Security News

North Korean Hackers Deploying New MagicRAT Malware in Targeted Campaigns
2022-09-07 12:10

The prolific North Korean nation-state actor known as the Lazarus Group has been linked to a new remote access trojan called MagicRAT. The previously unknown piece of malware is said to have been deployed in victim networks that had been initially breached via successful exploitation of internet-facing VMware Horizon servers, Cisco Talos said in a report shared with The Hacker News. Lazarus Group, also known as APT38, Dark Seoul, Hidden Cobra, and Zinc, refers to a cluster of financial motivated and espionage-driven cyber activities undertaken by the North Korean government as a means to sidestep sanctions imposed on the country and meet its strategic objectives.

Shout-out to whoever went to Black Hat and had North Korean malware on their PC
2022-08-25 09:24

The folks tasked with defending the Black Hat conference network see a lot of weird, sometimes hostile activity, and this year it included malware linked to Kim Jong-un's agents. Of course, not all of the malware detected at Black Hat is intended to infect devices and perform nefarious acts - some of it stems from simulated attacks in classrooms and on the show floor.

North Korean hackers use signed macOS malware to target IT job seekers
2022-08-17 17:01

North Korean hackers from the Lazarus group have been using a signed malicious executable for macOS to impersonate Coinbase and lure in employees in the financial technology sector. Lazarus hackers have used fake job offers in the past and in a recent operation they used malware disguised as a PDF file with details about a position at Coinbase.

Experts Uncover Details on Maui Ransomware Attack by North Korean Hackers
2022-08-11 03:56

The first ever incident possibly involving the ransomware family known as Maui occurred on April 15, 2021, aimed at an unnamed Japanese housing company. The disclosure from Kaspersky arrives a month after U.S. cybersecurity and intelligence agencies issued an advisory about the use of the ransomware strain by North Korean government-backed hackers to target the healthcare sector since at least May 2021.

Maui ransomware linked to North Korean group Andariel
2022-08-10 18:14

The Maui ransomware that has been used against US healthcare operations has been linked to Andariel, a North Korean state-sponsored threat with links to the notorious Lazarus Group. Ariel has been active since 2015, running attacks to steal data and bring in revenue for the North Korean regime.

Maui ransomware operation linked to North Korean 'Andariel' hackers
2022-08-09 15:00

The Maui ransomware operation has been linked to the North Korean state-sponsored hacking group 'Andariel,' known for using malicious cyber activities to generate revenue and causing discord in South Korea. State-sponsored North Korean hackers are notorious for orchestrating campaigns with financial motives, so running their own ransomware operation matches their overall strategic goals.

US sanctions crypto mixer Tornado Cash used by North Korean hackers
2022-08-08 15:21

The U.S. Treasury Department's Office of Foreign Assets Control sanctioned Tornado Cash today, a decentralized cryptocurrency mixer service used to launder more than $7 billion since its creation in 2019. The North Korean-backed APT Lazarus Group also used the crypto mixer to launder approximately $455 million stolen in the largest known cryptocurrency heist ever.

North Korean hackers target crypto experts with fake Coinbase job offers
2022-08-07 15:14

A new social engineering campaign by the notorious North Korean Lazarus hacking group has been discovered, with the hackers impersonating Coinbase to target employees in the fintech industry. A common tactic the hacking group uses is to approach targets over LinkedIn to present a job offer and hold a preliminary discussion as part of a social engineering attack.

North Korean Hackers Using Malicious Browser Extension to Spy on Email Accounts
2022-08-01 04:14

A threat actor operating with interests aligned with North Korea has been deploying a malicious extension on Chromium-based web browsers that's capable of stealing email content from Gmail and AOL. Cybersecurity firm Volexity attributed the malware to an activity cluster it calls SharpTongue, which is said to share overlaps with an adversarial collective publicly referred to under the name Kimsuky. SharpTongue has a history of singling out individuals working for organizations in the U.S., Europe, and South Korea who "Work on topics involving North Korea, nuclear issues, weapons systems, and other matters of strategic interest to North Korea," researchers Paul Rascagneres and Thomas Lancaster said.

U.S. Offers $10 Million Reward for Information on North Korean Hackers
2022-07-29 02:58

The U.S. State Department has announced rewards of up to $10 million for any information that could help disrupt North Korea's cryptocurrency theft, cyber-espionage, and other illicit state-backed activities. "If you have information on any individuals associated with the North Korean government-linked malicious cyber groups and who are involved in targeting U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act, you may be eligible for a reward," the department said in a tweet.