The North Korean hacking group Lazarus, affiliated with the Reconnaissance General Bureau, is strongly suspected to be behind a 4.45 billion Korean won hacking incident at the virtual asset exchange Upbit.
It has been confirmed that Lazarus carried out at least 31 hacking attacks over the past year. According to AhnLab’s “2025 Cyber Threat Trends & 2026 Security Outlook” report released on the 30th, Lazarus was the most frequently mentioned APT (Advanced Persistent Threat) group, with 31 activities recorded between October of last year and September of this year.
Read more…
Source: The Chosun Daily News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- U.S. Army Soldier Arrested in AT&T, Verizon Extortions
December 30, 2024
Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from AT&T and Verizon. As first reported by KrebsOnSecurity last month, the accused is a communications specialist who was recently stationed in South Korea. ...
- INTERPOL financial crime operation makes record 5,500 arrests, seizures worth over USD 400 million
November 27, 2024
LYON, France – A global operation involving law enforcement from 40 countries, territories and regions has ended with the arrest of over 5,500 financial crime suspects and the seizure of more than USD 400 million in virtual assets and government-backed currencies. The five-month Operation HAECHI V (July – November 2024) targeted seven types of cyber-enabled frauds: ...
- Ex-South Korean defence chief, officials accused of THAAD data leak to China
November 20, 2024
A former South Korean defence minister and three other senior officials who served in the previous Moon Jae-in administration have been accused of leaking intelligence on a US-built missile system to activists and China. The state auditor alleged that Jeong Kyeong-doo, ex-national security adviser Chung Eui-yong and two high-ranking officers passed information on the Terminal High ...
- An investigation into the tools and methods used by the Higaisa group
August 19, 2024
In March 2020 specialists from the PT Expert Security Center conducted an analysis on the activities of the APT group Higaisa. This group was first studied by security analysts at Tencent in November 2019. In that analysis, Tencent specialists reached the conclusion that Higaisa has its origins in South Korea. The group, which is still active ...
- APT40 Advisory PRC MSS tradecraft in action
July 8, 2024
The PRC state-sponsored cyber group has previously targeted organisationsin various countries, including Australia and the United States, and the techniques highlighted below are regularly used by other PRC state-sponsored actors globally. Therefore, the authoring agencies believe the group, and similar techniquesremain a threat to their countries’ networks as well. The authoring agencies assess that this group ...
- Springtail: New Linux Backdoor Added to Toolkit
May 16, 2024
Symantec’s Threat Hunter Team has uncovered a new Linux backdoor developed by the North Korean Springtail espionage group (aka Kimsuky) that is linked to malware used in a recent campaign against organizations in South Korea. The backdoor (Linux.Gomir) appears to be a Linux version of the GoBear backdoor, which was used in a recent Springtail campaign ...