Security News

Trojanized Security Software Hits South Korea Users in Supply-Chain Attack
2020-11-16 02:29

Cybersecurity researchers took the wraps off a novel supply chain attack in South Korea that abuses legitimate security software and stolen digital certificates to distribute remote administration tools on target systems. Attributing the operation to the Lazarus Group, also known as Hidden Cobra, Slovak internet security company ESET said the state-sponsored threat actor leveraged the mandatory requirement that internet users in the country must install additional security software in order to avail Internet banking and essential government services.

North Korea-Backed Spy Group Poses as Reporters in Spearphishing Attacks, Feds Warn
2020-10-28 12:32

The North Korean advanced persistent threat group known as Kimsuky is actively attacking commercial-sector businesses, often by posing as South Korean reporters, according to an alert from the U.S. Cybersecurity and Infrastructure Security Agency. Kimsuky has been operating as a cyberespionage group since 2012 under the auspices of the regime in Pyongyang.

Rare Bootkit Malware Targets North Korea-Linked Diplomats
2020-10-05 17:12

Kaspersky observed several dozen victims who received components from the MosaicRegressor framework between 2017 and 2019 - all of whom had ties to North Korea. "UEFI firmware makes for a perfect mechanism of persistent malware storage," Kaspersky researchers explained.

China-Linked Hackers Used UEFI Malware in North Korea-Themed Attacks
2020-10-05 14:40

A threat actor linked to China has used UEFI malware based on code from Hacking Team in attacks aimed at organizations with an interest in North Korea, Kaspersky reported on Monday. Kaspersky researchers analyzed the malware and the malicious activity after stumbling upon several suspicious UEFI firmware images.

North Korea ATM Hack
2020-09-01 06:17

This joint advisory is the result of analytic efforts among the Cybersecurity and Infrastructure Security Agency, the Department of the Treasury, the Federal Bureau of Investigation and U.S. Cyber Command. Working with U.S. government partners, CISA, Treasury, FBI, and USCYBERCOM identified malware and indicators of compromise used by the North Korean government in an automated teller machine cash-out scheme­ - referred to by the U.S. Government as "FASTCash 2.0: North Korea's BeagleBoyz Robbing Banks."

BeagleBoyz: 2020's hottest country-rap band, or N. Korea hackers stealing millions. Only one way to find out...
2020-08-28 01:36

North Korean government hackers dubbed the BeagleBoyz are trying to electronically rob banks, the United States warned this week. In one such successful instance, they swiped $81m from the Bank of Bangladesh in 2016, a theft previously attributed to North Korea.

U.S. Army Report Describes North Korea's Cyber Warfare Capabilities
2020-08-18 12:55

A report published recently by the U.S. Army describes North Korea's cyber warfare capabilities and provides information on various units and their missions. In terms of computer warfare, the Army says North Korea primarily conducts these types of attacks because they represent a low-cost and low-risk method for targeting the enemy's computers, they can be used to counter the enemy's superior conventional military capabilities, and they can "Upset the status quo with little fear of retaliation."

EU sanctions hackers from China, Russia, North Korea who're wanted by the FBI
2020-07-31 06:47

The Council of the European Union has imposed its first-ever sanctions against persons or entities involved in various cyber-attacks targeting European citizens, and its member states. Out of the six individuals sanctioned by the EU include two Chinese citizens and four Russian nationals.

Magecart Attacks on Claire's and Other U.S. Stores Linked to North Korea
2020-07-06 12:44

Hackers linked to the North Korean government appear to be behind the Magecart attacks on fashion retailer Claire's and other online stores, Netherlands-based e-commerce security company Sansec reported on Monday. Threat actors linked to North Korea have been known to launch - in addition to espionage and destructive campaigns - financially-motivated attacks, including against cryptocurrency exchanges and banks.

Aerospace, Military Hit in Ongoing Espionage Campaign Linked to North Korea
2020-06-17 11:16

Organizations in the aerospace and military sectors were compromised in a highly targeted cyber-espionage campaign that shows a possible link to North Korean hackers, ESET reveals. The threat actor behind these attacks remains unknown, but ESET believes it could be linked to the infamous North Korean state-sponsored group Lazarus, based on targeting, the use of fake LinkedIn accounts, development tools, and anti-analysis methods.