, backdoor, backup, banking, botnet, breach, communications, computer, control, credentials, cryptography, cyber, cybercrime, dark-web, data, defense, detection, email, encryption, endpoint, exploit, extortion, finance, flaw, framework, germany, google, government, group, hacker, hacking, healthcare, infection, infrastructure, international, jobs, korea, law, lazarus, leak, linux, malicious, malware, microsoft, mobile, msp, network, north-korea, office, open-source, oracle, password, phishing, phone, powershell, ransom, ransomware, russia, service, software, spam, switch, technology, threat, tool, ukraine, update, usa, virus, vulnerability, windowsConti: History: First appearing in May 2020, the Conti RaaS platform is considered the successor to the Ryuk ransomware. As of January 2021, Conti is believed to have infected over 150 organizations and earned millions of dollars for its criminal developers and their affiliates. At least three new versions have been found since its inception.How it works: Conti uses the…
-
Lazarus Breaches IIS: Web Shells Evolving C2 Tactics Unveiled
by
in SecurityNewsThe notorious North Korean threat actor Lazarus Group has been identified breaching Windows web servers to establish command-and-control First seen on securityonline.info Jump to article: securityonline.info/lazarus-breaches-iis-web-shells-evolving-c2-tactics-unveiled/
-
Android spyware ‘KoSpy’ spread by suspected North Korean APT
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/android-spyware-kospy-spread-by-suspected-north-korean-apt
-
Breach Roundup: The Ivanti Patch Treadmill
by
in SecurityNewsAlso: Patch Tuesday, Equalize Scandal Figure Dies and Polymorphic Extension Attack. This week, Ivanti EPM customers should patch, Patch Tuesday, fake web browser extensions, North Korean Android malware, a key figure in Italy’s Equalize scandal dead of heart attack. Also, Apache Camel flaw, OpenAI’s agent automates phishing and Apple patched another zero day. First seen…
-
North Korea-linked APT group ScarCruft spotted using new Android spyware KoSpy
by
in SecurityNewsNorth Korea-linked APT group ScarCruft used a new Android spyware dubbed KoSpy to target Korean and English-speaking users. North Korea-linked threat actor ScarCruft (aka APT37, Reaper, and Group123) is behind a previously undetected Android surveillance tool named KoSpy that was used to target Korean and English-speaking users. ScarCruft has been active since at least 2012, it made the…
-
North Korea’s ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps
by
in SecurityNewsThe North Korea-linked threat actor known as ScarCruft is said to have been behind a never-before-seen Android surveillance tool named KoSpy targeting Korean and English-speaking users.Lookout, which shared details of the malware campaign, said the earliest versions date back to March 2022. The most recent samples were flagged in March 2024. It’s not clear how…
-
North Korean Hackers Distributed Android Spyware via Google Play
by
in SecurityNewsThe North Korea-linked APT37 has been observed targeting Android users with spyware distributed via Google Play. The post North Korean Hackers Distributed Android Spyware via Google Play appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/north-korean-hackers-distributed-android-spyware-via-google-play/
-
Suspected North Korea Group Targets Android Devices with Spyware
by
in SecurityNewsA North Korea-backed threat group, APT37, disguised KoSpy as utility apps in Google Play to infect Android devices, using the spyware for such activities as gathering sensitive information, tracking locations, capturing screenshots, recording keystrokes, and accessing files. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/03/suspected-north-korea-group-targets-android-devices-with-spyware/
-
North Korean Hackers Use Google Play Malware to Steal SMS, Calls Screenshots
by
in SecurityNewsCybersecurity researchers at Lookout Threat Lab have uncovered a sophisticated Android surveillance tool dubbed >>KoSpy,