CSO
North Korean threat actor APT43 pivots back to strategic cyberespionage
The APT43 group is highly adept at using social engineering to target individuals and extract sensitive information.
The Hacker News
North Korean APT43 Group Uses Cybercrime to Fund Espionage Operations
APT43, a moderately-sophisticated cyber operator that supports North Korea's regime, engages in financially-motivated cybercrime to fund its operation
Bleeping Computer
Newly exposed APT43 hacking group targeting US orgs since 2018
A new North Korean hacking group has been revealed to be targeting government organizations, academics, and think tanks in the United States, Europe, Japan, and South Korea for the past five years.
Infosecurity News
Experts Warn of Self-Funding North Korean Group APT43
Mandiant says unit is focused on espionage and crypto theft
Infosecurity News
US and Korean Agencies Issue Warning on North Korean Cyber-Attacks
The advisory identifies several actors: Kimsuky, Thallium, APT43, Velvet Chollima and Black Banshee
Bleeping Computer
NSA warns of North Korean hackers exploiting weak DMARC email policies
The NSA and FBI warned that the APT43 North Korea-linked hacking group exploits weak email Domain-based Message Authentication Reporting and Conformance (DMARC) policies to mask spearphishing attacks.
DarkReading
North Korea's Kimsuky Evolves into Full-Fledged, Prolific APT
In cyberattacks against the US, South Korea, and Japan, the group (aka APT43 or Thallium) is using advanced social engineering and cryptomining tactics that set it apart from other threat actors.
The Hacker News
North Korea's Kimsuky Group Mimics Key Figures in Targeted Cyber Attacks
North Korea's Kimsuky group, a.k.a APT43, wields spear-phishing campaigns and is leveraging social engineering to compromise high-value targets.
Bleeping Computer
NSA and FBI: Kimsuky hackers pose as journalists to steal intel
State-sponsored North Korean hacker group Kimsuky (a.ka. APT43) has been impersonating journalists and academics for spear-phishing campaigns to collect intelligence from think tanks, research centers, academic institutions, and various media organizations.
SecurityWeek
US Sanctions North Korean Cyberespionage Group Kimsuky
The US has announced sanctions against North Korean cyberespionage group Kimsuky over its intelligence gathering activities.
The Record
US sanctions North Korean ‘Kimsuky’ hackers after surveillance satellite launch
The U.S. partnered with several nations in the Pacific to hand down sanctions on North Korea — particularly the country’s Kimsuky cyber espionage group — after the country launched a surveillance satellite last week.
The Hacker News
Google TAG Warns of North Korean-linked ARCHIPELAGO Cyberattacks
North Korean-backed threat actor ARCHIPELAGO targets South Korean & US government, military, and policy experts.
The Hacker News
Lazarus Group Targeting Defense Experts with Fake Interviews via Trojanized VNC Apps
Korean hacking group Lazarus Group targets defense industry and nuclear engineers with fake job interviews, using trojanized VNC apps to steal data an
The Hacker News
North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms
North Korean hackers have unleashed a new Golang malware called "Durian" in targeted attacks against South Korean crypto firms.
Cyber Security News
Google VS North Korean APT - How Google Fight With Gov-Backed NK APT Hackers
Google's TAG released defensive measures that followed to protect users from the infamous Noth Korean government-backed APT hackers attacks.
The Hacker News
New SuperBear Trojan Emerges in Targeted Phishing Attack on South Korean Activists
Did you know about SuperBear? A recent phishing attack in South Korea exposed this dangerous remote access trojan. Read how this remote access trojan
Security Affairs
US govt sanctioned North Korea-linked APT Kimsuky
The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions against North Korea-linked APT group Kimsuky.
