Category Archives: Lazarus Group

What’s new for North Korean hackers? Kaspersky says they’re polishing tools, finding new targets

Posted on by

North Korean government-linked hackers have refined their malware tools and expanded their target lists over the past two years, according to new research from Kaspersky, which says the attackers have devoted “significant resources” to improving their capabilities. In particular, the hackers have aggressively deployed a multi-stage malware framework — which Kaspersky calls MATA — to target Windows, Linux, and macOS operating systems. The framework is capable of deploying more than 15 malware components and has exhibited signs that it allows attackers to move laterally once they have compromised a target network, according to the research. So far, the attackers have used MATA against a software development firm, an e-commerce company and an internet service provider, Kaspersky said. The list of affected countries includes Poland, Germany, Turkey, Japan and India, the researchers said. Based on an analysis of the framework’s filenames and configuration, Kaspersky assesses that the scheme is linked with Lazarus Group, a hacking organization the U.S. government has […]

The post What’s new for North Korean hackers? Kaspersky says they’re polishing tools, finding new targets appeared first on CyberScoop.

Continue reading What’s new for North Korean hackers? Kaspersky says they’re polishing tools, finding new targets

How spies used LinkedIn to hack European defense companies

Posted on by

For LinkedIn users, receiving unsolicited messages from pushy job recruiters comes with the territory. It’s an annoyance for some, a welcome path toward a new gig for others. What the experience isn’t supposed to entail is the theft of sensitive data from the defense company that employs you. That’s what happened to employees at two European aerospace and defense firms from September to December 2019, according to research published Wednesday. The culprit was an as-yet-unidentified advanced persistent threat (APT) group — hackers that are usually associated with governments. Their methods were relentless, even clumsy at times. The operatives “targeted a large array of employees at both organizations, across different divisions, relentlessly trying to get a foothold in their target’s network,” said Jean-Ian Boutin, head of threat research at ESET, the anti-virus firm that exposed the hacking campaign. At the end of the operation, the hackers tried to bilk one of the European […]

The post How spies used LinkedIn to hack European defense companies appeared first on CyberScoop.

Continue reading How spies used LinkedIn to hack European defense companies

FBI, DHS to go public with suspected North Korean hacking tools

Posted on by

The FBI and the Department of Homeland Security are preparing to jointly expose North Korean government-backed hacking this week, CyberScoop has learned. Threat data meant to help companies fend off hackers has already been shared with the private sector in an effort to boost cyber-defenses in critical infrastructure sectors. The circulating information, contained in several documents known as malware analysis reports (MARs), details activity from Hidden Cobra hackers, an advanced persistent threat group that the U.S. government has previously linked with the North Korean government. The Hidden Cobra group frequently targets financial institutions such as banks, cryptocurrency exchanges, and ATMs for financial gain, the government says. However, it was not immediately clear which specific security incidents, if any, the U.S. government sought to expose in the information sharing effort. The documents, which sources say contains 26 malware samples, appear to be the latest piece of a broader U.S. government effort […]

The post FBI, DHS to go public with suspected North Korean hacking tools appeared first on CyberScoop.

Continue reading FBI, DHS to go public with suspected North Korean hacking tools

US offers up to $5m reward for information on North Korean hackers

Posted on by

UN experts believe the DPRK cyber-steals and launders money, extorts companies and funnels the cash into its nuclear program. Continue reading US offers up to $5m reward for information on North Korean hackers

2 Chinese Charged with Laundering $100 Million for North Korean Hackers

Posted on by

Two Chinese nationals have been charged by the US Department of Justice (DoJ) and sanctioned by the US Treasury for allegedly laundering $100 million worth of virtual currency using prepaid Apple iTunes gift cards.

According to a newly unsealed court … Continue reading 2 Chinese Charged with Laundering $100 Million for North Korean Hackers

Treasury sanctions two Chinese nationals for helping North Korean hackers

Posted on by

The U.S. Treasury Department sanctioned two Chinese nationals Monday for laundering stolen money obtained through a North Korean government-backed hack of a cryptocurrency exchange in 2018. Specifically, the Treasury Department sanctioned Tian Yinyin and Li Jiadong for “having materially assisted, sponsored, or provided financial, material, or technological support for, or goods or services to or in support of” Lazarus Group, a hacking group the U.S. government has previously linked with the North Korean government, according to the Treasury Department release. The two also provided that support to a “malicious cyber-enabled activity.” The Treasury Department has previously singled out Lazarus Group for its heists. Last September, the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Lazarus Group and two sub-groups for their activities targeting Society for Worldwide Interbank Financial Telecommunication (SWIFT) and stealing cash and customer information from ATMs. This is the first time the U.S. government is formally sanctioning Chinese nationals with […]

The post Treasury sanctions two Chinese nationals for helping North Korean hackers appeared first on CyberScoop.

Continue reading Treasury sanctions two Chinese nationals for helping North Korean hackers

Kaspersky: North Korean hackers getting more careful, targeted in financial hacks

Posted on by

North Korean hackers have for years been using different tactics to run cyber-enabled financial heists, most recently using front companies to compromise cryptocurrency-related businesses. And although some of the fake companies and websites rarely pass the smell test — the links on these weaponized websites don’t always work — hackers known as Lazarus Group or APT38 have been getting increasingly careful in other areas, according to new Kaspersky Lab research. Namely, the hacking outfit has been tweaking some of its malware, delivery mechanisms, and payloads in an attempt to decrease their chances of getting caught, according to Kaspersky. In the last two years, multiple researchers have revealed some of Lazarus Group’s latest antics relying on front companies. The hackers have been using a fake company, “JMT Trading,” to install backdoors to funnel funds to Pyongyang, multiple researchers revealed in 2019, for example. The year prior, Kaspersky uncovered that these hackers were using […]

The post Kaspersky: North Korean hackers getting more careful, targeted in financial hacks appeared first on CyberScoop.

Continue reading Kaspersky: North Korean hackers getting more careful, targeted in financial hacks

December Patch Tuesday blunts WizardOpium attack chain

Posted on by

December 2019’s Patch Tuesday updates are, including a fix for the Windows flaw used in recently discovered WizardOpium attacks. Continue reading December Patch Tuesday blunts WizardOpium attack chain