Security News

Security researchers with Intel 471 have identified connections between cyber-activities attributed to North Korean hackers and those of Russian cybercriminals. In a report published today, Intel 471 says malware that only the North Korean hackers use "Was very likely delivered via network accesses held by Russian-speaking cybercriminals."

North Korean hackers stole millions of dollars from virtual currency accounts and then laundered the stolen funds in hopes of making the crime untraceable, according to a Justice Department civil forfeiture complaint filed Thursday. It comes months after Justice Department officials accused hackers from North Korea of stealing nearly $250 million worth of virtual currency and charged two Chinese hackers with laundering more than $100 million from the hack.

Since February 2020, North Korean state-sponsored hackers have been targeting banks in multiple countries, the Cybersecurity and Infrastructure Security Agency, the Department of the Treasury, the Federal Bureau of Investigation and U.S. Cyber Command warn in a joint advisory. "The BeagleBoyz's bank robberies pose severe operational risk for individual firms beyond reputational harm and financial loss from theft and recovery costs. [] Equally concerning, these malicious actors have manipulated and, at times, rendered inoperable, critical computer systems at banks and other financial institutions," the joint advisory reads.

The BeagleBoyz, part of the North Korean government's hacking apparatus, are back to targeting banks around the world after a brief pause in activity. The US Cybersecurity and Infrastructure Security Agency has released an alert with details of how the BeagleBoyz have made off with an estimated $2 billion in fiat and cryptocurrency since 2015, along with details on how financial institutions can protect themselves against their known patterns of attack.

Infosec biz F-Secure has uncovered a North Korean phishing campaign that targeted a sysadmin with a fake Linkedin job advert using a General Data Protection Regulation themed lure. The sysadmin worked for a cryptocurrency business, said the threat intel firm, which made him a ripe target for the money-hungry state hackers Lazarus Group, aka APT38, supposedly backed by North Korea.

The Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation have shared details on a piece of malware North Korean threat actors likely used in attacks targeting employees of defense organizations in Israel and other countries. Dubbed BLINDINGCAN, the malware was apparently used in "Dream Job," a campaign active since the beginning of this year, which hit dozens of defense and governmental companies in Israel and globally by targeting specific employees with highly appealing job offerings.

Since the beginning of 2020, the North Korea-linked threat group known as Lazarus has successfully compromised dozens of organizations in Israel and other countries by targeting their employees with appealing job offers, UK-based cybersecurity firm ClearSky reported this week. Earlier this week, the Israeli defense ministry claimed to have successfully prevented a Lazarus attack targeting the country's defense manufacturers, but ClearSky says that the attackers were in fact successful in their attempts.

A wave of bogus job offer emails from leading aerospace and defense companies is actually a cybercrime campaign designed to harvest information about professionals in sensitive industries. Discovered by McAfee Advanced Threat Research, the campaign appears to have begun in April 2020 and was detected until mid-June, and there are telltale signs that the campaign is being orchestrated by known North Korean hacking groups.

The VHD ransomware family that emerged earlier this year is the work of North Korea-linked threat actor Lazarus, Kaspersky's security researchers reveal. Several malware families have been attributed to Lazarus over the past several months, including new Mac malware families and the cross-platform malware framework MATA. Now, Kaspersky reveals that the threat actor is also operating the VHD ransomware, which has been observed in two campaigns in March and May 2020.

North Korean-linked threat actor Lazarus has been employing at least four new Mac-targeting malware families in recent attacks, SentinelOne security researchers reveal. Some of the most recent malware families that Lazarus has been leveraging in attacks include the macOS version of the DaclsRAT, and the cross-platform MATA framework, which also targets Windows and Linux systems.