Security News

North Korean Hackers Targeting Crypto Experts with KANDYKORN macOS Malware
2023-11-01 09:02

State-sponsored threat actors from the Democratic People's Republic of Korea (DPRK) have been found targeting blockchain engineers of an unnamed crypto exchange platform via Discord with a novel...

North Korean hackers are targeting software developers and impersonating IT workers
2023-10-20 10:44

State-sponsored North Korean hackers have significantly intensified their focus on the IT sector in recent years, by infiltrating firms developing software and companies lookind for IT workers. "In past operations, Diamond Sleet and other North Korean threat actors have successfully carried out software supply chain attacks by infiltrating build environments," Microsoft noted.

U.S. DoJ Cracks Down on North Korean IT Scammers Defrauding Global Businesses
2023-10-20 05:12

The U.S. government has announced the seizure of 17 website domains used by North Korean information technology (IT) workers as part of an illicit scheme to defraud businesses across the world,...

Microsoft Warns of North Korean Attacks Exploiting JetBrains TeamCity Flaw
2023-10-19 07:11

North Korean threat actors are actively exploiting a critical security flaw in JetBrains TeamCity to opportunistically breach vulnerable servers, according to Microsoft. The attacks, which entail...

North Korean hackers exploit critical TeamCity flaw to breach networks
2023-10-18 22:33

Microsoft says that the North Korean Lazarus and Andariel hacking groups are exploiting the CVE-2023-42793 flaw in TeamCity servers to deploy backdoor malware, likely to conduct software supply chain attacks. In September, TeamCity fixed a critical 9.8/10 vulnerability tracked as CVE-2023-42793 that allowed unauthenticated attackers to remotely execute code.

Google warns infoseccers: Beware of North Korean spies sliding into your DMs
2023-09-11 00:32

ALSO: Verizon turns self in for reduced fine, malvertising comes to macOS, and this week's critical vulnerabilities In brief Watch out, cyber security researchers: Suspected North Korean-backed...

North Korean hackers target security researchers with zero-day exploit
2023-09-08 09:22

North Korean threat actors are once again attempting to compromise security researchers' machines by employing a zero-day exploit. The warning comes from Google's own security researchers Clement Lecigne and Maddie Stone, who detailed the latest campaign mounted by government-backed attackers.

North Korean Hackers Exploit Zero-Day Bug to Target Cybersecurity Researchers
2023-09-08 08:52

Threat actors associated with North Korea are continuing to target the cybersecurity community using a zero-day bug in unspecified software over the past several weeks to infiltrate their machines. A search on X shows that the now-suspended account has been active since at least October 2022, with the actor releasing proof-of-concept exploit code for high-severity privilege escalation flaws in the Windows Kernel such as CVE-2021-34514 and CVE-2022-21881.

Microsoft: North Korean hackers target Russian govt, defense orgs
2023-09-07 18:24

Microsoft says North Korean hacking groups have breached multiple Russian government and defense targets since the start of the year. "Multiple North Korean threat actors have recently targeted the Russian government and defense industry - likely for intelligence collection - while simultaneously providing material support for Russia in its war on Ukraine," said Clint Watts, the head of Microsoft's Digital Threat Analysis Center.

North Korean hackers behind malicious VMConnect PyPI campaign
2023-08-31 18:47

North Korean state-sponsored hackers are behind the VMConnect campaign that uploaded to the PyPI repository malicious packages, one of them mimicking the VMware vSphere connector module vConnector. A report today from ReversingLabs, a software supply chain security company, attributes the campaign to Labyrinth Chollima, a subgroup of North Korean Lazarus hackers.