North Korea

Pierluigi Paganini February 15, 2024
North Korea-linked actors breached the emails of a Presidential Office member

The office of South Korean President Yoon Suk Yeol said that North Korea-linked actors breached the personal emails of one of his staff members. The office of South Korean President Yoon Suk Yeol announced a security incident involving the compromise of personal emails belonging to a member of the presidential staff. The government attributes the […]

Pierluigi Paganini January 06, 2024
Experts spotted a new macOS Backdoor named SpectralBlur linked to North Korea

Researchers discovered a macOS backdoor, called SpectralBlur, which shows similarities with a North Korean APT’s malware family. Security researcher Greg Lesnewich discovered a backdoor, called SpectralBlur, that targets Apple macOS. The backdoor shows similarities with the malware family KANDYKORN (aka SockRacket), which was attributed to the North Korea-linked Lazarus sub-group known as BlueNoroff (aka TA444). KandyKorn is an […]

Pierluigi Paganini December 01, 2023
US govt sanctioned North Korea-linked APT Kimsuky

The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions against North Korea-linked APT group Kimsuky. The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) this week announced sanctions against the North Korea-linked APT group Kimsuky. Kimsuky cyberespionage group (aka ARCHIPELAGO, Black Banshee, Thallium, Velvet Chollima, APT43) was first spotted by Kaspersky researchers in […]

Pierluigi Paganini November 25, 2023
North Korea-linked APT Lazarus is using a MagicLine4NX zero-day flaw in supply chain attack

UK and South Korea agencies warn that North Korea-linked APT Lazarus is using a MagicLine4NX zero-day flaw in supply-chain attack The National Cyber Security Centre (NCSC) and Korea’s National Intelligence Service (NIS) released a joint warning that the North Korea-linked Lazarus hacking group is exploiting a zero-day vulnerability in the MagicLine4NX software to carry out […]

Pierluigi Paganini November 13, 2023
North Korea-linked APT Sapphire Sleet targets IT job seekers with bogus skills assessment portals

North Korea-linked APT group Sapphire Sleet set up bogus skills assessment portals in attacks aimed at IT job seekers. The North Korea-linked APT group Sapphire Sleet (aka APT38, BlueNoroff, CageyChameleon, and CryptoCore) is considered a sub-group of the popular Lazarus APT group. The APT group’s campaigns focus on cryptocurrency exchanges, venture capital firms, and banks. […]

Pierluigi Paganini November 08, 2023
North Korea-linked APT BlueNoroff used new macOS malware ObjCShellz

The North Korea-linked APT BlueNoroff used a new strain of macOS malware strain dubbed ObjCShellz, Jamf Threat Labs reported. Researchers from Jamf Threat Labs discovered a new macOS malware strain dubbed ObjCShellz and attributed it to North Korea-linked APT BlueNoroff. The experts noticed that the ObjCShellz malware shares similarities with the RustBucket malware campaign associated with the BlueNoroff APT […]

Pierluigi Paganini October 21, 2023
US DoJ seized domains used by North Korean IT workers to defraud businesses worldwide

The U.S. government seized 17 website domains used by North Korean IT workers in a fraudulent scheme to defraud businesses worldwide. The U.S. government announced the seizure of 17 website domains used by North Korean information technology (IT) workers as part of a fraudulent scheme illicit scheme to defraud businesses worldwide. The illicit funds defraud U.S. and […]

Pierluigi Paganini October 19, 2023
North Korea-linked APT groups actively exploit JetBrains TeamCity flaw

North Korea-linked threat actors are actively exploiting a critical vulnerability CVE-2023-42793 in JetBrains TeamCity. Microsoft warns that North Korea-linked threat actors are actively exploiting a critical security vulnerability, tracked as CVE-2023-42793 (CVSS score: 9.8), in JetBrains TeamCity. CVE-2023-42793 is an authentication bypass issue affecting the on-premises version of TeamCity. An attacker can exploit the flaw to steal […]

Pierluigi Paganini October 08, 2023
North Korea-linked Lazarus APT laundered over $900 million through cross-chain crime

North Korea-linked APT group Lazarus has laundered $900 million worth of cryptocurrency, Elliptic researchers reported. Researchers from blockchain analytics firm Elliptic reported that threat actors has already laundered a record $7 billion through cross-chain crime.  The term “Cross-chain crime” is used to refer to the swapping of cryptoassets between different tokens or blockchains to launder […]

Pierluigi Paganini September 18, 2023
North Korea’s Lazarus APT stole almost $240 million in crypto assets since June

The North Korea-linked APT group Lazarus has stolen more than $240 million worth of cryptocurrency since June 2023, researchers warn. According to a report published by blockchain cyber security firm Elliptic, in the past 104 days, the North Korea-linked APT group Lazarus has stolen most of $240 million in crypto assets from multiple businesses, including […]