Security News

A threat with a North Korea nexus has been found leveraging a "Novel spear phish methodology" that involves making use of trojanized versions of the PuTTY SSH and Telnet client. "UNC4034 established communication with the victim over WhatsApp and lured them to download a malicious ISO package regarding a fake job offering that led to the deployment of the AIRDRY.V2 backdoor through a trojanized instance of the PuTTY utility," Mandiant researchers said.

Lazarus, also known as Hidden Cobra or Zinc, is a known nation-state cyberespionage threat actor originating from North Korea, according to the U.S. government. Lazarus could use only VSingle, VSingle and MagicRAT, or a new malware dubbed YamaBot.

More than $30 million worth of cryptocurrency plundered by the North Korea-linked Lazarus Group from online video game Axie Infinity has been recovered, marking the first time digital assets stolen by the threat actor have been seized. "The seizures represent approximately 10% of the total funds stolen from Axie Infinity, and demonstrate that it is becoming more difficult for bad actors to successfully cash out their ill-gotten crypto gains," Erin Plante, senior director of investigations at Chainalysis, said.

A malicious campaign mounted by the North Korea-linked Lazarus Group is targeting energy providers around the world, including those based in the United States, Canada, and Japan. "The campaign is meant to infiltrate organizations around the world for establishing long-term access and subsequently exfiltrating data of interest to the adversary's nation-state," Cisco Talos said in a report shared with The Hacker News.

The North Korean APT group 'Lazarus' is exploiting VMWare Horizon servers to access the corporate networks of energy providers in the United States, Canada, and Japan. Lazarus is a state-backed threat actor known for conducting espionage, data theft, and cryptocurrency stealing campaigns over the past decade.

The prolific North Korean nation-state actor known as the Lazarus Group has been linked to a new remote access trojan called MagicRAT. The previously unknown piece of malware is said to have been deployed in victim networks that had been initially breached via successful exploitation of internet-facing VMware Horizon servers, Cisco Talos said in a report shared with The Hacker News. Lazarus Group, also known as APT38, Dark Seoul, Hidden Cobra, and Zinc, refers to a cluster of financial motivated and espionage-driven cyber activities undertaken by the North Korean government as a means to sidestep sanctions imposed on the country and meet its strategic objectives.

The folks tasked with defending the Black Hat conference network see a lot of weird, sometimes hostile activity, and this year it included malware linked to Kim Jong-un's agents. Of course, not all of the malware detected at Black Hat is intended to infect devices and perform nefarious acts - some of it stems from simulated attacks in classrooms and on the show floor.

North Korean hackers from the Lazarus group have been using a signed malicious executable for macOS to impersonate Coinbase and lure in employees in the financial technology sector. Lazarus hackers have used fake job offers in the past and in a recent operation they used malware disguised as a PDF file with details about a position at Coinbase.

The first ever incident possibly involving the ransomware family known as Maui occurred on April 15, 2021, aimed at an unnamed Japanese housing company. The disclosure from Kaspersky arrives a month after U.S. cybersecurity and intelligence agencies issued an advisory about the use of the ransomware strain by North Korean government-backed hackers to target the healthcare sector since at least May 2021.

The Maui ransomware that has been used against US healthcare operations has been linked to Andariel, a North Korean state-sponsored threat with links to the notorious Lazarus Group. Ariel has been active since 2015, running attacks to steal data and bring in revenue for the North Korean regime.