North Korea

Pierluigi Paganini April 16, 2020
U.S. offers up to $5 Million rewards for info on North Korea-linked operations

The United States agencies released a joint advisory warning of ‘significant cyber threat’ posed by North Korea-linked hackers to the global financial sector. The U.S. Departments of State, the Treasury, and Homeland Security, and the Federal Bureau of Investigation released a joint advisory that is warning organizations worldwide about the ‘significant cyber threat’ posed by the North Korean nation-state […]

Pierluigi Paganini March 13, 2020
State-sponsored hackers are launching Coronavirus-themed attacks

In the last weeks, security experts reported many Coronavirus-themed attacks carried out by cybercrime gangs, now experts warn of similar attacks from nation–state actors. Recently security experts reported many Coronavirus-themed attacks carried out by cybercrime gangs, but now experts are warning of similar attacks launched by nation-state actors. State-sponsored hackers from Russia, China, and North […]

Pierluigi Paganini March 03, 2020
The North Korean Kimsuky APT threatens South Korea evolving its TTPs

Cybaze-Yoroi ZLab analyzed a new implant employed by a North Korea-linked APT group, tracked as Kimsuky, in attacks on South Korea. Introduction Recently we have observed a significant increase in state-sponsored operations carried out by threat actors worldwide. APT34, Gamaredon, and Transparent Tribe are a few samples of the recently uncovered campaigns, the latter was spotted after four […]

Pierluigi Paganini March 03, 2020
US officials charge two Chinese men for laundering cryptocurrency for North Korea

The Department of Justice has charged the two Chinese nationals for laundering cryptocurrency for North Korea-linked APT groups. The US Treasury Department and the Department of Justice have imposed sanctions and charged two Chinese nationals, Tian Yinyin ( 田寅寅) and Li Jiadong (李家东), for helping North Korea-linked hackers in laundering cryptocurrency. The cryptocurrency have been […]

Pierluigi Paganini January 24, 2020
NK CARROTBALL dropper used in attacks on U.S. Govn Agency

A US Government agency was hit with a phishing attack attempting to deliver a new malware dropper dubbed CARROTBALL. Security experts at Palo Alto Networks have uncovered a new malware dropper called CARROTBALL that was used in targeted attacks against a U.S. government agency and non-US foreign nationals. Experts attribute the attack to the Konni […]

Pierluigi Paganini December 17, 2019
Dacls RAT, the first Lazarus malware that targets Linux devices

Researchers spotted a new Remote Access Trojan (RAT), dubbed Dacls, that was used by the Lazarus APT group to target both Windows and Linux devices. Experts at Qihoo 360 Netlab revealed that the North-Korea Lazarus APT group used a new Remote Access Trojan (RAT), dubbed Dacls, to target both Windows and Linux devices. The activity […]

Pierluigi Paganini December 12, 2019
Trickbot gang and Lazarus APT, the hidden link behind an epochal phenomena

For the first time, experts shed the light on the link between the TrickBot gang and the North Korea-linked APT group Lazarus. Security experts Sentinelone have published a report that for the first time sheds the light on the link between the TrickBot crimeware and the North Korea-linked APT group Lazarus. For the first time, experts shed the light on the link between […]

Pierluigi Paganini December 11, 2019
Microsoft fixes CVE-2019-1458 Windows Zero-Day exploited in NK-Linked attacks

Microsoft’s December 2019 Patch Tuesday updates fix a total of 36 flaws, including CVE-2019-1458 Windows zero-day exploited in North Korea-linked attacks Microsoft’s December 2019 Patch Tuesday updates address a total of 36 flaws, including a Windows zero-day, tracked as CVE-2019-1458 exploited in attacks linked to North Korea. The vulnerability could be exploited to execute arbitrary […]

Pierluigi Paganini November 01, 2019
CVE-2019-13720 flaw in Chrome exploited in Operation WizardOpium attacks

One of the two flaws in Chrome addressed by Google, CVE-2019-13720, was exploited in a campaign that experts attribute to Korea-linked threat actors. This week Google released security updates to address two high severity vulnerabilities in the Chrome browser, one of which is a zero-day flaw actively exploited in attacks in the wild to hijack […]

Pierluigi Paganini October 25, 2019
Experts attribute NukeSped RAT to North Korea-Linked hackers

Experts at Fortinet analyzed NukeSped malware samples that share multiple similarities with malware associated with North Korea-linked APTs. Fortinet has analyzed the NukeSped RAT that is believed to be a malware in the arsenal of the Lazarus North-Korea linked APT group. The attribution to the Lazarus group is based on the similarities with other malware […]