Security News

Griffith, who worked as a special projects dev and researcher for the Ethereum Foundation, was arrested in November 2019 by the FBI. Advice on how to evade sanctions and launder money. His arrest happened after he traveled to North Korea to give a presentation on how to use cryptocurrency and blockchain tech to launder money and evade sanctions.

South Korean officials have admitted that government nuclear think tank Korea Atomic Energy Research Institute was hacked in May 2021 by North Korea's Kimsuky group. Malware analyst group IssueMakersLab said in a report that it detected an attack on KAERI on May 14th. The attack saw incoming heat from 13 internet addresses, of which one was traceable to Kimsuky.

South Korea's state-run Korea Atomic Energy Research Institute on Friday disclosed that its internal network was infiltrated by suspected attackers operating out of its northern counterpart. KAERI, established in 1959 and situated in the city of Daejeon, is a government-funded research institute that designs and develops nuclear technologies related to reactors, fuel rods, radiation fusion, and nuclear safety.

Nuclear-armed North Korea is advancing on the front lines of cyberwarfare, analysts say, stealing billions of dollars and presenting a clearer and more present danger than its banned weapons programmes. Pyongyang is under multiple international sanctions over its atomic bomb and ballistic missile programmes, which have seen rapid progress under North Korean leader Kim Jong Un. But while the world's diplomatic focus has been on its nuclear ambitions, the North has been quietly and steadily building up its cyber capabilities, and analysts say its army of thousands of well-trained hackers are proving to be just as dangerous.

State-sponsored hackers affiliated with North Korea have been behind a slew of attacks on cryptocurrency exchanges over the past three years, new evidence has revealed. Attributing the attack with "Medium-high" likelihood to the Lazarus Group, researchers from Israeli cybersecurity firm ClearSky said the campaign, dubbed "CryptoCore," targeted crypto exchanges in Israel, Japan, Europe, and the U.S., resulting in the theft of millions of dollars worth of virtual currencies.

Excellent New Yorker article on North Korea’s offensive cyber capabilities.

North Korean hackers tried to break into the computer systems of pharmaceutical giant Pfizer in a search for information on a coronavirus vaccine and treatment technology, South Korea's spy agency said Tuesday, according to reports. The impoverished, nuclear-armed North has been under self-imposed isolation since closing its borders in January last year to try to protect itself from the virus that first emerged in neighbouring China and has gone on to sweep the world, killing more than two million people.

North Korea has modernized its nuclear weapons and ballistic missiles by flaunting United Nations sanctions, using cyberattacks to help finance its programs and continuing to seek material and technology overseas for its arsenal, U.N. experts said. The panel recommended that the Security Council impose sanctions on four North Korean men: Choe Song Chol, Im Song Sun, Pak Hwa Song, and Hwang Kil Su. The Security Council has imposed increasingly tough sanctions on North Korea since its first test explosion of a nuclear device in 2006.

Hackers linked to North Korea are targeting security researchers with an elaborate social-engineering campaign that sets up trusted relationships with them - and then infects their organizations' systems with custom backdoor malware. The effort includes attackers going so far as to set up their own research blog, multiple Twitter profiles and other social-media accounts in order to look like legitimate security researchers themselves, according to a blog post by TAG's Adam Weidermann.

North Korea's hackers homed in on specific infosec researchers and infected their systems with a backdoor after luring them to a suspicious website, Google revealed on Monday. "The researchers have followed a link on Twitter to a write-up hosted on blog.br0vvnn[.]io, and shortly thereafter, a malicious service was installed on the researcher's system and an in-memory backdoor would begin beaconing to an actor-owned command and control server," said Googler Adam Weidemann.