Tag: north-korea
-
Lazarus Breaches IIS: Web Shells Evolving C2 Tactics Unveiled
by
in SecurityNewsThe notorious North Korean threat actor Lazarus Group has been identified breaching Windows web servers to establish command-and-control First seen on securityonline.info Jump to article: securityonline.info/lazarus-breaches-iis-web-shells-evolving-c2-tactics-unveiled/
-
Android spyware ‘KoSpy’ spread by suspected North Korean APT
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/android-spyware-kospy-spread-by-suspected-north-korean-apt
-
Breach Roundup: The Ivanti Patch Treadmill
by
in SecurityNewsAlso: Patch Tuesday, Equalize Scandal Figure Dies and Polymorphic Extension Attack. This week, Ivanti EPM customers should patch, Patch Tuesday, fake web browser extensions, North Korean Android malware, a key figure in Italy’s Equalize scandal dead of heart attack. Also, Apache Camel flaw, OpenAI’s agent automates phishing and Apple patched another zero day. First seen…
-
North Korea-linked APT group ScarCruft spotted using new Android spyware KoSpy
by
in SecurityNewsNorth Korea-linked APT group ScarCruft used a new Android spyware dubbed KoSpy to target Korean and English-speaking users. North Korea-linked threat actor ScarCruft (aka APT37, Reaper, and Group123) is behind a previously undetected Android surveillance tool named KoSpy that was used to target Korean and English-speaking users. ScarCruft has been active since at least 2012, it made the…
-
North Korea’s ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps
by
in SecurityNewsThe North Korea-linked threat actor known as ScarCruft is said to have been behind a never-before-seen Android surveillance tool named KoSpy targeting Korean and English-speaking users.Lookout, which shared details of the malware campaign, said the earliest versions date back to March 2022. The most recent samples were flagged in March 2024. It’s not clear how…
-
North Korean Hackers Distributed Android Spyware via Google Play
by
in SecurityNewsThe North Korea-linked APT37 has been observed targeting Android users with spyware distributed via Google Play. The post North Korean Hackers Distributed Android Spyware via Google Play appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/north-korean-hackers-distributed-android-spyware-via-google-play/
-
Suspected North Korea Group Targets Android Devices with Spyware
by
in SecurityNewsA North Korea-backed threat group, APT37, disguised KoSpy as utility apps in Google Play to infect Android devices, using the spyware for such activities as gathering sensitive information, tracking locations, capturing screenshots, recording keystrokes, and accessing files. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/03/suspected-north-korea-group-targets-android-devices-with-spyware/
-
North Korean Hackers Use Google Play Malware to Steal SMS, Calls Screenshots
by
in SecurityNewsCybersecurity researchers at Lookout Threat Lab have uncovered a sophisticated Android surveillance tool dubbed >>KoSpy,
-
North Korean Hackers Deploy DocSwap Malware Disguised as Security Tool
by
in SecurityNews
Tags: authentication, cyber, cybersecurity, hacker, intelligence, malware, north-korea, threat, toolIn a recent cybersecurity threat discovery, the S2W Threat Research and Intelligence Center Talon has identified and analyzed a new type of malware linked to a North Korean-backed Advanced Persistent Threat (APT) group. The malware, masquerading as a “문서열람 ì¸ì¦ 앱” (Document Viewing Authentication App), was first detected on December 13, 2024. This sophisticated threat…
-
Android apps laced with North Korean spyware found in Google Play
by
in SecurityNewsGoogle’s Firebase platform also hosted configuration settings used by the apps. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/03/researchers-find-north-korean-spy-apps-hosted-in-google-play/
-
New North Korean Android spyware slips onto Google Play
by
in SecurityNewsA new Android spyware named ‘KoSpy’ is linked to North Korean threat actors who have infiltrated Google Play and third-party app store APKPure through at least five malicious apps. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-north-korean-android-spyware-slips-onto-google-play/
-
North Korean government hackers snuck spyware on Android app store
by
in SecurityNewsCybersecurity firm Lookout found several samples of a North Korean spyware it calls KoSpy. First seen on techcrunch.com Jump to article: techcrunch.com/2025/03/12/north-korean-government-hackers-snuck-spyware-on-android-app-store/
-
Russland, China, Nordkorea und der Iran – Staaten profitieren durch finanziell motivierte Cyberkriminalität
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/google-mandiant-anstieg-finanziell-motivierter-cyberangriffe-a-74abaf676d92e40033d97f21784161f4/
-
North Korean Cyber Espionage Group Kimsuky Exploits University Website in Watering Hole Attack
by
in SecurityNewsCybersecurity researchers from ESTsecurity’s Security Response Center (ESRC) have uncovered a new watering hole attack campaign attributed to First seen on securityonline.info Jump to article: securityonline.info/north-korean-cyber-espionage-group-kimsuky-exploits-university-website-in-watering-hole-attack/
-
Spyware in bogus Android apps is attributed to North Korean group
by
in SecurityNewsA North Korean nation-state group tracked as APT37 or ScarCruft placed infected utilities in Android app stores as part of an espionage campaign, according to researchers at Lookout. First seen on therecord.media Jump to article: therecord.media/north-korea-malware-android-apps-kospy-apt37-scarcruft