Infosecurity News
South Korean Lures Used to Deploy ROKRAT Malware
This shift is not exclusive to ROKRAT but represents a larger trend that became popular in 2022
Infosecurity News
North Korean Group Kimsuky Exploits DMARC and Web Beacons
Proofpoint confirmed Kimsuky has directly contacted foreign policy experts since 2023 through seemingly benign email conversations
Infosecurity News
North Korean APT Group Kimsuky Expands Social Engineering Tactics
SentinelOne said the campaign specifically targets experts in North Korean affairs
Security Affairs
N. Korean Kimsuky APT targets S. Korea-US military exercises
North Korea-linked APT Kimsuky launched a spear-phishing campaign targeting US contractors working at the war simulation centre. North Korea-linked APT group Kimsuky carried out a spear-phishing campaign against US contractors involved in a joint U.S.-South Korea military exercise. The news was reported by the South Korean police on Sunday, the law enforcement also added that […]
The Hacker News
N. Korean Kimsuky Hackers Using New Recon Tool ReconShark in Latest Cyberattacks
North Korean hackers Kimsuky using new ReconShark reconnaissance tool to target individuals via spear-phishing.
The Hacker News
Konni Group Using Russian-Language Malicious Word Docs in Latest Attacks
Threat actor Konni, potentially tied to North Korea, deploys RAT in cyber espionage using Russian Word doc, exploiting WinRAR flaw.
Bleeping Computer
US govt sanctions North Korea’s Kimsuky hacking group
The Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned the North Korean-backed Kimsuky hacking group for stealing intelligence in support of the country's strategic goals.
The Hacker News
Kimsuky's New Golang Stealer 'Troll' and 'GoBear' Backdoor Target South Korea
North Korean APT Kimsuky caught using new Golang-based info stealer "Troll Stealer" and malware "GoBear," both signed with stolen certificates.
Bleeping Computer
Critical infrastructure also hit by supply chain attack behind 3CX breach
The X_Trader software supply chain attack that led to last month's 3CX breach has also impacted at least several critical infrastructure organizations in the United States and Europe, according to Symantec's Threat Hunter Team.
Bleeping Computer
JumpCloud hack linked to North Korea after OPSEC mistake
A hacking unit of North Korea's Reconnaissance General Bureau (RGB) was linked to the JumpCloud breach after the attackers made an operational security (OPSEC) mistake, inadvertently exposing their real-world IP addresses.
The Hacker News
U.S. Treasury Sanctions North Korean Kimsuky Hackers and 8 Foreign Agents
OFAC sanctions North Korea-linked group Kimsuky and 8 agents for supporting WMD programs.
SC Magazine
North Korea’s Kimsuky gang joins rush to exploit new ScreenConnect bugs
The attacks are deploying ToddlerShark, a new variant of a malware strain linked to the threat group.
The Hacker News
Ransomware Hackers and Scammers Utilizing Cloud Mining to Launder Cryptocurrency
New findings reveal that ransomware actors, cryptocurrency scammers, and nation-state hackers are exploiting cloud mining services to launder.
SecurityWeek
US Says North Korean Hackers Exploiting Weak DMARC Settings
The US government warns of a North Korean threat actor abusing weak email DMARC settings to hide spear-phishing attacks.
The Hacker News
NSA, FBI Alert on N. Korean Hackers Spoofing Emails from Trusted Sources
U.S. government warns of North Korean hackers sending spoofed emails to gather intelligence.
CSO
OpSec slip-up reveals the threat actor behind JumpCloud hack
Mandiant research has attributed the hack to UNC4899, a Democratic People’s Republic of Korea (DPRK) threat actor, with a history of targeting companies within the cryptocurrency vertical.
SC Magazine
FBI warns of email spoofing by North Korean threat actor Kimsuky
The state-sponsored group is exploiting weak DMARC policies to impersonate legitimate domains.
Security Affairs
North Korea-linked Kimsuky APT uses new recon tool ReconShark
North Korea-linked APT group Kimsuky has been observed using a new reconnaissance tool dubbed ReconShark in a recent campaign. SentinelOne researchers observed an ongoing campaign from North Korea-linked Kimsuky Group that is using a new malware called ReconShark. The reconnaissance tool is delivered through spear-phishing emails, OneDrive links leading to document weaponized downloads, and the execution of malicious […]
DarkReading
North Korea's Kimsuky APT Keeps Growing, Despite Public Outing
Kim Jong Un's Swiss Army knife APT continues to spread its tendrils around the world, showing it's not intimidated by the researchers closing in.
