Security News

North Korea-linked threat actor Kimsuky was recently observed using brand new malware in attacks on government agencies and human rights activists, Cybereason's security researchers say. In a newly published report, Cybereason's Nocturnus team provides details on two new malware families associated with Kimsuky, namely a previously undocumented modular spyware called KGH SPY, and a new malware downloader called CSPY Downloader.

An alert released by the United States this week provides information on Kimsuky, a threat actor focused on gathering intelligence on behalf of the North Korean government. The malicious cyber activity associated with the North Korean government is typically referred to as HIDDEN COBRA by the United States.

Security researchers with Intel 471 have identified connections between cyber-activities attributed to North Korean hackers and those of Russian cybercriminals. In a report published today, Intel 471 says malware that only the North Korean hackers use "Was very likely delivered via network accesses held by Russian-speaking cybercriminals."

North Korean hackers stole millions of dollars from virtual currency accounts and then laundered the stolen funds in hopes of making the crime untraceable, according to a Justice Department civil forfeiture complaint filed Thursday. It comes months after Justice Department officials accused hackers from North Korea of stealing nearly $250 million worth of virtual currency and charged two Chinese hackers with laundering more than $100 million from the hack.

Since February 2020, North Korean state-sponsored hackers have been targeting banks in multiple countries, the Cybersecurity and Infrastructure Security Agency, the Department of the Treasury, the Federal Bureau of Investigation and U.S. Cyber Command warn in a joint advisory. "The BeagleBoyz's bank robberies pose severe operational risk for individual firms beyond reputational harm and financial loss from theft and recovery costs. [] Equally concerning, these malicious actors have manipulated and, at times, rendered inoperable, critical computer systems at banks and other financial institutions," the joint advisory reads.

The BeagleBoyz, part of the North Korean government's hacking apparatus, are back to targeting banks around the world after a brief pause in activity. The US Cybersecurity and Infrastructure Security Agency has released an alert with details of how the BeagleBoyz have made off with an estimated $2 billion in fiat and cryptocurrency since 2015, along with details on how financial institutions can protect themselves against their known patterns of attack.

Infosec biz F-Secure has uncovered a North Korean phishing campaign that targeted a sysadmin with a fake Linkedin job advert using a General Data Protection Regulation themed lure. The sysadmin worked for a cryptocurrency business, said the threat intel firm, which made him a ripe target for the money-hungry state hackers Lazarus Group, aka APT38, supposedly backed by North Korea.

The Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation have shared details on a piece of malware North Korean threat actors likely used in attacks targeting employees of defense organizations in Israel and other countries. Dubbed BLINDINGCAN, the malware was apparently used in "Dream Job," a campaign active since the beginning of this year, which hit dozens of defense and governmental companies in Israel and globally by targeting specific employees with highly appealing job offerings.

Since the beginning of 2020, the North Korea-linked threat group known as Lazarus has successfully compromised dozens of organizations in Israel and other countries by targeting their employees with appealing job offers, UK-based cybersecurity firm ClearSky reported this week. Earlier this week, the Israeli defense ministry claimed to have successfully prevented a Lazarus attack targeting the country's defense manufacturers, but ClearSky says that the attackers were in fact successful in their attempts.

A wave of bogus job offer emails from leading aerospace and defense companies is actually a cybercrime campaign designed to harvest information about professionals in sensitive industries. Discovered by McAfee Advanced Threat Research, the campaign appears to have begun in April 2020 and was detected until mid-June, and there are telltale signs that the campaign is being orchestrated by known North Korean hacking groups.