DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack

Multiple threat activity clusters with ties to North Korea aka Democratic People's Republic of Korea or DPRK have been linked to attacks targeting organizations and individuals in the Web3 and cryptocurrency space. "The focus on Web3 and cryptocurrency appears to be primarily financially motivate...

MAL-2024-8845 Malicious code in eslint-module-conf (npm)

The package contains the BeaverTail infostealer malware associate with DPRK threat actors. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 57ba9b08d4ba893169691f9b674d05dc209e43e0932a266fbac6479a5e1dc398 Any computer that has this package installed or running should...

MAL-2024-8847 Malicious code in ethersscan-api (npm)

The package contains the BeaverTail infostealer malware associated with DPRK threat actors. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2bdf32a4e45ba09760610d3f87cf8cfdae4d386a4ee4df99f1973ab577373620 Any computer that has this package installed or running shoul...

MAL-2024-8846 Malicious code in eslint-scope-util (npm)

The package contains the BeaverTail infostealer malware associated with DPRK threat actors. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c97eb42ab9ab02fd3a0e93acf449bb0fc75b1af462f6221cfca5d3b14588a0fb Any computer that has this package installed or running shoul...

North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs

Summary The U.S. Federal Bureau of Investigation FBI and the following authoring partners are releasing this Cybersecurity Advisory to highlight cyber espionage activity associated with the Democratic People’s Republic of Korea DPRK’s Reconnaissance General Bureau RGB 3rd Bureau based in Pyongyan...

Russian Government Software Backdoored to Deploy Konni RAT Malware

An installer for a tool likely used by the Russian Consular Department of the Ministry of Foreign Affairs MID has been backdoored to deliver a remote access trojan called Konni RAT aka UpDog. The findings come from German cybersecurity company DCSO, which linked the activity as originating from t...

North Korea's Cyber Heist: DPRK Hackers Stole $600 Million in Cryptocurrency in 2023

Threat actors affiliated with the Democratic People's Republic of Korea also known as North Korea have plundered at least $600 million in cryptocurrency in 2023. The DPRK "was responsible for almost a third of all funds stolen in crypto attacks last year, despite a 30% reduction from the USD 850...

U.S. Treasury Sanctions North Korean Kimsuky Hackers and 8 Foreign-Based Agents

The U.S. Department of the Treasury's Office of Foreign Assets Control OFAC on Thursday sanctioned the North Korea-linked adversarial collective known as Kimsuky as well as eight foreign-based agents who are alleged to have facilitated sanctions evasion. The agents, the Treasury said, helped in...

N. Korean Hackers 'Mixing' macOS Malware Tactics to Evade Detection

The North Korean threat actors behind macOS malware strains such as RustBucket and KANDYKORN have been observed "mixing and matching" different elements of the two disparate attack chains, leveraging RustBucket droppers to deliver KANDYKORN. The findings come from cybersecurity firm SentinelOne,...

North Korean Hackers Targeting Crypto Experts with KANDYKORN macOS Malware

State-sponsored threat actors from the Democratic People's Republic of Korea DPRK have been found targeting blockchain engineers of an unnamed crypto exchange platform via Discord with a novel macOS malware dubbed KANDYKORN. Elastic Security Labs said the activity, traced back to April 2023,...

Attacks, Vulnerabilities and Actors 3 July to 9 July 2023

For a detailed threat digest, download the pdf file here Summary HiveForceLabs recently made several significant discoveries related to cybersecurity threats. Over the past week, the fact that there were a total of eight attacks executed, a zero-day vulnerability in the WordPress Plugin, and thre...

New Variant of RUSTBUCKET Malware Targeting Cryptocurrency Providers

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary RUSTBUCKET malware family is actively developing, adding persistence capabilities, while the REF9135 operation by the DPRK targets cryptocurrency service providers. To receive real-time threat advisories...

Malicious DPRK Actors Target the Healthcare Industry in the US & South Korea

Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary State-sponsored malicious actors from the Democratic Peoples Republic of Korea DPRK have carried out a ransomware attack against the healthcare systems of South Korea...

A week in security (February 13 - 19)

Last week on Malwarebytes Labs: What is AI good at and what the heck is it, actually, with Josh Saxe: Lock and Code S04E04 Malwarebytes recognized as endpoint security leader by G2 CISA issues alert with South Korean government about DPRK's ransomware antics Jailbreaking ChatGPT and other large...

North Korea's APT37 Targeting Southern Counterpart with New M2RAT Malware

The North Korea-linked threat actor tracked as APT37 has been linked to a piece of new malware dubbed M2RAT in attacks targeting its southern counterpart, suggesting continued evolution of the group's features and tactics. APT37, also tracked under the monikers Reaper, RedEyes, Ricochet Chollima,...

CISA issues alert with South Korean government about DPRK's ransomware antics

CISA and other federal agencies were joined by the National Intelligence Service NIS and the Defense Security Agency of the Republic of Korea ROK in releasing the latest cybersecurity advisory in the US government's ongoing StopRansomware effort. This alert highlights continuous state-sponsored...

#StopRansomware: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities

SUMMARY Note: This Cybersecurity Advisory CSA is part of an ongoing StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and various ransomware threat actors. These StopRansomware advisories detail historically and recently observed tactics,...

#StopRansomware - Ransomware Attacks on Critical Infrastructure Fund DPRK Espionage Activities

CISA, the National Security Agency NSA, the Federal Bureau of Investigation FBI, the Department of Health and Human Services HHS, and Republic of Korea’s Defense Security Agency and National Intelligence Service have released a joint Cybersecurity Advisory CSA, Ransomware Attacks on Critical...

Good Luck Not Accidentally Hiring a North Korean Scammer

DPRK hackers are tricking their way into jobs with Western firms. A US government alert reminds employers they're on the front lines—and potentially on the hook...

The Hermit Kingdom’s Ransomware Play

The Hermit Kingdom’s Ransomware play By Trellix · May 3, 2022 With a special thanks to @ValidHorizon who helped and shared information In February 2016, news broke about what is now known as the ‘Bangladesh Bank Heist’. Hackers attempted to transfer nearly one billion USD through the SWIFT system...