A North Korean hacking group had stolen a massive amount of personal information from a South Korean court computer network, probe results showed on Saturday.
A total of 1,014 gigabytes worth of data and documents were leaked from Seoul's court computer network between January 2021 and February 2023 by the hacking group, presumed to be Lazarus, according to the joint probe by the police, the prosecution and the National Intelligence Service.
Key takeaways TA427 regularly engages in benign conversation starter campaigns to establish contact with targets for long-term exchanges of information on topics of strategic importance to the No...
Throughout the past few months, several publications have written about a North Korean threat actor group’s use of NPM packages to deploy malware to developers and other unsuspecting victims. This blog post provides additional details regarding the second and third-stage malware in these attacks, which these publications have only covered in limited detail.
As “P4x,” Alejandro Caceres single-handedly disrupted the internet of an entire country. Then he tried to show the US military how it can—and should—adopt his methods.
Within Rapid7 Labs we continually track and monitor threat groups. As part of this process, we routinely identify evolving tactics from threat groups in what is an unceasing game of cat and mouse.
Warning of North Korean cyber threats targeting the Defense Sector
The North Korean threat actors behind macOS malware strains such as RustBucket and KANDYKORN have been observed "mixing and matching" different elements of the two disparate attack chains, leveraging RustBucket droppers to deliver KANDYKORN.
Two apparently separate North Korean crypto theft campaigns targeting macOS users appear to be linked as threat actors mix and match droppers and payloads.
Two ongoing campaigns bear hallmarks of North Korean state-sponsored threat actors, posing in job-seeking roles to distribute malware or conduct espionage.
Threat Analysis Group shares findings on a new campaign by North Korean actors targeting security researchers.
Google researchers say currently unfixed vulnerability affects a popular software package.
Regime has trained cybercriminals to impersonate tech workers or employers, amid other schemes
North Korean-linked operation affected more organizations beyond 3CX, including two critical infrastructure organizations in the energy sector.
We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX, a complex, lengthy intrusion that has the makings of a cyberpunk spy novel: North Korean hackers using legions of fake executive accounts…
In recent months, Microsoft has detected a wide range of social engineering campaigns using weaponized legitimate open-source software by an actor we track as ZINC. Microsoft Threat Intelligence Center (MSTIC) observed activity targeting employees in organizations across multiple industries including media, defense and aerospace, and IT services in the US, UK, India, and Russia. Based on the observed tradecraft, infrastructure, tooling, and account affiliations, MSTIC attributes this campaign with high confidence to ZINC, a state-sponsored group based out of North Korea with objectives focused on espionage, data theft, financial gain, and network destruction.
The notorious North Korean hacking group 'Lazarus' was seen installing a Windows rootkit that abuses a Dell hardware driver in a Bring Your Own Vulnerable Driver attack.
Kimsuky is a prolific and active threat actor primarily targeting Korea-related entities. In early 2022, we observed this group was attacking the media and a think-tank in South Korea.
ESET research uncovers attacks against several high-profile aerospace and military companies in Europe and the Middle East, with several hints suggesting a possible link to the Lazarus group.
North Korean hackers from the Lazarus group have been using a signed malicious executable for macOS to impersonate Coinbase and lure in employees in the financial technology sector.
