Found 44 bookmarks
Custom sorting
Astrill VPN and Remote Worker Fraud - Spur
Astrill VPN and Remote Worker Fraud - Spur
"Recently, various intelligence and threat analysis teams have identified a concerning trend: North Korean state actors are infiltrating companies and organizations around the world in an attempt to facilitate the clandestine transfer of funds to support North Korea’s state apparatus. Specifically, these actors have favored the use of Astrill VPN to obscure their digital footprints while applying for remote positions." "While it’s been several months since these articles were published, we continue to see reports from our customers of fraudulent re mote worker campaigns originating from Astrill VPN IP addresses."
#spur.us#EN#2024#Astrill#VPN#IP#addresses#IoC#North-Korea#infiltrating
·spur.us·
Astrill VPN and Remote Worker Fraud - Spur
Microsoft shares latest intelligence on North Korean and Chinese threat actors at CYBERWARCON | Microsoft Security Blog
Microsoft shares latest intelligence on North Korean and Chinese threat actors at CYBERWARCON | Microsoft Security Blog
At CYBERWARCON 2024, Microsoft Threat Intelligence analysts will share research and insights on North Korean and Chinese threat actors representing years of threat actor tracking, infrastructure monitoring and disruption, and their attack tooling.
#microsoft#EN#2024#CYBERWARCON#DPRK#North-Korea#China#analysis#intlligence
·microsoft.com·
Microsoft shares latest intelligence on North Korean and Chinese threat actors at CYBERWARCON | Microsoft Security Blog
Office of Public Affairs | North Korean Government Hacker Charged for Involvement in Ransomware Attacks Targeting U.S. Hospitals and Health Care Providers | United States Department of Justice
Office of Public Affairs | North Korean Government Hacker Charged for Involvement in Ransomware Attacks Targeting U.S. Hospitals and Health Care Providers | United States Department of Justice
Hacking Group Known as “Andariel” Used Ransom Proceeds to Fund Theft of Sensitive Information from Defense and Technology Organizations Worldwide, Including U.S. Government Agencies
#justice.gov#EN#2024#North-Korea#Hacker#Charged#Andariel#US
·justice.gov·
Office of Public Affairs | North Korean Government Hacker Charged for Involvement in Ransomware Attacks Targeting U.S. Hospitals and Health Care Providers | United States Department of Justice
North Korean hackers are stealing military secrets, say U.S. and allies
North Korean hackers are stealing military secrets, say U.S. and allies
North Korean hackers have conducted a global cyber espionage campaign in efforts to steal classified military secrets to support Pyongyang's banned nuclear weapons programme, the United States, Britain and South Korea said in a joint advisory on Thursday. The hackers, dubbed Anadriel or APT45 by cybersecurity researchers, are believed to be part of North Korea's intelligence agency known as the Reconnaissance General Bureau, an entity sanctioned by the U.S. in 2015.
#reuters#EN#2024#North-Korea#Anadriel#APT45#spy#stealing
·reuters.com·
North Korean hackers are stealing military secrets, say U.S. and allies
North Korea’s Post-Infection Python Payloads – One Night in Norfolk
North Korea’s Post-Infection Python Payloads – One Night in Norfolk
Throughout the past few months, several publications have written about a North Korean threat actor group’s use of NPM packages to deploy malware to developers and other unsuspecting victims. This blog post provides additional details regarding the second and third-stage malware in these attacks, which these publications have only covered in limited detail.
#norfolkinfosec#EN#2024#NPM#packages#Phlyum#malware#North-Korea#phyton#payloads
·norfolkinfosec.com·
North Korea’s Post-Infection Python Payloads – One Night in Norfolk
Hacking Employers and Seeking Employment: Two Job-Related Campaigns Bear Hallmarks of North Korean Threat Actors
Hacking Employers and Seeking Employment: Two Job-Related Campaigns Bear Hallmarks of North Korean Threat Actors
Two ongoing campaigns bear hallmarks of North Korean state-sponsored threat actors, posing in job-seeking roles to distribute malware or conduct espionage.
