Security News

U.S. warns of North Korean hackers posing as IT freelancers
2022-05-18 11:13

North Korean IT workers are taking advantage of the worldwide shortage of skilled individuals - as well as remote working become a logical option for these types of jobs in the current post-pandemic world - to apply for software development and other IT jobs with companies around the world. "Although DPRK IT workers normally engage in non-malicious IT work, such as the development of a virtual currency exchange or a website, they have used the privileged access gained as contractors to enable DPRK's malicious cyber intrusions," the federal agencies have noted.

U.S. Warns Against North Korean Hackers Posing as IT Freelancers
2022-05-18 05:11

Targets include financial, health, social media, sports, entertainment, and lifestyle-focused companies located in North America, Europe, and East Asia, with most of the dispatched workers situated in China, Russia, Africa, and Southeast Asia. "The North Korean government withholds up to 90 percent of wages of overseas workers which generates an annual revenue to the government of hundreds of millions of dollars," the guidance noted.

FBI warns of North Korean cyberspies posing as foreign IT workers
2022-05-17 22:58

The FBI, in a joint advisory with the US government Departments of State and Treasury, has warned that North Korea's cyberspies are posing as non-North-Korean IT workers to bag Western jobs to advance Kim Jong-un's nefarious pursuits. North Korean IT workers may accept foreign contracts and then outsource those projects to non-North-Korean folks.

North Korean devs pose as US freelancers to aid DRPK govt hackers
2022-05-17 22:16

Thousands of North Korean "Highly skilled IT workers," at the direction of or forced by their government are targeting freelance jobs at organizations in wealthier nations. In some cases, DPRK's dispatched wage earners - typically located in China, Russia, Africa, and Southeast Asia, have aided with selling data stolen in attacks from North Korean hackers.

North Korean devs pose as US freelancers and aid DRPK govt hackers
2022-05-17 22:16

Thousands of North Korean "Highly skilled IT workers," at the direction of or forced by their government are targeting freelance jobs at organizations in wealthier nations. In some cases, DPRK's dispatched wage earners - typically located in China, Russia, Africa, and Southeast Asia, have aided with selling data stolen in attacks from North Korean hackers.

US sanctions Bitcoin laundering service used by North Korean hackers
2022-05-06 15:17

The U.S. Department of Treasury today sanctioned cryptocurrency mixer Blender.io used last month by the North Korean-backed Lazarus hacking group to launder funds stolen from Axie Infinity's Ronin bridge. In the wake of the attack, Sky Mavis revealed that hackers breached the Ronin bridge on March 23 to steal 173,600 Ethereum and 25.5M USDC tokens in two transactions worth $617 million at the time, the largest cryptocurrency hack in history.

North Korean Hackers Target Journalists with GOLDBACKDOOR Malware
2022-04-26 02:53

A state-backed threat actor with ties to the Democratic People's Republic of Korea has been attributed to a spear-phishing campaign targeting journalists covering the country with the ultimate goal of deploying a backdoor on infected Windows systems. The threat actor has a track record of targeting the Republic of Korea with a noted focus on government officials, non-governmental organizations, academics, journalists, and North Korean defectors.

North Korean hackers targeting journalists with novel malware
2022-04-25 17:51

North Korean state-sponsored hackers known as APT37 have been discovered targeting journalists specializing in the DPRK with a novel malware strain. The malware is distributed through a phishing attack first discovered by NK News, an American news site dedicated to covering news and providing research and analysis about North Korea, using intelligence from within the country.

US warns North Korean Lazarus gang rising against cryptocurrency outfits
2022-04-20 10:14

Lazarus - also known as APT38, BlueNoroff, and Stardust Chollima - is casting a wide net with this campaign, with targets including cryptocurrency exchanges, decentralized finance protocols, pay-to-earn cryptocurrency video games, and crypto-coin trading companies. The TraderTraitor apps come with a range of names, such as DAFOM, which purports to be a cryptocurrency portfolio app; TokenAIS and CryptAIS, for building AI-based trading portfolios for cryptocurrencies; and Esilet, for live cryptocurrency prices.

FBI, U.S. Treasury and CISA Warn of North Korean Hackers Targeting Blockchain Companies
2022-04-19 00:02

The U.S. Cybersecurity and Infrastructure Security Agency, along with the Federal Bureau of Investigation and the Treasury Department, warned of a new set of ongoing cyber attacks carried out by the Lazarus Group targeting blockchain companies. Targeted organizations include cryptocurrency exchanges, decentralized finance protocols, play-to-earn cryptocurrency video games, cryptocurrency trading companies, venture capital funds investing in cryptocurrency, and individual holders of large amounts of cryptocurrency or valuable non-fungible tokens.