Security News

Hackers linked to North Korea are targeting security researchers with an elaborate social-engineering campaign that sets up trusted relationships with them - and then infects their organizations' systems with custom backdoor malware. The effort includes attackers going so far as to set up their own research blog, multiple Twitter profiles and other social-media accounts in order to look like legitimate security researchers themselves, according to a blog post by TAG's Adam Weidermann.

North Korea's hackers homed in on specific infosec researchers and infected their systems with a backdoor after luring them to a suspicious website, Google revealed on Monday. "The researchers have followed a link on Twitter to a write-up hosted on blog.br0vvnn[.]io, and shortly thereafter, a malicious service was installed on the researcher's system and an in-memory backdoor would begin beaconing to an actor-owned command and control server," said Googler Adam Weidemann.

A North Korean hacking group has been found deploying the RokRat Trojan in a new spear-phishing campaign targeting the South Korean government. Attributing the attack to APT37, Malwarebytes said it identified a malicious document last December that, when opened, executes a macro in memory to install the aforementioned remote access tool.

In 1965, Gordon Moore published a short informal paper, Cramming more components onto integrated circuits. Based on not much more but these few data points and his knowledge of silicon chip development - he was head of R&D at Fairchild Semiconductors, the company that was to seed Silicon Valley - he said that for the next decade, component counts by area could double every year.

Netskope announced the expansion of the Netskope NewEdge network with a new data center in Seoul, South Korea. Serving millions of enterprise users around the world, Netskope NewEdge is a carrier-grade, security private cloud network that is reserved exclusively for Netskope customers.

The North Korea-linked threat actor known as Lazarus has been targeting users in South Korea through a supply chain attack that involves software typically required by government and financial organizations, ESET reported on Monday. Lazarus is the most well known hacker group that is believed to be operating on behalf of the North Korean government, with attacks ranging from espionage to profit-driven operations.

Cybersecurity researchers took the wraps off a novel supply chain attack in South Korea that abuses legitimate security software and stolen digital certificates to distribute remote administration tools on target systems. Attributing the operation to the Lazarus Group, also known as Hidden Cobra, Slovak internet security company ESET said the state-sponsored threat actor leveraged the mandatory requirement that internet users in the country must install additional security software in order to avail Internet banking and essential government services.

The North Korean advanced persistent threat group known as Kimsuky is actively attacking commercial-sector businesses, often by posing as South Korean reporters, according to an alert from the U.S. Cybersecurity and Infrastructure Security Agency. Kimsuky has been operating as a cyberespionage group since 2012 under the auspices of the regime in Pyongyang.

Kaspersky observed several dozen victims who received components from the MosaicRegressor framework between 2017 and 2019 - all of whom had ties to North Korea. "UEFI firmware makes for a perfect mechanism of persistent malware storage," Kaspersky researchers explained.

A threat actor linked to China has used UEFI malware based on code from Hacking Team in attacks aimed at organizations with an interest in North Korea, Kaspersky reported on Monday. Kaspersky researchers analyzed the malware and the malicious activity after stumbling upon several suspicious UEFI firmware images.