North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures
North Korea-linked threat actors behind the Contagious Interview have set up front companies as a way to distribute malware during the fake hiring process
This tag covers cybersecurity incidents, policy, public services, privacy, advisories, and regional implications connected to North Korea.
Search across headline titles and summaries.
Background for this topic.
North Korea covers cybersecurity and information-security developments connected to North Korea, including incidents, policy, privacy, advisories, research, and news affecting organizations, public services, and digital systems in the area.
For practitioners, the tag provides geographic context for developments involving North Korea's organizations, services, partners, and users. Individual articles provide the specific technologies, threats, sectors, and operational implications relevant to each development.
North Korea-linked threat actors behind the Contagious Interview have set up front companies as a way to distribute malware during the fake hiring process
Void Dokkaebi Campaigns Using Russia for Cryptocurrency TheftNorth Korean hackers look north toward Russia for the internet infrastructure behind the many online scams that Pyongyang has built to funnel stolen cash into the rouge nation. Void Dokkaebi hackers participate in the North Korean scam of social engineering IT job seekers.
In a recent espionage campaign, the infamous North Korean threat group Lazarus targeted multiple organizations in the software, IT, finance, and telecommunications sectors in South Korea. [...]
Also, Blue Shield Breach Exposes 4.7M, Cyberattack Disrupts City Systems in TexasThis week, Cookie Bite bypasses MFA in Azure Entra ID, Microsoft fixed RDP Freezes, a ransomware attack in Catalonia, Blue Shield exposed data to Google, a cyberattack disrupted city systems in Texas, South Korean telecom breach exposed USIM data and a warning about North Korean IT deepfakes.
At least six organizations in South Korea have been targeted by the prolific North Korea-linked Lazarus Group as part of a campaign dubbed Operation SyncHole
Use of synthetic identities by malicious employment candidates is yet another way state-sponsored actors are trying to game the hiring process and infiltrate Western organizations.
Multiple threat activity clusters with ties to North Korea (aka Democratic People's Republic of Korea or DPRK) have been linked to attacks targeting organizations and individuals in the Web3 and cryptocurrency space
In this blog entry, we discuss how North Korea's significant role in cybercrime – including campaigns attributed to Void Dokkaebi – is facilitated by extensive use of anonymization networks and the use of Russian IP ranges.
North Korea Continues Refining Profit-Making Scheme, Says CrowdStrike's Adam MeyersIn recent years, cash-starved North Korea has deployed legions of domestically trained workers to secure remote IT jobs to generate revenue for the Pyongyang-based regime. They can work for many months before being spotted, said Adam Meyers, head of counter adversary operations at CrowdStrike.
Cybersecurity researchers have flagged a new malicious campaign related to the North Korean state-sponsored threat actor known as Kimsuky that exploits a now-patched vulnerability impacting Microsoft Remote Desktop Services to gain initial access
ClickFix attacks are being increasingly adopted by threat actors of all levels, with researchers now seeing multiple advanced persistent threat (APT) groups from North Korea, Iran, and Russia utilizing the tactic to breach networks. [...]