Security News

North Korean Hackers Uncovered as Mastermind in 3CX Supply Chain Attack
2023-04-12 04:06

Enterprise communications service provider 3CX confirmed that the supply chain attack targeting its desktop application for Windows and macOS was the handiwork of a threat actor with North Korean nexus. It's worth noting that cybersecurity firm CrowdStrike has attributed the attack to a Lazarus sub-group dubbed Labyrinth Chollima, citing tactical overlaps.

3CX confirms North Korean hackers behind supply chain attack
2023-04-11 16:08

VoIP communications company 3CX confirmed today that a North Korean hacking group was behind last month's supply chain attack. "Based on the Mandiant investigation into the 3CX intrusion and supply chain attack thus far, they attribute the activity to a cluster named UNC4736. Mandiant assesses with high confidence that UNC4736 has a North Korean nexus," 3CX CISO Pierre Jourdan said today.

Google TAG Warns of North Korean-linked ARCHIPELAGO Cyberattacks
2023-04-05 12:19

A North Korean government-backed threat actor has been linked to attacks targeting government and military personnel, think tanks, policy makers, academics, and researchers in South Korea and the U.S. Google's Threat Analysis Group is tracking the cluster under the name ARCHIPELAGO, which it said is a subset of another threat group tracked by Mandiant under the name APT43. The tech giant said it began monitoring the group in 2012, adding it has "Observed the group target individuals with expertise in North Korea policy issues such as sanctions, human rights, and non-proliferation issues."

Another year, another North Korean malware-spreading, crypto-stealing gang named
2023-03-30 04:40

Google Cloud's recently acquired security outfit Mandiant has named a new nasty from North Korea: a cyber crime gang it calls APT43 and accuses of a five-year rampage. "Mandiant assesses with high confidence that APT43 is a moderately sophisticated cyber operator that supports the interests of the North Korean regime," states a report on the gang released on Wednesday.

North Korean APT43 Group Uses Cybercrime to Fund Espionage Operations
2023-03-29 05:32

A new North Korean nation-state cyber operator has been attributed to a series of campaigns orchestrated to gather strategic intelligence that aligns with Pyongyang's geopolitical interests since 2018. "APT43 is a prolific cyber operator that supports the interests of the North Korean regime," Mandiant researchers said in a detailed technical report published Tuesday.

North Korean hackers using Chrome extensions to steal Gmail emails
2023-03-22 15:06

A joint cybersecurity advisory from the German Federal Office for the Protection of the Constitution and the National Intelligence Service of the Republic of Korea warn about Kimsuky's use of Chrome extensions to steal target's Gmail emails. Kimsuky is a North Korean threat group that uses spear phishing to conduct cyber-espionage against diplomats, journalists, government agencies, university professors, and politicians.

North Korean UNC2970 Hackers Expands Operations with New Malware Families
2023-03-10 07:43

A North Korean espionage group tracked as UNC2970 has been observed employing previously undocumented malware families as part of a spear-phishing campaign targeting U.S. and European media and technology organizations since June 2022. UNC2970 is the new moniker designated by the threat intelligence firm to a set of North Korean cyber activity that maps to UNC577, and which also comprises another nascent threat cluster tracked as UNC4034.

North Korean ransomware attacks on healthcare fund govt operations
2023-02-10 14:35

A new cybersecurity advisory from the U.S. Cybersecurity & Infrastructure Security Agency describes recently observed tactics, techniques, and procedures observed with North Korean ransomware operations against public health and other critical infrastructure sectors. The document is a joint report from the NSA, FBI, CISA, U.S. HHS, and the Republic of Korea National Intelligence Service and Defense Security Agency, and notes that the funds extorted this way went to support North Korean government's national-level priorities and objectives.

North Korean Hackers Targeting Healthcare with Ransomware to Fund its Operations
2023-02-10 11:52

State-backed hackers from North Korea are conducting ransomware attacks against healthcare and critical infrastructure facilities to fund illicit activities, U.S. and South Korean cybersecurity and intelligence agencies warned in a joint advisory. This includes "Cyber operations targeting the United States and South Korea governments - specific targets include Department of Defense Information Networks and Defense Industrial Base member networks," the authorities said.

North Korean hackers stole research data in two-month-long breach
2023-02-02 17:56

A new cyber espionage campaign dubbed 'No Pineapple!' has been attributed to the North Korean Lazarus hacking group, allowing the threat actors to stealthily steal 100GB of data from the victim without causing any destruction. The campaign is named after the '' error seen transmitted by a remote access malware when uploading stolen data to the threat actor's servers.