-
North Korean Lazarus hackers infect hundreds via npm packages
by
in SecurityNewsSix malicious packages have been identified on npm (Node package manager) linked to the notorious North Korean hacking group Lazarus. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-infect-hundreds-via-npm-packages/
-
Lazarus Hackers Exploit 6 NPM Packages to Steal Login Credentials
by
in SecurityNewsNorth Korea’s Lazarus Group has launched a new wave of attacks targeting the npm ecosystem, compromising six packages designed to steal login credentials and deploy backdoors. The malicious packages is-buffer-validator, yoojae-validator, event-handle-package, array-empty-validator, react-event-dependency, and auth-validator have collectively been downloaded over 330 times. These packages mimic the names of widely trusted libraries, employing a typosquatting…
-
Qilin ransomware leveraged by North Korea’s Moonstone Sleet in new attacks
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/qilin-ransomware-leveraged-by-north-koreas-moonstone-sleet-in-new-attacks
-
North Korean Hackers Use ZIP Files to Deploy Malicious PowerShell Scripts
by
in SecurityNewsNorth Korean state-sponsored hackers, known as APT37 or ScarCruft, have been employing sophisticated tactics to breach systems, leveraging malicious ZIP files containing LNK files to initiate attacks. These LNK files, often disguised as documents related to North Korean affairs or trade agreements, are distributed via phishing emails. Once opened, they trigger a multi-stage attack involving…
-
North Korean IT Workers Linked to 2,400 Astrill VPN IP Addresses
by
in SecurityNewsnew data has emerged linking over 2,400 IP addresses associated with Astrill VPN to individuals believed to be North Korean IT workers. These findings were reported by a cyber security source, who obtained the information from http://Spur.us, a platform known for tracking and exposing malicious online activity. This development raises serious concerns about the extent to…
-
North Korea-linked APT Moonstone used Qilin ransomware in limited attacks
by
in SecurityNewsMicrosoft researchers reported that North Korea-linked APT tracked as Moonstone Sleet has employed the Qilin ransomware in limited attacks. Microsoft observed a North Korea-linked APT group, tracked as Moonstone Sleet, deploying Qilin ransomware in limited attacks since February 2025. The APT group uses Qilin ransomware after previously using custom ransomware. >>Moonstone Sleet has previously exclusively…
-
US Feds Take Down Garantex, Indict Operators
by
in SecurityNewse=4>Russian cryptocurrency exchange Garantex, a money laundering destination for Russian and North Korean hackers, is no more after international law enforcement seized its servers. Prosecutors in the United States indicted the exchange’s two principals in federal court. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/us-feds-take-down-garantex-indict-operators-a-27668
-
North Korean Moonstone Sleet Uses Creative Tactics to Deploy Custom Ransomware
by
in SecurityNewsIn a recent development, Microsoft has identified a new North Korean threat actor known as Moonstone Sleet, which has been employing a combination of traditional and innovative tactics to achieve its financial and cyberespionage objectives. Moonstone Sleet, formerly tracked as Storm-1789, has demonstrated a sophisticated approach by using fake companies, trojanized software, and even a…
-
North Korean hackers join Qilin ransomware gang
by
in SecurityNewsMicrosoft says a North Korean hacking group tracked as Moonstone Sleet has deployed Qilin ransomware payloads in a limited number of attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-north-korean-hackers-now-deploying-qilin-ransomware/
-
Safe{Wallet} Confirms North Korean TraderTraitor Hackers Stole $1.5 Billion in Bybit Heist
by
in SecurityNews
Tags: attack, cloud, crypto, cybersecurity, google, hacker, malicious, mandiant, north-korea, threatSafe{Wallet} has revealed that the cybersecurity incident that led to the Bybit $1.5 billion crypto heist is a “highly sophisticated, state-sponsored attack,” stating the North Korean threat actors behind the hack took steps to erase traces of the malicious activity in an effort to hamper investigation efforts.The multi-signature (multisig) platform, which has roped in Google…
-
1,5 Milliarden Dollar gestohlen – Hacker aus Nordkorea des Bybit-Milliardenraubs verdächtigt
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/nordkoreanische-hacker-stehlen-ethereum-von-bybit-a-7ed451714682b19fc711a283a3da1cb3/
-
North Korean Fake IT Workers Pose as Blockchain Developers on GitHub
by
in SecurityNewsNorth Korean fake IT workers are creating personas on GitHub to land blockchain developer jobs at US and Japanese firms. The post North Korean Fake IT Workers Pose as Blockchain Developers on GitHub appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/north-korean-fake-it-workers-pose-as-blockchain-developers-on-github/
-
North Korean IT Workers Exploit GitHub to Launch Global Cyber Attacks
by
in SecurityNewsA network of suspected North Korean IT workers is using GitHub to create and backstop fake personas, aiming to infiltrate companies globally, particularly in Japan and the United States. DPRK-Linked Network Targets Companies in Japan and US Cybersecurity firm Nisos has uncovered this operation, which appears to be part of Pyongyang’s efforts to fund its…