North Korea Aggressively Targeting Crypto Industry with Well-Disguised Social Engineering Attacks

The Democratic People’s Republic of Korea (“DPRK” aka North Korea) is conducting highly tailored, difficult-to-detect social engineering campaigns against employees of decentralized finance (“DeFi”), cryptocurrency, and similar businesses to deploy malware and steal company cryptocurrency. North Korean social engineering schemes Read More …

North Korean threat actor Citrine Sleet exploiting Chromium zero-day

On August 19, 2024, Microsoft identified a North Korean threat actor exploiting a zero-day vulnerability in Chromium, now identified as CVE-2024-7971, to gain remote code execution (RCE). Microsoft researchers assess with high confidence that the observed exploitation of CVE-2024-7971 can Read More …

Onyx Sleet uses array of malware to gather intelligence for North Korea

On July 25, 2024, the United States Department of Justice (DOJ) indicted an individual linked to the North Korean threat actor that Microsoft tracks as Onyx Sleet. Microsoft Threat Intelligence collaborated with the Federal Bureau of Investigation (FBI) in tracking Read More …

North Korean hackers are targeting Apple Mac devices with updated malware

North Korean state-sponsored threat actors are once again setting up fake job interviews in a bid to infect unsuspecting victims with infostealing malware – but this time around, they are focusing on Apple users. Cybersecurity researcher Patrick Wardle recently discovered Read More …

Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks

Microsoft has identified a new North Korean threat actor, now tracked as Moonstone Sleet (formerly Storm-1789), that uses both a combination of many tried-and-true techniques used by other North Korean threat actors and unique attack methodologies to target companies for Read More …

Springtail: New Linux Backdoor Added to Toolkit

Symantec’s Threat Hunter Team has uncovered a new Linux backdoor developed by the North Korean Springtail espionage group (aka Kimsuky) that is linked to malware used in a recent campaign against organizations in South Korea. The backdoor (Linux.Gomir) appears to Read More …

Washington Takes Its Cyber Strategy Global

The United States has spent two years supporting Ukraine in one ground war and seven months backing Israel in another, and it continues to prepare for the possibility of a third in Taiwan. But arguably its most persistent focus has Read More …

From Social Engineering to DMARC Abuse: TA427’s Art of Information Gathering

Proofpoint researchers track numerous state-sponsored and state-aligned threat actors. TA427 (also known as Emerald Sleet, APT43, THALLIUM or Kimsuky), a Democratic People’s Republic of Korea (DPRK or North Korea) aligned group working in support of the Reconnaissance General Bureau, is Read More …

U.S., South Korea, Japan to step up actions on North Korea cyber threats

The United States, South Korea and Japan agreed new initiatives on Saturday to respond to North Korea’s threats in cyberspace, including cryptocurrency abuses and space launches, White House National Security Adviser Jake Sullivan said. The three countries’ national security advisers Read More …