Tag: North Korean Hacker

Kimsuky Using TRANSLATEXT Chrome Extension to Steal Sensitive Data
News

Kimsuky Using TRANSLATEXT Chrome Extension to Steal Sensitive Data

As part of a continuing intelligence gathering operation, the use of a new malicious Google Chrome extension that is intended to steal sensitive information has been connected to the North Korea-affiliated threat actor known as Kimsuky. After noticing the activity in early March 2024, Zscaler ThreatLabz nicknamed the extension TRANSLATEXT, emphasizing its capacity to collect cookies, browser screenshots, email addresses, usernames, and passwords. It is claimed that the targeted effort was launched against academics in South Korea who specialize in North Korean political issues. Kimsuky is a well-known North Korean hacker group that has been operating since at least 2012. They plan financially driven attacks and cyberespionage against South Korean organizations read more about Kim...
North Korean Hacker Group Andariel Strikes with EarlyRat Malware
News

North Korean Hacker Group Andariel Strikes with EarlyRat Malware

A previously unknown piece of malware named EarlyRat was used in phishing assaults by the North Korea-aligned threat actor Andariel, adding to the group's extensive toolkit. In a recent analysis, Kaspersky stated that "Andariel infects machines by executing a Log4j exploit, which, in turn, downloads further malware from the command-and-control (C2) server." Andariel, also known as Silent Chollima and Stonefly, is connected to North Korea's Lab 110, a main hacking organisation that also contains APT38 (also known as BlueNoroff) and other subordinate parts that are all monitored under the Lazarus Group banner. The threat actor is known to engage in cybercrime as an additional source of revenue for the country under sanctions read more North Korean Hacker Group Andariel Strikes with...