North Korea Archives - Page 3 of 19

Pierluigi Paganini November 25, 2023

North Korea-linked APT Lazarus is using a MagicLine4NX zero-day flaw in supply chain attack

UK and South Korea agencies warn that North Korea-linked APT Lazarus is using a MagicLine4NX zero-day flaw in supply-chain attack The National Cyber Security Centre (NCSC) and Korea’s National Intelligence Service (NIS) released a joint warning that the North Korea-linked Lazarus hacking group is exploiting a zero-day vulnerability in the MagicLine4NX software to carry out […]

Pierluigi Paganini November 13, 2023

North Korea-linked APT Sapphire Sleet targets IT job seekers with bogus skills assessment portals

North Korea-linked APT group Sapphire Sleet set up bogus skills assessment portals in attacks aimed at IT job seekers. The North Korea-linked APT group Sapphire Sleet (aka APT38, BlueNoroff, CageyChameleon, and CryptoCore) is considered a sub-group of the popular Lazarus APT group. The APT group’s campaigns focus on cryptocurrency exchanges, venture capital firms, and banks. […]

Pierluigi Paganini November 08, 2023

North Korea-linked APT BlueNoroff used new macOS malware ObjCShellz

The North Korea-linked APT BlueNoroff used a new strain of macOS malware strain dubbed ObjCShellz, Jamf Threat Labs reported. Researchers from Jamf Threat Labs discovered a new macOS malware strain dubbed ObjCShellz and attributed it to North Korea-linked APT BlueNoroff. The experts noticed that the ObjCShellz malware shares similarities with the RustBucket malware campaign associated with the BlueNoroff APT […]

Pierluigi Paganini October 21, 2023

US DoJ seized domains used by North Korean IT workers to defraud businesses worldwide

The U.S. government seized 17 website domains used by North Korean IT workers in a fraudulent scheme to defraud businesses worldwide. The U.S. government announced the seizure of 17 website domains used by North Korean information technology (IT) workers as part of a fraudulent scheme illicit scheme to defraud businesses worldwide. The illicit funds defraud U.S. and […]

Pierluigi Paganini October 19, 2023

North Korea-linked APT groups actively exploit JetBrains TeamCity flaw

North Korea-linked threat actors are actively exploiting a critical vulnerability CVE-2023-42793 in JetBrains TeamCity. Microsoft warns that North Korea-linked threat actors are actively exploiting a critical security vulnerability, tracked as CVE-2023-42793 (CVSS score: 9.8), in JetBrains TeamCity. CVE-2023-42793 is an authentication bypass issue affecting the on-premises version of TeamCity. An attacker can exploit the flaw to steal […]

Pierluigi Paganini October 08, 2023

North Korea-linked Lazarus APT laundered over $900 million through cross-chain crime

North Korea-linked APT group Lazarus has laundered $900 million worth of cryptocurrency, Elliptic researchers reported. Researchers from blockchain analytics firm Elliptic reported that threat actors has already laundered a record $7 billion through cross-chain crime. The term “Cross-chain crime” is used to refer to the swapping of cryptoassets between different tokens or blockchains to launder […]

Pierluigi Paganini September 18, 2023

North Korea’s Lazarus APT stole almost $240 million in crypto assets since June

The North Korea-linked APT group Lazarus has stolen more than $240 million worth of cryptocurrency since June 2023, researchers warn. According to a report published by blockchain cyber security firm Elliptic, in the past 104 days, the North Korea-linked APT group Lazarus has stolen most of $240 million in crypto assets from multiple businesses, including […]

Pierluigi Paganini September 08, 2023

North Korea-linked threat actors target cybersecurity experts with a zero-day

North Korea-linked threat actors associated with North Korea exploited a zero-day flaw in attacks against cybersecurity experts. North Korea-linked threat actors were observed exploiting a zero-day vulnerability in an unnamed software to target cybersecurity researchers. The attacks that took place in the past weeks were detected by researchers at Google’s Threat Analysis Group (TAG). “Recently, […]

Pierluigi Paganini September 01, 2023

North Korea-linked APT Labyrinth Chollima behind PyPI supply chain attacks

ReversingLabs researchers linked the VMConnect campaign to the North Korea-linked APT group Labyrinth Chollima. ReversingLabs researchers believe that the North Korea-linked APT group Labyrinth Chollima is behind the VMConnect campaign. Threat actors uploaded a series of malicious packages to the PyPI (Python Package Index) repository, including a rogue package posing as the VMware vSphere connector […]

Pierluigi Paganini August 24, 2023

Lazarus APT exploits Zoho ManageEngine flaw to target an Internet backbone infrastructure provider

The North Korea-linked Lazarus group exploits a critical flaw in Zoho ManageEngine ServiceDesk Plus to deliver the QuiteRAT malware. The North Korea-linked APT group Lazarus has been exploiting a critical vulnerability, tracked as CVE-2022-47966, in Zoho’s ManageEngine ServiceDesk in attacks aimed at the Internet backbone infrastructure provider and healthcare organizations. The state-sponsored hackers targeted entities […]

North Korea

North Korea-linked APT Lazarus is using a MagicLine4NX zero-day flaw in supply chain attack

North Korea-linked APT Sapphire Sleet targets IT job seekers with bogus skills assessment portals

North Korea-linked APT BlueNoroff used new macOS malware ObjCShellz

US DoJ seized domains used by North Korean IT workers to defraud businesses worldwide

North Korea-linked APT groups actively exploit JetBrains TeamCity flaw

North Korea-linked Lazarus APT laundered over $900 million through cross-chain crime

North Korea’s Lazarus APT stole almost $240 million in crypto assets since June

North Korea-linked threat actors target cybersecurity experts with a zero-day

North Korea-linked APT Labyrinth Chollima behind PyPI supply chain attacks

Lazarus APT exploits Zoho ManageEngine flaw to target an Internet backbone infrastructure provider

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Taking over millions of developers exploiting an Open VSX Registry flaw

OneClik APT campaign targets energy sector with stealthy backdoors

APT42 impersonates cyber professionals to phish Israeli academics and journalists

Kai West, aka IntelBroker, indicted for cyberattacks causing $25M in damages

Cisco fixed critical ISE flaws allowing Root-level remote code execution

QUICK LINKS

North Korea

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!