Tag: north-korea
-
North Korean Hackers Distributed Android Spyware via Google Play
by
in SecurityNewsThe North Korea-linked APT37 has been observed targeting Android users with spyware distributed via Google Play. The post North Korean Hackers Distributed Android Spyware via Google Play appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/north-korean-hackers-distributed-android-spyware-via-google-play/
-
Suspected North Korea Group Targets Android Devices with Spyware
by
in SecurityNewsA North Korea-backed threat group, APT37, disguised KoSpy as utility apps in Google Play to infect Android devices, using the spyware for such activities as gathering sensitive information, tracking locations, capturing screenshots, recording keystrokes, and accessing files. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/03/suspected-north-korea-group-targets-android-devices-with-spyware/
-
North Korean Hackers Use Google Play Malware to Steal SMS, Calls Screenshots
by
in SecurityNewsCybersecurity researchers at Lookout Threat Lab have uncovered a sophisticated Android surveillance tool dubbed >>KoSpy,
-
North Korean Hackers Deploy DocSwap Malware Disguised as Security Tool
by
in SecurityNews
Tags: authentication, cyber, cybersecurity, hacker, intelligence, malware, north-korea, threat, toolIn a recent cybersecurity threat discovery, the S2W Threat Research and Intelligence Center Talon has identified and analyzed a new type of malware linked to a North Korean-backed Advanced Persistent Threat (APT) group. The malware, masquerading as a “문서열람 ì¸ì¦ 앱” (Document Viewing Authentication App), was first detected on December 13, 2024. This sophisticated threat…
-
Android apps laced with North Korean spyware found in Google Play
by
in SecurityNewsGoogle’s Firebase platform also hosted configuration settings used by the apps. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/03/researchers-find-north-korean-spy-apps-hosted-in-google-play/
-
New North Korean Android spyware slips onto Google Play
by
in SecurityNewsA new Android spyware named ‘KoSpy’ is linked to North Korean threat actors who have infiltrated Google Play and third-party app store APKPure through at least five malicious apps. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-north-korean-android-spyware-slips-onto-google-play/
-
North Korean Cyber Espionage Group Kimsuky Exploits University Website in Watering Hole Attack
by
in SecurityNewsCybersecurity researchers from ESTsecurity’s Security Response Center (ESRC) have uncovered a new watering hole attack campaign attributed to First seen on securityonline.info Jump to article: securityonline.info/north-korean-cyber-espionage-group-kimsuky-exploits-university-website-in-watering-hole-attack/
-
Spyware in bogus Android apps is attributed to North Korean group
by
in SecurityNewsA North Korean nation-state group tracked as APT37 or ScarCruft placed infected utilities in Android app stores as part of an espionage campaign, according to researchers at Lookout. First seen on therecord.media Jump to article: therecord.media/north-korea-malware-android-apps-kospy-apt37-scarcruft
-
North Korean government hackers snuck spyware on Android app store
by
in SecurityNewsCybersecurity firm Lookout found several samples of a North Korean spyware it calls KoSpy. First seen on techcrunch.com Jump to article: techcrunch.com/2025/03/12/north-korean-government-hackers-snuck-spyware-on-android-app-store/
-
Russland, China, Nordkorea und der Iran – Staaten profitieren durch finanziell motivierte Cyberkriminalität
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/google-mandiant-anstieg-finanziell-motivierter-cyberangriffe-a-74abaf676d92e40033d97f21784161f4/
-
North Korean Lazarus hackers infect hundreds via npm packages
by
in SecurityNewsSix malicious packages have been identified on npm (Node package manager) linked to the notorious North Korean hacking group Lazarus. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-infect-hundreds-via-npm-packages/
-
Lazarus Hackers Exploit 6 NPM Packages to Steal Login Credentials
by
in SecurityNewsNorth Korea’s Lazarus Group has launched a new wave of attacks targeting the npm ecosystem, compromising six packages designed to steal login credentials and deploy backdoors. The malicious packages is-buffer-validator, yoojae-validator, event-handle-package, array-empty-validator, react-event-dependency, and auth-validator have collectively been downloaded over 330 times. These packages mimic the names of widely trusted libraries, employing a typosquatting…
-
Qilin ransomware leveraged by North Korea’s Moonstone Sleet in new attacks
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/qilin-ransomware-leveraged-by-north-koreas-moonstone-sleet-in-new-attacks
-
North Korean Hackers Use ZIP Files to Deploy Malicious PowerShell Scripts
by
in SecurityNewsNorth Korean state-sponsored hackers, known as APT37 or ScarCruft, have been employing sophisticated tactics to breach systems, leveraging malicious ZIP files containing LNK files to initiate attacks. These LNK files, often disguised as documents related to North Korean affairs or trade agreements, are distributed via phishing emails. Once opened, they trigger a multi-stage attack involving…
-
North Korean IT Workers Linked to 2,400 Astrill VPN IP Addresses
by
