Security News

Lazarus Group Adds Linux Malware to Arsenal in Operation Dream Job
2023-04-20 11:56

The notorious North Korea-aligned state-sponsored actor known as the Lazarus Group has been attributed to a new campaign aimed at Linux users. The attacks are part of a persistent and long-running activity tracked under the name Operation Dream Job, ESET said in a new report published today.

Lazarus Group Exploits Zero-Day Vulnerability to Hack South Korean Financial Entity
2023-03-08 10:34

The North Korea-linked Lazarus Group has been observed weaponizing flaws in an undisclosed software to breach a financial business entity in South Korea twice within a span of a year. While the first attack in May 2022 entailed the use of a vulnerable version of a certificate software that's widely used by public institutions and universities, the re-infiltration in October 2022 involved the exploitation of a zero-day in the same program.

Lazarus Group Likely Using New WinorDLL64 Backdoor to Exfiltrate Sensitive Data
2023-02-23 11:47

A new backdoor associated with a malware downloader named Wslink has been discovered, with the tool likely used by the notorious North Korea-aligned Lazarus Group, new findings reveal. The payload, dubbed WinorDLL64 by ESET, is a fully-featured implant that can exfiltrate, overwrite, and delete files; execute PowerShell commands; and obtain comprehensive information about the underlying machine.

FBI catches up with infosec and crypto communities, blames Lazarus Group for $100 million heist
2023-01-25 01:45

The FBI has confirmed what cybersecurity researchers have been saying for months: the North Korean-sponsored Lazarus Group was behind the theft last year of $100 million in crypto assets from blockchain startup Harmony. In its January 23 statement on the matter, the FBI said the attack on Harmony was part of a North Korean malware campaign named "TraderTraitor."

Crypto exchanges freeze accounts tied to North Korea’s notorious Lazarus Group
2023-01-17 06:29

Two cryptocurrency exchanges have frozen accounts identified as having been used by North Korea's notorious Lazarus Group. Lazarus Group is identified suspected of being a cybercrime crew run by the government of North Korea and is infamous for the WannaCry ransomware, attacking Sony Pictures and stealing secrets from energy companies.

Lazarus Group unleashed a MagicRAT to spy on energy providers
2022-09-08 12:00

The North Korean state-sponsored crime ring Lazarus Group is behind a new cyberespionage campaign with the goal to steal data and trade secrets from energy providers across the US, Canada and Japan, according to Cisco Talos. The Lazarus Group is perhaps best known for the infamous WannaCry attacks and a ton of cryptocurrency theft.

Crypto sleuths pin $100 million Harmony theft on Lazarus Group
2022-07-01 18:11

Investigators at a blockchain analysis outfit have linked the theft of $100 million in crypto assets last week to the notorious North Korean-based cybercrime group Lazarus. Blockchain startup Harmony announced June 23 that its Horizon Bridge - a cross-chain bridge service used to transfer assets between Harmony's blockchain and other blockchains - had been attacked and crypto assets like Ethereum, Wrapped Bitcoin, Binance Coin, and Tether stolen.

VHD Ransomware Linked to North Korea’s Lazarus Group
2022-05-05 12:20

Cryptocurrency thief Lazarus Group appears to be widening its scope into using ransomware as a way to rip off financial institutions and other targets in the Asia-Pacific region, researchers have found. Financial transactions and similarities to previous malware in its source code link a recently emerged ransomware strain called VHD to the North Korean threat actors, also known as Unit 180 or APT35.

Lazarus Group Behind $540 Million Axie Infinity Crypto Hack and Attacks on Chemical Sector
2022-04-17 23:05

The U.S. Treasury Department has implicated the North Korea-backed Lazarus Group in the theft of $540 million from video game Axie Infinity's Ronin Network last month. The cryptocurrency heist, the second-largest cryptocurrency theft to date, involved the siphoning of 173,600 Ether and 25.5 million USD Coins from the Ronin cross-chain bridge, which allows users to transfer their digital assets from one crypto network to another, on March 23, 2022.

Lazarus Group Hits COVID-19 Vaccine-Maker in Espionage Attack
2020-12-23 19:02

The advanced persistent threat known as Lazarus Group and other sophisticated nation-state actors are actively trying to steal COVID-19 research to speed up their countries' vaccine-development efforts. That's the finding from Kaspersky researchers, who found that Lazarus Group - widely believed to be linked to North Korea - recently attacked a pharmaceutical company, as well as a government health ministry related to the COVID-19 response.