APT trends report Q3 2024

The report features the most significant developments relating to APT groups in Q3 2024, including hacktivist activity, new APT tools and campaigns. Continue reading APT trends report Q3 2024

North Korea Hackers Linked to Breach of German Missile Manufacturer

The targeting of Diehl Defence is significant because the company specializes in the production of missiles and ammunition.
The post North Korea Hackers Linked to Breach of German Missile Manufacturer appeared first on SecurityWeek.
Continue reading North Korea Hackers Linked to Breach of German Missile Manufacturer

US Says North Korean Hackers Exploiting Weak DMARC Settings 

The US government warns of a North Korean threat actor abusing weak email DMARC settings to hide spear-phishing attacks.
The post US Says North Korean Hackers Exploiting Weak DMARC Settings  appeared first on SecurityWeek.
Continue reading US Says North Korean Hackers Exploiting Weak DMARC Settings 

North Korean government hackers target individuals of interest, infosec professionals

The hacking unit is tasked with gathering strategic intelligence.

The post North Korean government hackers target individuals of interest, infosec professionals appeared first on CyberScoop.

Continue reading North Korean government hackers target individuals of interest, infosec professionals

North Korean Hackers Have Stolen Over $3 Billion in Cryptocurrency: Report

Recorded Future calculates that North Korean state-sponsored threat actors are believed to have stolen more than $3 billion in cryptocurrency.
The post North Korean Hackers Have Stolen Over $3 Billion in Cryptocurrency: Report appeared first on Securit… Continue reading North Korean Hackers Have Stolen Over $3 Billion in Cryptocurrency: Report

U.S. government sanctions prolific North Korean cyber espionage unit

The veteran hacking crew has been at the heart of Pyongyang’s efforts to gather intelligence by breaching computer systems.

The post U.S. government sanctions prolific North Korean cyber espionage unit appeared first on CyberScoop.

Continue reading U.S. government sanctions prolific North Korean cyber espionage unit

Kimsuky’s GoldDragon cluster and its C2 operations

Kimsuky (also known as Thallium, Black Banshee and Velvet Chollima) is a prolific and active threat actor primarily targeting Korea-related entities. In early 2022, we observed this group was attacking the media and a think-tank in South Korea. Continue reading Kimsuky’s GoldDragon cluster and its C2 operations

Previously unreported North Korean espionage part of busy 2021 for country’s hackers

A North Korean cyber espionage group known primarily for targeting think tanks, advocacy groups, journalists and others related to Pyongyang’s adversaries around the world has been quite prolific in 2021, according to email security firm Proofpoint. The stepped-up action includes launching near-weekly attacks, among them two previously unreported campaigns. In findings published Thursday, the firm examined the activities of a group it refers to as TA406, which it considers to be one of the components of an organization known more broadly as Kimsuky that’s been active since at least 2012. The U.S. government issued a public alert to the private sector in October 2020 about Kimsuky, warning of spearphishing, watering hole attacks and other methods designed to steal credentials. TA406 targets research, education, government, media and other organizations for credential theft, Proofpoint analysts Darien Huss and Selena Larson wrote. The group’s other activities involve financial crimes and sextortion, and an increased use […]

The post Previously unreported North Korean espionage part of busy 2021 for country’s hackers appeared first on CyberScoop.

Continue reading Previously unreported North Korean espionage part of busy 2021 for country’s hackers

Russian, North Korean hackers targeted COVID-19 vaccine researchers — and some attacks got through, Microsoft says

Three hacking groups connected to the Russian and North Korean governments targeted COVID-19 vaccine and treatment researchers across five nations in recent months, and some of their attacks were successful, Microsoft said Friday. The hackers went after seven prominent companies in Canada, France, India, South Korea and the United States, according to Microsoft. The hacking groups are the Russia-linked Fancy Bear, which Microsoft refers to as Strontium; the North Korea-connected organization Lazarus Group, which Microsoft calls Zinc; and a third North Korean group that Microsoft has not previously mentioned publicly, which it calls Cerium. Microsoft’s alert deepens the breadth of warnings from government agencies and cybersecurity companies: Hackers affiliated with some of the U.S.’s biggest adversaries in cyberspace are hard at work to hack others’ vaccine research. “Among the targets, the majority are vaccine makers that have Covid-19 vaccines in various stages of clinical trials,”  Tom Burt, Microsoft’s corporate vice president for customer security and […]

The post Russian, North Korean hackers targeted COVID-19 vaccine researchers — and some attacks got through, Microsoft says appeared first on CyberScoop.

Continue reading Russian, North Korean hackers targeted COVID-19 vaccine researchers — and some attacks got through, Microsoft says