Lazarus Group – Page 10 – WindowsTechs.com

WannaCry Bitcoin Withdrawn; ‘Killswitch’ Researcher Detained in Nevada

Posted on August 3, 2017 by Michael Mimoso

The WannaCry story has new life with the attacks having withdrawn the Bitcoin collected as ransom during the attacks, and with the detainment of killswitch researcher Marcus Hutchins in Nevada. Continue reading WannaCry Bitcoin Withdrawn; ‘Killswitch’ Researcher Detained in Nevada→

WannaCry Bitcoin Withdrawn; ‘Killswitch’ Researcher Detained in Nevada

Posted on August 3, 2017 by Michael Mimoso

Someone Failed to Contain WannaCry

Posted on June 16, 2017 by Michael Mimoso

As reports of the NSA officially connecting WannaCry to North Korea surface, experts are saying developers failed to contain the ransomware before it was ready for deployment. Continue reading Someone Failed to Contain WannaCry→

DHS, FBI Warn of North Korea ‘Hidden Cobra’ Strikes Against US Assets

Posted on June 14, 2017 by Tom Spring

DHS and the FBI warned that North Korean attackers are targeting U.S. businesses with malware- and botnet-related attacks that are part of concerted effort dubbed “Hidden Cobra.” Continue reading DHS, FBI Warn of North Korea ‘Hidden Cobra’ Strikes Against US Assets→

US Warns of ‘DeltaCharlie’ – A North Korean DDoS Botnet Malware

Posted on June 14, 2017 by Swati Khandelwal

The United States government has released a rare alert about an ongoing, eight-year-long North Korean state-sponsored hacking operation.

The joint report from the FBI and U.S. Department of Homeland Security (DHS) provided details on “DeltaCharlie,” a… Continue reading US Warns of ‘DeltaCharlie’ – A North Korean DDoS Botnet Malware→

Mounting evidence points to North Korean group for global ransomware attack

Posted on May 23, 2017 by Chris Bing

In the aftermath of a global ransomware attack, which impacted more than 300,000 computers in over 150 countries, a small, select group of security researchers announced they had found evidence suggesting a group previously linked to the North Korean government was likely behind the international cyber incident. Their theory gained new found credibility Monday when U.S. cybersecurity firm Symantec said it too discovered “strong links” between WannaCry ransomware and the so-called Lazarus Group. Researchers originally came across WannaCry in February when it was first found on a Symantec client’s network — a full three months prior to the global outbreak. By obtaining an early sample, analysts were able to comprehensively study and identify individual components within the malware, some of which shared similarities to hacking tools used in late 2014 against Sony Pictures. The attacks against Sony Pictures have been widely attributed to hackers linked to North Korea by both […]

The post Mounting evidence points to North Korean group for global ransomware attack appeared first on Cyberscoop.

Continue reading Mounting evidence points to North Korean group for global ransomware attack→

There’s new evidence tying WCry ransomware worm to prolific hacking group

Posted on May 23, 2017 by Dan Goodin

Common tools, techniques, and infrastructure make link “highly likely.” Continue reading There’s new evidence tying WCry ransomware worm to prolific hacking group→

Ransomware aimed at South Korea in early 2017 may be work of North Korea, firm says

Posted on May 19, 2017 by Chris Bing

North Korean hackers may have sent phishing emails to South Korean organizations in late 2016 and early 2017 that carried ransomware, according to private sector intelligence firm Intel 471. Intel 471 obtained information about several samples related to this peculiar phishing email campaign, which in one case targeted a South Korean political organization earlier this year. “The sender was fluent in Korean and had a good familiarity with Korean culture,” said Intel 471 CEO Mark Arena, a former chief researcher with FireEye’s intelligence collection group iSight Partners. “The email included a fake Microsoft Word .doc file that when run, dropped ransomware and a likely Chinese originated trojan that could perform distributed denial of service attacks.” Oddly, although the phishing emails clearly targeted specific South Korean organizations, the ransomware itself was not capable of encrypting the most popular file type in Korea, .hwp (Hanword). It’s not clear why the attackers sent what […]

The post Ransomware aimed at South Korea in early 2017 may be work of North Korea, firm says appeared first on Cyberscoop.

Continue reading Ransomware aimed at South Korea in early 2017 may be work of North Korea, firm says→

Threatpost News Wrap, May 19, 2017

Posted on May 19, 2017 by Chris Brook

Mike Mimoso and Chris Brook discuss WannaCry, Microsoft’s response, the killswitches, a potential link with Lazarus Group, and what the future holds for the ShadowBrokers. Continue reading Threatpost News Wrap, May 19, 2017→

ShadowBrokers Planning Monthly Exploit, Data Dump Service

Posted on May 16, 2017 by Michael Mimoso

The latest rant from the ShadowBrokers ends with news of a subscription service starting in June that will leak exploits and stolen data to paying customers. Continue reading ShadowBrokers Planning Monthly Exploit, Data Dump Service→