Lazarus Archives - Page 2 of 5

Pierluigi Paganini August 23, 2023

FBI identifies wallets holding cryptocurrency funds stolen by North Korea

The U.S. FBI warned that North Korea-linked threat actors may attempt to cash out stolen cryptocurrency worth more than $40 million. The Federal Bureau of Investigation shared details about the activity of six cryptocurrency wallets operated by North Korea-linked threat actors. The wallets hold roughly 1,580 Bitcoin (roughly $41 million at the current rate) that […]

Pierluigi Paganini August 07, 2023

North Korea compromised Russian missile engineering firm NPO Mashinostroyeniya

Two North Korea-linked APT groups compromised the infrastructure of the major Russian missile engineering firm NPO Mashinostroyeniya. Cybersecurity firm SentinelOne linked the compromise of the major Russian missile engineering firm NPO Mashinostroyeniya to two different North Korea-linked APT groups. NPO Mashinostroyeniya (JSC MIC Mashinostroyenia, NPO Mash) is a leading Russian manufacturer of missiles and military […]

Pierluigi Paganini May 25, 2023

North Korea-linked Lazarus APT targets Microsoft IIS servers to deploy malware

North Korea-linked APT group Lazarus actor has been targeting vulnerable Microsoft IIS servers to deploy malware. AhnLab Security Emergency response Center (ASEC) researchers reported that the Lazarus APT Group is targeting vulnerable versions of Microsoft IIS servers in a recent wave of malware-based attacks. Once discovered a vulnerable ISS server, the attackers leverage the DLL side-loading […]

Pierluigi Paganini May 24, 2023

The US government sanctioned four entities and one individual for supporting cyber operations conducted by North Korea

The US Department of the Treasury sanctioned four entities and one individual for their role in cyber operations conducted by North Korea. The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions against four entities and one individual for their role in malicious cyber operations conducted to support the government of […]

Pierluigi Paganini April 20, 2023

Lazarus APT group employed Linux Malware in recent attacks and was linked to 3CX supply chain attack

North Korea-linked APT group Lazarus employed new Linux malware in attacks that are part of Operation Dream Job. North Korea-linked APT group Lazarus is behind a new campaign tracked as Operation DreamJob (aka DeathNote or NukeSped) that employed Linux malware. The threat actors were observed using social engineering techniques to compromise its targets, with fake job offers […]

Pierluigi Paganini April 04, 2023

3CX Supply chain attack allowed targeting cryptocurrency companies

Threat actors behind the 3CX supply chain attack have targeted a limited number of cryptocurrency companies with a second-state implant. As of Mar 22, 2023, SentinelOne observed a spike in behavioral detections of the 3CXDesktopApp, which is a popular voice and video conferencing software product. The products from multiple cybersecurity vendors started detecting the popular […]

Pierluigi Paganini November 16, 2022

Lazarus APT uses DTrack backdoor in attacks against LATAM and European orgs

North Korea-linked Lazarus APT is using a new version of the DTrack backdoor in attacks aimed at organizations in Europe and Latin America. North Korea-linked APT Lazarus is using a new version of the DTrack backdoor to attack organizations in Europe and Latin America, Kaspersky researchers warn. DTrack is a modular backdoor used by the […]

Pierluigi Paganini October 04, 2022

Lazarus APT employed an exploit in a Dell firmware driver in recent attacks

North Korea-linked Lazarus APT has been spotted deploying a Windows rootkit by taking advantage of an exploit in a Dell firmware driver. The North Korea-backed Lazarus Group has been observed deploying a Windows rootkit by relying on exploit in a Dell firmware driver dbutil_2_3.sys, ESET researchers warn. The discovery was made by ESET researchers while […]

Pierluigi Paganini May 07, 2022

US gov sanctions cryptocurrency mixer Blender also used by North Korea-linked Lazarus APT

The U.S. Department of Treasury sanctioned cryptocurrency mixer Blender.io used by North Korea-linked Lazarus APT. The U.S. Department of Treasury sanctioned the cryptocurrency mixer Blender.io used by the North Korea-linked Lazarus APT to launder the funds stolen from Axie Infinity’s Ronin bridge. This is the first time ever, Treasury is sanctioning a virtual currency mixer. […]

Pierluigi Paganini November 15, 2021

North Korea-linked Lazarus group targets cybersecurity experts with Trojanized IDA Pro

North Korea-linked APT Lazarus targets security researchers using a trojanized pirated version of the popular IDA Pro reverse engineering software. ESET researchers reported that the North Korea-linked Lazarus APT group is targeting cyber security community with a trojanized pirated version of the popular IDA Pro reverse engineering software. Threat actors bundled the IDA Pro 7.5 […]

Lazarus

FBI identifies wallets holding cryptocurrency funds stolen by North Korea

North Korea compromised Russian missile engineering firm NPO Mashinostroyeniya

North Korea-linked Lazarus APT targets Microsoft IIS servers to deploy malware

The US government sanctioned four entities and one individual for supporting cyber operations conducted by North Korea

Lazarus APT group employed Linux Malware in recent attacks and was linked to 3CX supply chain attack

3CX Supply chain attack allowed targeting cryptocurrency companies

Lazarus APT uses DTrack backdoor in attacks against LATAM and European orgs

Lazarus APT employed an exploit in a Dell firmware driver in recent attacks

US gov sanctions cryptocurrency mixer Blender also used by North Korea-linked Lazarus APT

North Korea-linked Lazarus group targets cybersecurity experts with Trojanized IDA Pro

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks

DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033

Stealth backdoor found in WordPress mu-Plugins folder

U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog

U.S. CISA urges FCEB agencies to fix two Microsoft SharePoint flaws immediately and added them to its Known Exploited Vulnerabilities catalog

QUICK LINKS

Lazarus

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!