Explore the latest updates on North Korea's information security actions, including cyber threats, state-sponsored hacking, and digital defense strategies.
Search across headline titles and summaries.
Background for this topic.
North Korea is a country often associated with aggressive cyber operations and state-sponsored hacking. In the realm of information security, North Korea is known for its advanced persistent threats (APTs) and its involvement in various cyber espionage and cyber warfare activities. The nation's hackers are implicated in attacks aimed at stealing funds, intellectual property, and sensitive information from governments, corporations, and individuals.
The significance of North Korea in cyber security discussions stems from its notorious cyber attacks that include the deployment of ransomware, such as the WannaCry incident, bank heists like the Bangladesh Bank cyber theft, and the infiltration of entertainment companies like the hack on Sony Pictures. The country's persistent cyber threats challenge global security, demanding pervasive vigilance, and sophisticated defense mechanisms from organizations around the world.
Weekly headline count for the current query.
The North Korean state-sponsored threat actor known as Kimsuky (aka Velvet Chollima) has been attributed to a fresh set of cyber attacks targeting South Korean military and corporate entities through March and April 2026
North Korea-linked Lazarus APT Group is using a stealthy memory-only RAT that leaves almost no forensic traces behind. North Korea-linked APT group Lazarus has never been shy about its ambitions, the threat actor has been tied to some of the most audacious financial heists in recent memory, draining hundreds of millions from cryptocurrency exchanges and […]
Cybersecurity researchers have shed light on a cross-platform malware called RemotePE that has been put to use by the North Korea-linked Lazarus Group in attacks targeting financial and cryptocurrency organizations
Void Dokkaebi, a North Korea-aligned intrusion set, has updated its information-stealing malware, InvisibleFerret, shifting its delivery format to evade script-based detections.
Also, Taiwan Rail Hack, Massive DDoS Attack and Karakurt Jail SentenceThis week, Microsoft Edge exposed passwords, Taiwan police make arrests in high-speed rail hack and a 2.45 billion-request DDoS attack. A Karakurt negotiator jailed, North Korean IT worker scams led to prison terms and France detained a teen over a government data breach. Another Ivanti zero-day.
Also: TrustedVolumes, Wasabi Protocol and Ekubo HacksThis week, Bitcoin Core revealed a memory safety flaw, hackers exploited TrustedVolumes, Wasabi Protocol and Ekubo, Bithumb suspension paused, sentencing in U.S. theft case, prosecutors seek 20-year sentence for Delio CEO and North Korea denied that it's a thief.
The men’s separate schemes impacted almost 70 U.S. companies and generated a combined $1.2 million in revenue for the North Korean regime. The post American duo sentenced for hosting laptop farms for North Korean IT workers appeared first on CyberScoop.
Two U.S. nationals were sentenced to 18 months in prison each for operating so-called laptop farms that helped North Korean IT workers fraudulently obtain remote employment at nearly 70 American companies. [...]
ESET warns that North Korean hackers compromised a Yanbian gaming site in a supply‑chain attack, trojanizing Windows and Android software to spy on users
Website Popular in Korean Ethnic Enclave in China Hosts Apps Laced With a BackdoorA North Korean hacking group has been spying on a Korean ethnic enclave in China by infiltrating the Android apps of a regional gaming platform that hosts digital card and board games. Researchers attributed the supply-chain attack to a threat actor that Eset tracks as ScarCruft.
The North Korea-aligned state-sponsored hacking group known as ScarCruft has compromised a video game platform in a supply chain espionage attack, trojanizing its components with a backdoor called BirdCallto likely target ethnic Koreans residing in China
The North Korean hacker group APT37 has been delivering an Android version of a backdoor called BirdCall in a supply-chain attack through a video game platform. [...]
Also: Google’s $40B AI Bet, Insights From Google Next ConferenceIn this week's panel, four ISMG editors discussed North Korea's use of fake video meetings to fuel crypto fraud, Google's $40 billion investment in Anthropic and what it signals for the AI race, and key takeaways from Google Next in Las Vegas on enterprise AI adoption.
North Korean threat actors are pulling off historic cryptocurrency heists on a yearly, sometimes weekly basis now. AI might be helping them.
Also: Cartier Heir Imprisoned, Believe Founder Benjamin Pasternak ArrestedThis week, North Korea hacks, Cartier heir jailed, Believe founder arrested, Cambodia scam network sanctioned. A U.S. Army soldier's insider bet, Litecoin, sentences in laundering and romance fraud cases, France probed crypto kidnapping. Tennessee banned crypto ATMs, Kelp DAO and Alex Mashinsky.
The North Korean group is using stolen victim videos, AI-generated avatars, and fake Zoom calls to scale malware attacks against cryptocurrency executives.
Arctic Wolf attributed this large-scale spear-phishing campaign to BlueNoroff, a financially motivated subgroup of the Lazarus Group
Video of Industry Figures Harvested During Meetings and Used to Lure Future VictimsNorth Korean hackers are pretending to be cryptocurrency insiders, in an attempt to trick targets into accepting Calendly calendar invites. The social engineering ruse is designed to infect Windows and macOS systems with crypto stealers, and to harvest video of real-life people for future lures.
Lazarus continues leveraging ClickFix for initial access and data theft: in this case, against Mac-centric organizations and their high-value leaders.
North Korea’s Lazarus Group is pegged for a $290m crypto theft at KelpDAO