#unit42#EN#2023#North-Korea#Job-Related#Campaigns#threat-actor#job-seeking#malware#espionage
·unit42.paloaltonetworks.com·
Hacking Employers and Seeking Employment: Two Job-Related Campaigns Bear Hallmarks of North Korean Threat Actors
ZINC weaponizing open-source software - Microsoft Security Blog
ZINC weaponizing open-source software - Microsoft Security Blog
In recent months, Microsoft has detected a wide range of social engineering campaigns using weaponized legitimate open-source software by an actor we track as ZINC. Microsoft Threat Intelligence Center (MSTIC) observed activity targeting employees in organizations across multiple industries including media, defense and aerospace, and IT services in the US, UK, India, and Russia. Based on the observed tradecraft, infrastructure, tooling, and account affiliations, MSTIC attributes this campaign with high confidence to ZINC, a state-sponsored group based out of North Korea with objectives focused on espionage, data theft, financial gain, and network destruction.
#microsoft#EN#2022#Microsoft#weaponized#ZINC#open-source#MSTIC#apt#North-Korea
·microsoft.com·
ZINC weaponizing open-source software - Microsoft Security Blog
MagicRAT: Lazarus’ latest gateway into victim networks
MagicRAT: Lazarus’ latest gateway into victim networks
  • Cisco Talos has discovered a new remote access trojan (RAT) we're calling "MagicRAT," developed and operated by the Lazarus APT group, which the U.S. government believes is a North Korean state-sponsored actor. * Lazarus deployed MagicRAT after the successful exploitation of vulnerabilities in VMWare Horizon platforms. * We've also found links between MagicRAT and another RAT known as "TigerRAT," disclosed and attributed to Lazarus by the Korean Internet & Security Agency (KISA) recently. * TigerRAT has evolved over the past year to include new functionalities that we illustrate in this blog.
#talosintelligence#EN#2022#MagicRAT#Lazarus#Lazarus-Group#North-Korea#TigerRAT#RAT
·blog.talosintelligence.com·
MagicRAT: Lazarus’ latest gateway into victim networks
Operation In(ter)ception: Aerospace and military companies in the crosshairs of cyberspies | WeLiveSecurity
Operation In(ter)ception: Aerospace and military companies in the crosshairs of cyberspies | WeLiveSecurity
ESET research uncovers attacks against several high-profile aerospace and military companies in Europe and the Middle East, with several hints suggesting a possible link to the Lazarus group.
#welivesecurity#EN#2022#Lazarus-Group#military#Europe#Lazarus#Operation#North-Korea
·welivesecurity.com·
Operation In(ter)ception: Aerospace and military companies in the crosshairs of cyberspies | WeLiveSecurity
Justice Department seizes $500K from North Korean hackers who targeted US medical organizations
Justice Department seizes $500K from North Korean hackers who targeted US medical organizations
The US Justice Department seized approximately half a million dollars that North Korean government-backed hackers had either extorted from US health care organizations or used to launder ransom payments, deputy Attorney General Lisa Monaco said Tuesday as she touted an aggressive US strategy to claw back money for victims of ransomware attacks.
#CNN#EN#2022#APT#north-korea#US#seized#government-backed#medical#ransomware
·edition.cnn.com·
Justice Department seizes $500K from North Korean hackers who targeted US medical organizations
ZINC weaponizing open-source software - Microsoft Security Blog
ZINC weaponizing open-source software - Microsoft Security Blog
In recent months, Microsoft has detected a wide range of social engineering campaigns using weaponized legitimate open-source software by an actor we track as ZINC. Microsoft Threat Intelligence Center (MSTIC) observed activity targeting employees in organizations across multiple industries including media, defense and aerospace, and IT services in the US, UK, India, and Russia. Based on the observed tradecraft, infrastructure, tooling, and account affiliations, MSTIC attributes this campaign with high confidence to ZINC, a state-sponsored group based out of North Korea with objectives focused on espionage, data theft, financial gain, and network destruction.
#microsoft#EN#2022#Microsoft#weaponized#ZINC#open-source#MSTIC#apt#North-Korea
·microsoft.com·
ZINC weaponizing open-source software - Microsoft Security Blog