North Korean Hackers Target Crypto Firms with ClickFix and AI-Made Zoom Lures
Arctic Wolf attributed this large-scale spear-phishing campaign to BlueNoroff, a financially motivated subgroup of the Lazarus Group
Coverage of reported Lazarus-linked intrusions, infrastructure, disruption efforts, and defensive guidance that helps explain cybersecurity risks.
Search across headline titles and summaries.
Background for this topic.
Lazarus is a name used by security researchers and public authorities for a suspected, loosely defined intrusion set associated with multiple malware and cyber-espionage operations. The label may cover related but not identical activity, and attribution can change as technical evidence is reassessed. Public reporting has connected the name to incidents involving credential theft, malicious software, theft of funds, and disruptive attacks; those reports should not automatically be treated as proof that every campaign sharing similar tooling has the same operator.
For defenders, coverage under this tag is most useful when it identifies the initial access path, affected software, infrastructure, and evidence supporting attribution. Practical priorities include phishing-resistant multifactor authentication for privileged and remote access, prompt remediation of exploited internet-facing systems, application allowlisting for sensitive environments, and monitoring for unusual authentication, scripting, and outbound connections. During a suspected intrusion, preserve endpoint, identity, email, and network logs before containment changes evidence, then scope for stolen credentials and persistence across connected systems.
Weekly headline count for the current query.
Arctic Wolf attributed this large-scale spear-phishing campaign to BlueNoroff, a financially motivated subgroup of the Lazarus Group
North Korea’s Lazarus Group is pegged for a $290m crypto theft at KelpDAO
Ransomware Medusa linked to North Korean hackers targets US healthcare amid ongoing attacks
A new variant of the BeaverTail malware linked to North Korean hackers has been identified targeting cryptocurrency traders and developers
Cyber-attacks by North Korea’s Lazarus Group target European defense firms in drone development
North Korea’s Lazarus Group has been blamed for a cyber-espionage campaign using open source packages
New “ClickFake Interview” campaign attributed to the Lazarus Group targets crypto professionals with fake job offers
FBI confirms North Korea’s Lazarus Group responsible for Bybit crypto heist
SecurityScorecard has uncovered a sophisticated campaign linked to North Korea’s Lazarus Group, distributing crypto-stealing malware
A Bitdefender researcher was targeted by North Korea’s Lazarus with the lure of a fake job offer
SecurityScorecard identified a new campaign in which the North Korean Lazarus group aims to steal source code, secrets and cryptocurrency wallet keys from developer environments
Lazarus APT has been found smuggling malware onto macOS devices using custom extended attributes, evading detection
SentinelLabs observed the North Korean group BlueNoroff targeting crypto firms via a multi-stage malware campaign which utilizes a novel persistence mechanism
Lazarus Group exploited Google Chrome zero-day, infecting systems with Manuscrypt malware
Lazarus Group has been observed impersonating Capital One staff to lure developers into downloading malware on open source repositories
A joint advisory by the UK, US and South Korea have warned of a global espionage campaign by a North Korea threat actor, Andariel, targeting CNI organizations
Cisco Talos said Operation Blacksmith leveraged the flaw in publicly facing VMWare Horizon servers
Jamf Threat Labs found a Mach-O universal binary communicating with an identified malicious domain
Kaspersky unveiled the cyber campaign at the Security Analyst Summit
North Korean actors have become prolific crypto-thieves