7 matches found
North Korean APT43 Uses PowerShell and Dropbox in Targeted South Korea Cyberattacks
A nation-state threat actor with ties to North Korea has been linked to an ongoing campaign targeting South Korean business, government, and cryptocurrency sectors. The attack campaign, dubbed DEEPDRIVE by Securonix, has been attributed to a hacking group known as Kimsuky, which is also tracked...
North Korean Hackers Shift from Cyber Espionage to Ransomware Attacks
A North Korea-linked threat actor known for its cyber espionage operations has gradually expanded into financially-motivated attacks that involve the deployment of ransomware, setting it apart from other nation-state hacking groups linked to the country. Google-owned Mandiant is tracking the...
North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms
The North Korean threat actor tracked as Kimsuky has been observed deploying a previously undocumented Golang-based malware dubbed Durian as part of highly-targeted cyber attacks aimed at two South Korean cryptocurrency firms. "Durian boasts comprehensive backdoor functionality, enabling the...
North Korean Nation-State Actors Exposed in JumpCloud Hack After OPSEC Blunder
North Korean nation-state actors affiliated with the Reconnaissance General Bureau RGB have been attributed to the JumpCloud hack following an operational security OPSEC blunder that exposed their actual IP address. Google-owned threat intelligence firm Mandiant attributed the activity to a threa...
Google TAG Warns of North Korean-linked ARCHIPELAGO Cyberattacks
A North Korean government-backed threat actor has been linked to attacks targeting government and military personnel, think tanks, policy makers, academics, and researchers in South Korea and the U.S. Google's Threat Analysis Group TAG is tracking the cluster under the name ARCHIPELAGO, which it...
Unraveling North Korea’s Cyber Espionage Group APT43 Targeting Geopolitical Interests
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary APT43 is a cyber espionage group that serves North Korean regime interests by targeting government organizations, academics, and think tanks focused on Korean peninsula geopolitical issues, mainly in Sout...
North Korean APT43 Group Uses Cybercrime to Fund Espionage Operations
A new North Korean nation-state cyber operator has been attributed to a series of campaigns orchestrated to gather strategic intelligence that aligns with Pyongyang's geopolitical interests since 2018. Google-owned Mandiant, which is tracking the activity cluster under the moniker APT43, said the...