Security News

The North Korea-linked threat actor known as Lazarus was recently observed launching cyberattacks against two entities involved in COVID-19 research. Active since at least 2009 and believed to be backed by the North Korean government, Lazarus is said to have orchestrated some high-profile attacks, including the WannaCry outbreak.

Microsoft said it has detected attempts by state-backed Russian and North Korean hackers to steal valuable data from leading pharmaceutical companies and vaccine researchers. Microsoft said most of the targets - located in Canada, France, India, South Korea and the United States - were "Directly involved in researching vaccines and treatments for COVID-19." It did not name the targets but said most had vaccine candidates in various stages of clinical trials.

The attacks, which targeted IP-addresses belonging to internet service providers in Australia, Israel, Russia, and defense contractors based in Russia and India, involved a previously undiscovered spyware tool called Torisma to stealthily monitor its victims for continued exploitation. Tracked under the codename of "Operation North Star" by McAfee researchers, initial findings into the campaign in July revealed the use of social media sites, spear-phishing, and weaponized documents with fake job offers to trick employees working in the defense sector to gain a foothold on their organizations' networks.

A week after the US government issued an advisory about a "Global intelligence gathering mission" operated by North Korean state-sponsored hackers, new findings have emerged about the threat group's spyware capabilities. The APT - dubbed "Kimsuky" and believed to be active as early as 2012 - has been now linked to as many as three hitherto undocumented malware, including an information stealer, a tool equipped with malware anti-analysis features, and a new server infrastructure with significant overlaps to its older espionage framework.

North Korea-linked threat actor Kimsuky was recently observed using brand new malware in attacks on government agencies and human rights activists, Cybereason's security researchers say. In a newly published report, Cybereason's Nocturnus team provides details on two new malware families associated with Kimsuky, namely a previously undocumented modular spyware called KGH SPY, and a new malware downloader called CSPY Downloader.

An alert released by the United States this week provides information on Kimsuky, a threat actor focused on gathering intelligence on behalf of the North Korean government. The malicious cyber activity associated with the North Korean government is typically referred to as HIDDEN COBRA by the United States.

Security researchers with Intel 471 have identified connections between cyber-activities attributed to North Korean hackers and those of Russian cybercriminals. In a report published today, Intel 471 says malware that only the North Korean hackers use "Was very likely delivered via network accesses held by Russian-speaking cybercriminals."

North Korean hackers stole millions of dollars from virtual currency accounts and then laundered the stolen funds in hopes of making the crime untraceable, according to a Justice Department civil forfeiture complaint filed Thursday. It comes months after Justice Department officials accused hackers from North Korea of stealing nearly $250 million worth of virtual currency and charged two Chinese hackers with laundering more than $100 million from the hack.

Since February 2020, North Korean state-sponsored hackers have been targeting banks in multiple countries, the Cybersecurity and Infrastructure Security Agency, the Department of the Treasury, the Federal Bureau of Investigation and U.S. Cyber Command warn in a joint advisory. "The BeagleBoyz's bank robberies pose severe operational risk for individual firms beyond reputational harm and financial loss from theft and recovery costs. [] Equally concerning, these malicious actors have manipulated and, at times, rendered inoperable, critical computer systems at banks and other financial institutions," the joint advisory reads.

The BeagleBoyz, part of the North Korean government's hacking apparatus, are back to targeting banks around the world after a brief pause in activity. The US Cybersecurity and Infrastructure Security Agency has released an alert with details of how the BeagleBoyz have made off with an estimated $2 billion in fiat and cryptocurrency since 2015, along with details on how financial institutions can protect themselves against their known patterns of attack.