North Korea Archives - Page 2 of 19

Pierluigi Paganini August 21, 2024

North Korea-linked APT used a new RAT called MoonPeak

North Korea-linked APT Kimsuky is likely behind a new remote access trojan called MoonPeak used in a recent campaign spotted by Cisco Talos. Cisco Talos researchers uncovered the infrastructure used by the North Korea-linked APT group tracked as UAT-5394, which experts suspect is linked to the Kimsuky APT group. The infrastructure includes staging, C2 servers, […]

Pierluigi Paganini August 13, 2024

US DoJ dismantled remote IT worker fraud schemes run by North Korea

The U.S. DoJ arrested a Tennessee man for running a “laptop farm” that enabled North Korea-linked IT workers to obtain remote jobs with American companies. The U.S. Justice Department arrested Matthew Isaac Knoot (38) from Nashville (Tennessee) for operating a “laptop farm” that facilitated North Korea-linked IT workers in obtaining remote jobs with American companies. […]

Pierluigi Paganini August 06, 2024

North Korea-linked hackers target construction and machinery sectors with watering hole and supply chain attacks

South Korea’s National Cyber Security Center (NCSC) reported that North Korea-linked hackers hijacked VPN software updates to deploy malware. South Korea’s national security and intelligence agencies, including the National Intelligence Service, the Prosecutor’s Office, the Police Agency, the Military Intelligence Command, and the Cyber Operations Command, have issued a joint cybersecurity advisory to warn that […]

Pierluigi Paganini May 19, 2024

North Korea-linked Kimsuky used a new Linux backdoor in recent attacks

Symantec warns of a new Linux backdoor used by the North Korea-linked Kimsuky APT in a recent campaign against organizations in South Korea. Symantec researchers observed the North Korea-linked group Kimsuky using a new Linux backdoor dubbed Gomir. The malware is a version of the GoBear backdoor which was delivered in a recent campaign by […]

Pierluigi Paganini May 18, 2024

North Korea-linked IT workers infiltrated hundreds of US firms

The U.S. Justice Department charged five individuals, including a U.S. woman, for aiding North Korea-linked IT workers to infiltrate 300 firms. The Justice Department unsealed charges against an Arizona woman, a Ukrainian man, and three unidentified foreign nationals accused of aiding overseas IT workers, pretending to be U.S. citizens, to infiltrate hundreds of firms in […]

Pierluigi Paganini May 17, 2024

North Korea-linked Kimsuky APT attack targets victims via Messenger

North Korea-linked Kimsuky APT group employs rogue Facebook accounts to target victims via Messenger and deliver malware. Researchers at Genians Security Center (GSC) identified a new attack strategy by the North Korea-linked Kimsuky APT group and collaborated with the Korea Internet & Security Agency (KISA) for analysis and response. The nation-state actor attack used a fake account […]

Pierluigi Paganini April 23, 2024

North Korea-linked APT groups target South Korean defense contractors

The National Police Agency in South Korea warns that North Korea-linked threat actors are targeting defense industry entities. The National Police Agency in South Korea warns that North Korea-linked threat actors are targeting defense industry entities to steal defense technology information. North Korea-linked APT groups Lazarus, Andariel, and Kimsuky hacked multiple defense companies in South […]

Pierluigi Paganini February 15, 2024

North Korea-linked actors breached the emails of a Presidential Office member

The office of South Korean President Yoon Suk Yeol said that North Korea-linked actors breached the personal emails of one of his staff members. The office of South Korean President Yoon Suk Yeol announced a security incident involving the compromise of personal emails belonging to a member of the presidential staff. The government attributes the […]

Pierluigi Paganini January 06, 2024

Experts spotted a new macOS Backdoor named SpectralBlur linked to North Korea

Researchers discovered a macOS backdoor, called SpectralBlur, which shows similarities with a North Korean APT’s malware family. Security researcher Greg Lesnewich discovered a backdoor, called SpectralBlur, that targets Apple macOS. The backdoor shows similarities with the malware family KANDYKORN (aka SockRacket), which was attributed to the North Korea-linked Lazarus sub-group known as BlueNoroff (aka TA444). KandyKorn is an […]

Pierluigi Paganini December 01, 2023

US govt sanctioned North Korea-linked APT Kimsuky

The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions against North Korea-linked APT group Kimsuky. The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) this week announced sanctions against the North Korea-linked APT group Kimsuky. Kimsuky cyberespionage group (aka ARCHIPELAGO, Black Banshee, Thallium, Velvet Chollima, APT43) was first spotted by Kaspersky researchers in […]

North Korea

North Korea-linked APT used a new RAT called MoonPeak

US DoJ dismantled remote IT worker fraud schemes run by North Korea

North Korea-linked hackers target construction and machinery sectors with watering hole and supply chain attacks

North Korea-linked Kimsuky used a new Linux backdoor in recent attacks

North Korea-linked IT workers infiltrated hundreds of US firms

North Korea-linked Kimsuky APT attack targets victims via Messenger

North Korea-linked APT groups target South Korean defense contractors

North Korea-linked actors breached the emails of a Presidential Office member

Experts spotted a new macOS Backdoor named SpectralBlur linked to North Korea

US govt sanctioned North Korea-linked APT Kimsuky

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Taking over millions of developers exploiting an Open VSX Registry flaw

OneClik APT campaign targets energy sector with stealthy backdoors

APT42 impersonates cyber professionals to phish Israeli academics and journalists

Kai West, aka IntelBroker, indicted for cyberattacks causing $25M in damages

Cisco fixed critical ISE flaws allowing Root-level remote code execution

QUICK LINKS

North Korea

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!