12 matches found
North Korean Hackers Shift from Cyber Espionage to Ransomware Attacks
A North Korea-linked threat actor known for its cyber espionage operations has gradually expanded into financially-motivated attacks that involve the deployment of ransomware, setting it apart from other nation-state hacking groups linked to the country. Google-owned Mandiant is tracking the...
Microsoft Warns of Fake Skills Assessment Portals Targeting IT Job Seekers
A sub-cluster within the infamous Lazarus Group has established new infrastructure that impersonates skills assessment portals as part of its social engineering campaigns. Microsoft attributed the activity to a threat actor it calls Sapphire Sleet, describing it as a "shift in the persistent...
North Korean Affiliates Suspected in $40M Cryptocurrency Heist, FBI Warns
The U.S. Federal Bureau of Investigation FBI on Tuesday warned that threat actors affiliated with North Korea may attempt to cash out stolen cryptocurrency worth more than $40 million. The law enforcement agency attributed the blockchain activity to an adversary the U.S. government tracks as...
North Korean Hackers Turn to Credential Harvesting in Latest Wave of Cyberattacks
A North Korean nation-state group notorious for crypto heists has been attributed to a new wave of malicious email attacks as part of a "sprawling" credential harvesting activity targeting a number of industry verticals, marking a significant shift in its strategy. The state-aligned threat actor ...
FBI Says North Korean Hackers Behind $100 Million Horizon Bridge Crypto Theft
The U.S. Federal Bureau of Investigation FBI on Monday confirmed that North Korean threat actors were responsible for the theft of $100 million in cryptocurrency assets from Harmony Horizon Bridge in June 2022. The law enforcement agency attributed the hack to the Lazarus Group and APT38, the...
BlueNoroff APT Hackers Using New Ways to Bypass Windows MotW Protection
BlueNoroff, a subcluster of the notorious Lazarus Group, has been observed adopting new techniques into its playbook that enable it to bypass Windows Mark of the Web MotW protections. This includes the use of optical disk image .ISO extension and virtual hard disk .VHD extension file formats as...
Lazarus group uses fake cryptocurrency apps to plant AppleJeus malware
The North Korean Lazarus Group, aka APT38, is one of the most sophisticated North Korean APTs. It's been active since 2009 and is responsible for many high profile attacks. In January of 2022 the Malwarebytes Intelligence Team uncovered a campaign where Lazarus conducted spear phishing attacks...
U.S. Offers $10 Million Reward for Information on North Korean Hackers
The U.S. State Department has announced rewards of up to $10 million for any information that could help disrupt North Korea's cryptocurrency theft, cyber-espionage, and other illicit state-backed activities. "If you have information on any individuals associated with the North Korean...
North Korean Lazarus APT group targets blockchain tech companies
A new advisory issued by the Federal Bureau of Investigation FBI, the Cybersecurity and Infrastructure Security Agency CISA, and the US Treasury Department Treasury, highlights the cyberthreats associated with cryptocurrency thefts and tactics used by a North Korean state-sponsored advanced...
North Korean Hackers Using Windows Update Service to Infect PCs with Malware
The notorious Lazarus Group actor has been observed mounting a new campaign that makes use of the Windows Update service to execute its malicious payload, expanding the arsenal of living-off-the-land LotL techniques leveraged by the APT group to further its objectives. The Lazarus Group, also kno...
North Korean Hackers Target Cybersecurity Researchers with Trojanized IDA Pro
Lazarus, the North Korea-affiliated state-sponsored group, is attempting to once again target security researchers with backdoors and remote access trojans using a trojanized pirated version of the popular IDA Pro reverse engineering software. The findings were reported by ESET security researche...
APT38: Details on New North Korean Regime-Backed Threat Group
Today, we are releasing details on the threat group that we believe is responsible for conducting financial crime on behalf of the North Korean regime, stealing millions of dollars from banks worldwide. The group is particularly aggressive; they regularly use destructive malware to render victim...