in SecurityNewsnew data has emerged linking over 2,400 IP addresses associated with Astrill VPN to individuals believed to be North Korean IT workers. These findings were reported by a cyber security source, who obtained the information from http://Spur.us, a platform known for tracking and exposing malicious online activity. This development raises serious concerns about the extent to…
-
North Korea-linked APT Moonstone used Qilin ransomware in limited attacks
by
in SecurityNewsMicrosoft researchers reported that North Korea-linked APT tracked as Moonstone Sleet has employed the Qilin ransomware in limited attacks. Microsoft observed a North Korea-linked APT group, tracked as Moonstone Sleet, deploying Qilin ransomware in limited attacks since February 2025. The APT group uses Qilin ransomware after previously using custom ransomware. >>Moonstone Sleet has previously exclusively…
-
US Feds Take Down Garantex, Indict Operators
by
in SecurityNewse=4>Russian cryptocurrency exchange Garantex, a money laundering destination for Russian and North Korean hackers, is no more after international law enforcement seized its servers. Prosecutors in the United States indicted the exchange’s two principals in federal court. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/us-feds-take-down-garantex-indict-operators-a-27668
-
North Korean Moonstone Sleet Uses Creative Tactics to Deploy Custom Ransomware
by
in SecurityNewsIn a recent development, Microsoft has identified a new North Korean threat actor known as Moonstone Sleet, which has been employing a combination of traditional and innovative tactics to achieve its financial and cyberespionage objectives. Moonstone Sleet, formerly tracked as Storm-1789, has demonstrated a sophisticated approach by using fake companies, trojanized software, and even a…
-
North Korean hackers join Qilin ransomware gang
by
in SecurityNewsMicrosoft says a North Korean hacking group tracked as Moonstone Sleet has deployed Qilin ransomware payloads in a limited number of attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-north-korean-hackers-now-deploying-qilin-ransomware/
-
Safe{Wallet} Confirms North Korean TraderTraitor Hackers Stole $1.5 Billion in Bybit Heist
by
in SecurityNews
Tags: attack, cloud, crypto, cybersecurity, google, hacker, malicious, mandiant, north-korea, threatSafe{Wallet} has revealed that the cybersecurity incident that led to the Bybit $1.5 billion crypto heist is a “highly sophisticated, state-sponsored attack,” stating the North Korean threat actors behind the hack took steps to erase traces of the malicious activity in an effort to hamper investigation efforts.The multi-signature (multisig) platform, which has roped in Google…
-
1,5 Milliarden Dollar gestohlen – Hacker aus Nordkorea des Bybit-Milliardenraubs verdächtigt
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/nordkoreanische-hacker-stehlen-ethereum-von-bybit-a-7ed451714682b19fc711a283a3da1cb3/
-
North Korean Fake IT Workers Pose as Blockchain Developers on GitHub
by
in SecurityNewsNorth Korean fake IT workers are creating personas on GitHub to land blockchain developer jobs at US and Japanese firms. The post North Korean Fake IT Workers Pose as Blockchain Developers on GitHub appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/north-korean-fake-it-workers-pose-as-blockchain-developers-on-github/
-
North Korean IT Workers Exploit GitHub to Launch Global Cyber Attacks
by
in SecurityNewsA network of suspected North Korean IT workers is using GitHub to create and backstop fake personas, aiming to infiltrate companies globally, particularly in Japan and the United States. DPRK-Linked Network Targets Companies in Japan and US Cybersecurity firm Nisos has uncovered this operation, which appears to be part of Pyongyang’s efforts to fund its…
-
North Korea’s Latest ‘IT Worker’ Scheme Seeks Nuclear Funds
by
in SecurityNewsFraudulent IT workers are looking for engineering and developer positions in the US and Japan, and this time it’s not about espionage. First seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/north-korea-it-worker-scheme-nuclear-funds
-
Hackers launder most of Bybit’s stolen crypto worth $1.4B
by
in SecurityNewsExperts note that this is just the first step for the alleged North Korean hackers to profit from the historic heist. First seen on techcrunch.com Jump to article: techcrunch.com/2025/03/04/hackers-launder-most-of-bybits-stolen-crypto-worth-1-4-billion/
-
North Koreans finish initial laundering stage after more than $1 billion stolen from Bybit
by
in SecurityNewsExperts from multiple blockchain security companies said Monday that the hackers were able to move all of the stolen ETH coins to new addresses, the first step taken before the funds can be laundered further. First seen on therecord.media Jump to article: therecord.media/north-koreans-initial-laundering-bybit-hack
-
Digital nomads and risk associated with the threat of infiltred employees
by
in SecurityNewsCompanies face the risk of insider threats, worsened by remote work. North Korean hackers infiltrate firms via fake IT hires, stealing data. Stronger vetting is key. In an increasingly connected and digitalized world, companies are facing new security challenges. The insider threat, or the risk that an employee could harm the company, is a growing…
-
North Korean Fake IT Workers Leverage GitHub to Build Jobseeker Personas
by
in SecurityNewsNisos has found six personas leveraging new and existing GitHub accounts to get developer jobs in Japan and the US First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/north-korean-fake-it-workers-github/