Security News

The prolific North Korean nation-state actor known as the Lazarus Group has been linked to a new remote access trojan called MagicRAT. The previously unknown piece of malware is said to have been deployed in victim networks that had been initially breached via successful exploitation of internet-facing VMware Horizon servers, Cisco Talos said in a report shared with The Hacker News. Lazarus Group, also known as APT38, Dark Seoul, Hidden Cobra, and Zinc, refers to a cluster of financial motivated and espionage-driven cyber activities undertaken by the North Korean government as a means to sidestep sanctions imposed on the country and meet its strategic objectives.

The folks tasked with defending the Black Hat conference network see a lot of weird, sometimes hostile activity, and this year it included malware linked to Kim Jong-un's agents. Of course, not all of the malware detected at Black Hat is intended to infect devices and perform nefarious acts - some of it stems from simulated attacks in classrooms and on the show floor.

North Korean hackers from the Lazarus group have been using a signed malicious executable for macOS to impersonate Coinbase and lure in employees in the financial technology sector. Lazarus hackers have used fake job offers in the past and in a recent operation they used malware disguised as a PDF file with details about a position at Coinbase.

The first ever incident possibly involving the ransomware family known as Maui occurred on April 15, 2021, aimed at an unnamed Japanese housing company. The disclosure from Kaspersky arrives a month after U.S. cybersecurity and intelligence agencies issued an advisory about the use of the ransomware strain by North Korean government-backed hackers to target the healthcare sector since at least May 2021.

The Maui ransomware that has been used against US healthcare operations has been linked to Andariel, a North Korean state-sponsored threat with links to the notorious Lazarus Group. Ariel has been active since 2015, running attacks to steal data and bring in revenue for the North Korean regime.

The Maui ransomware operation has been linked to the North Korean state-sponsored hacking group 'Andariel,' known for using malicious cyber activities to generate revenue and causing discord in South Korea. State-sponsored North Korean hackers are notorious for orchestrating campaigns with financial motives, so running their own ransomware operation matches their overall strategic goals.

The U.S. Treasury Department's Office of Foreign Assets Control sanctioned Tornado Cash today, a decentralized cryptocurrency mixer service used to launder more than $7 billion since its creation in 2019. The North Korean-backed APT Lazarus Group also used the crypto mixer to launder approximately $455 million stolen in the largest known cryptocurrency heist ever.

A new social engineering campaign by the notorious North Korean Lazarus hacking group has been discovered, with the hackers impersonating Coinbase to target employees in the fintech industry. A common tactic the hacking group uses is to approach targets over LinkedIn to present a job offer and hold a preliminary discussion as part of a social engineering attack.

A threat actor operating with interests aligned with North Korea has been deploying a malicious extension on Chromium-based web browsers that's capable of stealing email content from Gmail and AOL. Cybersecurity firm Volexity attributed the malware to an activity cluster it calls SharpTongue, which is said to share overlaps with an adversarial collective publicly referred to under the name Kimsuky. SharpTongue has a history of singling out individuals working for organizations in the U.S., Europe, and South Korea who "Work on topics involving North Korea, nuclear issues, weapons systems, and other matters of strategic interest to North Korea," researchers Paul Rascagneres and Thomas Lancaster said.

The U.S. State Department has announced rewards of up to $10 million for any information that could help disrupt North Korea's cryptocurrency theft, cyber-espionage, and other illicit state-backed activities. "If you have information on any individuals associated with the North Korean government-linked malicious cyber groups and who are involved in targeting U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act, you may be eligible for a reward," the department said in a tweet.