Security News

Yesterday, on the 3rd anniversary of the infamous global WannaCry ransomware outbreak for which North Korea was blamed, the U.S. government released information about three new malware strains used by state-sponsored North Korean hackers. Called COPPERHEDGE, TAINTEDSCRIBE, and PEBBLEDASH, the malware variants are capable of remote reconnaissance and exfiltration of sensitive information from target systems, according to a joint advisory released by the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, and the Department of Defense.

The United States Cyber Command has uploaded five malware samples to VirusTotal total today, which it has attributed to the North Korean threat group Lazarus. Since November 2018, USCYBERCOM has shared numerous malware samples as part of a project started by its Cyber National Mission Force, including malicious files attributed to nation states from North Korea, Russia, and Iran.

North Korea-linked hacking group Lazarus has been leveraging a Mac variant of the Dacls Remote Access Trojan, Malwarebytes reports. Last year, security researchers identified at least two macOS-targeting malware families used by Lazarus in attacks, and a new one appears to have been added to their arsenal: a Mac variant of the Linux-based Dacls RAT. Initially identified by security researchers with Qihoo 360 NetLab in December 2019, the Dacls backdoor targeted both Windows and Linux systems.

Know anything about North Korean hackers and their activities in cyberspace, past or ongoing? North Korean cyber actors are allegedly behind extortion campaigns, including both ransomware and mobster-like protection rackets.

Threat actors working for North Korea have also been hired by others to hack websites and extort targets, the U.S. government says in a new cyber alert. A joint advisory published on Wednesday by the U.S. Department of State, the Department of Treasury, the DHS, and the FBI provides guidance on the North Korean cyber threat and summarizes associated activities.

The United States agencies today released a joint advisory warning the world about the 'significant cyber threat' posed by North Korean state-sponsored hackers to the global banking and financial institutions. Besides a summary of recent cyberattacks attributed to North Korean hackers, the advisory-issued by U.S. Departments of State, the Treasury, and Homeland Security, and the FBI-also contains a comprehensive guide intends to help the international community, industries, and other governments defend against North Korea's illicit activities.

The U.S. Department of Justice announced on Monday that two Chinese nationals have been charged with laundering over $100 million worth of cryptocurrency stolen by North Korean hackers from a cryptocurrency exchange. According to authorities, Yinyin and Jiadong laundered over $100 million worth of cryptocurrency, mostly obtained as a result of a cyberattack launched in April 2018 by North Korean hackers.

Two Chinese nationals have been charged by the US Department of Justice and sanctioned by the US Treasury for allegedly laundering $100 million worth of virtual currency using prepaid Apple iTunes gift cards. According to a newly unsealed court document, the illicit funds originated from a $250 million haul stolen from two different unnamed cryptocurrency exchanges that were perpetrated by Lazarus Group, a cybercrime group with ties with the North Korean government.

The U.S. Cyber Command has uploaded new malware samples to VirusTotal, all of which the Command has attributed to the North Korea-linked threat group Lazarus. The samples were added to the scanning engine as part of a project that USCYBERCOM's Cyber National Mission Force that kicked off in November 2018.

Over the past year and a half, the North Korea-linked Lazarus group has continued attacks on cryptocurrency exchanges but modified its malware and some techniques, Kaspersky reports. Kaspersky now says that following Operation AppleJeus, Lazarus continued to employ a similar modus operandi in attacks on cryptocurrency businesses, and that more macOS malware similar to that from the original Operation AppleJeus case was discovered.