Security News

Lazarus Group Targeting Defense Experts with Fake Interviews via Trojanized VNC Apps
2023-10-18 14:51

The North Korea-linked Lazarus Group (aka Hidden Cobra or TEMP.Hermit) has been observed using trojanized versions of Virtual Network Computing (VNC) apps as lures to target the defense industry...

North Korea's Lazarus Group Launders $900 Million in Cryptocurrency
2023-10-06 14:56

As much as $7 billion in cryptocurrency has been illicitly laundered through cross-chain crime, with the North Korea-linked Lazarus Group linked to the theft of roughly $900 million of those...

Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm
2023-09-29 12:10

The North Korea-linked Lazarus Group has been linked to a cyber espionage attack targeting an unnamed aerospace company in Spain in which employees of the firm were approached by the threat actor...

North Korea's Lazarus Group Suspected in $31 Million CoinEx Heist
2023-09-17 06:32

The North Korea-affiliated Lazarus Group has stolen nearly $240 million in cryptocurrency since June 2023, marking a significant escalation of its hacks. According to multiple reports from Certik, Elliptic, and ZachXBT, the infamous hacking group is said to be suspected behind the theft of $31 million in digital assets from the CoinEx exchange on September 12, 2023.

Researchers Warn of Cyber Weapons Used by Lazarus Group's Andariel Cluster
2023-09-05 10:15

The North Korean threat actor known as Andariel has been observed employing an arsenal of malicious tools in its cyber assaults against corporations and organizations in the southern counterpart. Ariel, also known by the names Nicket Hyatt or Silent Chollima, is a sub-cluster of the Lazarus Group that's known to be active since at least 2008.

Cisco Talos Research: New Lazarus Group Attack Malware Campaign Hits UK & US Businesses
2023-08-25 22:04

The Cisco Talos report exposes new malware used by the group to target Internet backbone infrastructure and healthcare organizations in the U.K. and the U.S. Two reports from cybersecurity company Cisco Talos provide intelligence about a new attack campaign from the North Korean threat actor Lazarus. The researchers observed the Lazarus group successfully compromise an internet backbone infrastructure provider in the U.K. in early 2023, deploying a new malware dubbed QuiteRAT. The initial compromise was done via exploitation of the CVE-2022-47966 vulnerability, which affects Zoho's ManageEngine ServiceDesk.

Lazarus Group exploited ManageEngine vulnerability to target critical infrastructure
2023-08-25 12:18

North Korean state-sponsored hackers Lazarus Group have been exploiting a ManageEngine ServiceDesk vulnerability to target internet backbone infrastructure and healthcare institutions in Europe and the US. The group leveraged the vulnerability to deploy QuiteRAT, downloaded from an IP address previously associated with the Lazarus hacking group. The malware Cisco Talos researchers dubbed QuiteRAT is a simple remote access trojan that's similar to Lazarus Group's MagicRAT malware, only smaller in size.

Lazarus Group Exploits Critical Zoho ManageEngine Flaw to Deploy Stealthy QuiteRAT Malware
2023-08-24 15:16

The North Korea-linked threat actor known as Lazarus Group has been observed exploiting a now-patched critical security flaw impacting Zoho ManageEngine ServiceDesk Plus to distribute a remote access trojan called such as QuiteRAT. Targets include internet backbone infrastructure and healthcare entities in Europe and the U.S., cybersecurity company Cisco Talos said in a two-part analysis published today. What's more, a closer examination of the adversary's recycled attack infrastructure in its cyber assaults on enterprises has led to the discovery of a new threat dubbed CollectionRAT. The fact that the Lazarus Group continues to rely on the same tradecraft despite those components being well-documented over the years underscores the threat actor's confidence in their operations, Talos pointed out.

North Korea's Lazarus Group linked to Atomic Wallet heist
2023-06-08 23:04

The North Korean criminal gang Lazarus Group has been blamed for last weekend's attack on Atomic Wallet that drained at least $35 million in cryptocurrency from private accounts. The researchers added that the "Stolen assets are being laundered using specific services, including the Sinbad mixer, which have also been used to launder the proceeds of past hacks perpetrated by the Lazarus Group." In addition, the stolen assets were mingled in wallets that also hold cryptocurrency stolen in previous attacks by the Lazarus Group.

N. Korean Lazarus Group Targets Microsoft IIS Servers to Deploy Espionage Malware
2023-05-24 07:30

The infamous Lazarus Group actor has been targeting vulnerable versions of Microsoft Internet Information Services servers as an initial breach route to deploy malware on targeted systems. The findings come from the AhnLab Security Emergency response Center, which detailed the advanced persistent threat's continued abuse of DLL side-loading techniques to deploy malware.