Tag: North Korean

New Report Reveals North Korean Hackers Targeting Defense Firms Worldwide
News

New Report Reveals North Korean Hackers Targeting Defense Firms Worldwide

Cyber espionage efforts aimed at the global defense industry have been linked to threat actors supported by North Korea. The National Intelligence Service (NIS) of South Korea and the Federal Office for the Protection of the Constitution (BfV) of Germany jointly released advice stating that the attacks aim to steal cutting-edge defense technologies in a "cost-effective" way. They pointed out that the government is developing new strategic weapon systems, such as ballistic missiles, spy satellites, and submarines, and modernizing and enhancing the capabilities of conventional weapons. One of the two hacking instances, which entailed the use of social engineering to enter the defense sector as part of a long-running operation named Dream Job read more New Report Reveals North Korea...
North Korean Hackers Weaponize Fake Research to Deliver RokRAT Backdoor
News

North Korean Hackers Weaponize Fake Research to Deliver RokRAT Backdoor

In December 2023, a threat actor going by the name of ScarCruft launched a new campaign targeted at media outlets and prominent specialists in North Korean affairs. According to a report shared with The Hacker News by SentinelOne researchers Aleksandar Milenkoski and Tom Hegel, "ScarCruft has been experimenting with new infection chains, including the use of a technical threat research report as a decoy, likely targeting consumers of threat intelligence like cybersecurity professionals." The adversary associated with North Korea, often referred to as APT37, InkySquid, RedEyes, Ricochet Chollima, and Ruby Sleet, is evaluated as belonging to the Ministry of State Security (MSS), as opposed to Kimsuky and Lazarus Group read more North Korean Hackers Weaponize Fake Research to Deliver R...
U.S. DoJ Cracks Down on North Korean IT Scammers Defrauding Global Businesses
News

U.S. DoJ Cracks Down on North Korean IT Scammers Defrauding Global Businesses

17 website domains used by North Korean IT professionals to deceive companies worldwide, avoid sanctions, and finance the nation's ballistic missile development have been seized, according to an announcement made by the U.S. government. According to the Department of Justice (DoJ), between October 2022 and January 2023, these IT personnel used a misleading plan to collect money from unsuspecting victims. The U.S. seized roughly $1.5 million of that revenue. It also criticized North Korea for sending a large number of well-meaning IT workers from the country to work in the "global marketplace." According to court filings, the sent workers are mainly from China and Russia read more U.S. DoJ Cracks Down on North Korean IT Scammers Defrauding Global Businesses. Stay informed with the...
North Korean Affiliates Suspected in $40M Cryptocurrency Heist, FBI Warns
News

North Korean Affiliates Suspected in $40M Cryptocurrency Heist, FBI Warns

The U.S. Federal Bureau of Investigation (FBI) issued a warning on Tuesday about threat actors connected to North Korea who may try to withdraw $40 million worth of stolen cryptocurrencies. The law enforcement organization linked the blockchain activity to TraderTraitor, also known as Jade Sleet, a rival that the US government keeps tabs on. According to an FBI investigation, the organization stole about 1,580 bitcoin in the last day from numerous cryptocurrency heists and is now believed to be keeping those cash in six different wallets read more North Korean Affiliates Suspected in $40M Cryptocurrency Heist, FBI Warns. Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehensive coverage of the latest threats, breaches, and soluti...
North Korean Hackers Targets Russian Missile Engineering Firm
News

North Korean Hackers Targets Russian Missile Engineering Firm

A cyberattack targeting NPO Mashinostroyeniya, a significant Russian missile technical firm, has been attributed to two distinct North Korean nation-state entities. SentinelOne, a cybersecurity company, claimed to have discovered "two instances of North Korea related compromise of sensitive internal IT infrastructure," including the compromise of an email server and the installation of the OpenCarrot Windows backdoor. ScarCruft has been blamed for the attack on the Linux email server. On the other side, OpenCarrot is a well-known implant that has already been linked to the Lazarus Group read more North Korean Hackers Targets Russian Missile Engineering Firm. Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehensive coverage of th...
Experts Warn of Self Funding North Korean Group APT43
News

Experts Warn of Self Funding North Korean Group APT43

A new North Korean APT outfit that leverages crypto theft as a means of funding its primary objective of cyberespionage for the Kim Jong-un dictatorship has been exposed by Mandiant. APT43 is a well-known state actor whose operations have occasionally been linked to "Kimsuky" or "Thallium" in the public eye. The Reconnaissance General Bureau (RGB), North Korea's primary foreign intelligence service, is reportedly connected to it. The organisation is well-known for its widespread spear-phishing attacks, which are backed by "aggressive" social engineering and spoofed domains and email addresses read more Experts Warn of Self Funding North Korean Group APT43. With ReconBee.com Stay ahead of the latest threats with in-depth coverage of cyber attacks and cybersecurity trends, and the ...