Security Affairs
North Korea-linked APT breached the Seoul National University Hospital
The Korean National Police Agency (KNPA) warns that a North Korea-linked APT group had breached the Seoul National University Hospital (SNUH). The Korean National Police Agency (KNPA) revealed that a North Korea-linked APT group has breached one of the largest hospitals in the country, the Seoul National University Hospital (SNUH). The security breach took place […]
The Hacker News
North Korean Hackers Targeting Crypto Experts with KANDYKORN macOS Malware
State-sponsored North Korean hackers are using a sneaky macOS malware called KANDYKORN to target crypto engineers via Discord.
Bleeping Computer
3CX hack caused by trading software supply chain attack
An investigation into last month's 3CX supply chain attack discovered that it was caused by another supply chain compromise where suspected North Korean attackers breached the site of stock trading automation company Trading Technologies to push trojanized software builds.
Security Affairs
Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group
Google’s Threat Analysis Group (TAG) warns of a North Korea-linked cyberespionage group tracked as ARCHIPELAGO. Google’s Threat Analysis Group (TAG) is warning of the North Korea-linked ARCHIPELAGO group that is targeting government and military personnel, think tanks, policy makers, academics, and researchers in South Korea, the US and elsewhere. Google experts are tracking ARCHIPELAGO since […]
Security Affairs
Kimsuky APT poses as journalists and broadcast writers in its attacks
North Korea-linked APT group Kimsuky is posing as journalists to gather intelligence, a joint advisory from NSA and FBI warns. A joint advisory from the FBI, the U.S. Department of State, the National Security Agency (NSA), South Korea’s National Intelligence Service (NIS), National Police Agency (NPA), and the Ministry of Foreign Affairs (MOFA), warns that North-Korea-linked Kimsuky APT […]
The Hacker News
Microsoft Warns of North Korean Attacks Exploiting JetBrains TeamCity Flaw
North Korean threat actors known as Diamond Sleet and Onyx Sleet are exploiting a critical security flaw in JetBrains TeamCity to breach servers.
Bleeping Computer
Kimsuky hackers use new recon tool to find security gaps
The North Korean Kimsuky hacking group has been observed employing a new version of its reconnaissance malware, now called 'ReconShark,' in a cyberespionage campaign with a global reach.
DarkReading
North Korea-Linked Group Levels Multistage Cyberattack on South Korea
Kimsuky-attributed campaign uses eight steps to compromise systems — from initial execution to downloading additional code from Dropbox, and executing code to establish stealth and persistence.
The Hacker News
Lazarus Group Using Log4j Exploits to Deploy Remote Access Trojans
Lazarus Group launched a new global campaign involves exploiting security flaws in Log4j to deploy previously undocumented RAT on compromised hosts.
Security Affairs
Experts detail a new Kimsuky social engineering campaign
North Korea-linked APT Kimsuky has been linked to a social engineering campaign aimed at experts in North Korean affairs. SentinelLabs researchers uncovered a social engineering campaign by the North Korea-linked APT group Kimsuky that is targeting experts in North Korean affairs. The attacks are part of a broader campaign recently detailed in a joint advisory published by […]
DarkReading
North Korea's State-Sponsored APTs Organize & Align
An unprecedented collaboration by various APTs within the DPKR makes them harder to track, setting the stage for aggressive, complex cyberattacks that demand strategic response efforts, Mandiant warns.
Security Affairs
North Korean Kimsuky used a new Linux backdoor in recent attacks
Symantec warns of a new Linux backdoor used by the North Korea-linked Kimsuky APT in a recent campaign against organizations in South Korea.
The Hacker News
Lazarus Subgroup Targeting Apple Devices with New RustBucket macOS Malware
BlueNoroff, a suspected subgroup of Lazarus Group, is now targeting Apple's macOS with new malware RustBucket, highlighting hackers' expanding toolset
The Hacker News
North Korean Nation-State Actors Exposed in JumpCloud Hack After OPSEC Blunder
North Korean state actors linked to the RGB have been identified in the JumpCloud hack! An OPSEC mistake exposed their IP address.