Lazarus Group – Page 9 – WindowsTechs.com

North Korea to blame for string of Latin America bank hacks, insiders say

Posted on June 18, 2018 by Chris Bing

A string of devastating bank hacks across Latin America all carry North Korean fingerprints, according to three people with knowledge of the matter. Several high profile incidents that were only recently disclosed, including breaches at Mexico’s Bancomext and Chile’s Bank of Chile, saw the attacker drop destructive malware after attempting to leverage the SWIFT payment system to siphon money through fraudulent transfer requests. North Korea was involved in both breaches, the sources said, adding that they were tied to others that haven’t yet been disclosed. Two sources reviewed inside information about the breach investigations, which are still ongoing. Confidential technical reports about the incidents are already being shared within private information sharing groups comprised of other financial institutions. Historically, the only nation state-linked hacking group that’s been known to manipulate SWIFT is believed to be associated with the North Korean regime. It’s not yet clear how hackers breached the banks, although email phishing and password […]

The post North Korea to blame for string of Latin America bank hacks, insiders say appeared first on Cyberscoop.

Continue reading North Korea to blame for string of Latin America bank hacks, insiders say→

Hidden Cobra Strikes Again with Custom RAT, SMB Malware

Posted on May 30, 2018 by Tara Seals

The North Korean-sponsored actors are targeting sensitive and proprietary information, and the malware could disrupt regular operations and disable systems and files. Continue reading Hidden Cobra Strikes Again with Custom RAT, SMB Malware→

Hackers Exploit Right-to-Left Override Bug in Telegram to Distribute Malware

Posted on February 14, 2018 by Lucian Constantin

Hackers have exploited a bug in how Telegram’s Windows messaging client displays file names that contain a right-to-left override (RLO) character, to infect users with malware. The RLO character, represented by “U+202E” in Unicode, in… Continue reading Hackers Exploit Right-to-Left Override Bug in Telegram to Distribute Malware→

Greedy North Korean Hackers Targeting Cryptocurrencies and Point-of-Sale Terminals

Posted on December 20, 2017 by Mohit Kumar

The North Korean hacking group has turned greedy.

Security researchers have uncovered a new widespread malware campaign targeting cryptocurrency users, believed to be originated from Lazarus Group, a state-sponsored hacking group linked to the North K… Continue reading Greedy North Korean Hackers Targeting Cryptocurrencies and Point-of-Sale Terminals→

U.S. Officially Accuses North Korea for WannaCry Attack

Posted on December 19, 2017 by Lucian Constantin

The U.S. government says it has evidence that North Korea was responsible for the WannaCry ransomware outbreak that infected around 300,000 computers around the world in May, disrupting operations across thousands of organizations. “After careful… Continue reading U.S. Officially Accuses North Korea for WannaCry Attack→

U.S. Government Blames North Korea for WannaCry

Posted on December 19, 2017 by Tom Spring

The United States government is officially blaming North Korea for the WannaCry ransomware outbreak in May that infected nearly a quarter-million computers in 150 countries. Continue reading U.S. Government Blames North Korea for WannaCry→

North Korean hackers are impersonating a cryptocurrency company to target Bitcoin fans

Posted on December 18, 2017 by Zaid Shoorbajee

A clever spearphishing campaign linked to North Korea has been taking advantage of a surge in public interest surrounding cryptocurrencies, like Bitcoin, in order to spread malware to people interested or involved in the budding industry, according new research from at least three different cybersecurity firms. The campaign appears to be carried out by a hacking group known as the “Lazarus Group,” which researchers have linked to North Korea in previous attacks, such as the 2014 Sony breach, an $81 million Bangladesh cyber heist in 2016 and the WannaCry worldwide ransomware attack in May. This scam focuses on convincing victims to download a Microsoft Word document that masquerades as a job posting for a position at a British cryptocurrency company. Once downloaded, the document prompts the user to “enable editing” and “enable content functions.” If the victim enables the prompt, a macro installs a backdoor that allows the attackers to install […]

The post North Korean hackers are impersonating a cryptocurrency company to target Bitcoin fans appeared first on Cyberscoop.

Continue reading North Korean hackers are impersonating a cryptocurrency company to target Bitcoin fans→

Hackers tied to North Korea target South Korea through Google Play Store, researchers say

Posted on November 20, 2017 by Patrick Howell O'Neill

Hackers known as the Lazarus Group are targeting Android phones in a new campaign aimed at South Korea, according to researchers at the cybersecurity firm McAfee. The attack begins with a malware-laced version of a Korean bible study app in the Google Play Store. It’s been downloaded 1,300 times. McAfee attributes the attack to Lazarus Group, which intelligence agencies in the U.S., Britain and elsewhere say is North Korean. Google Play Store, the app market for the world’s most popular operating system, has a persistent malware issue. On Monday, anti-virus company Avast reported banking malware that avoided Google’s detection and was downloaded thousands of times. North Korea spends significant resources on building and using cyber-capabilities. One scheme involved stealing $81 million from the central bank of Bangladesh in a heist that ran through the Federal Reserve Bank of New York in 2016. South Korea, North Korea’s chief geopolitical rival alongside the United States, is a frequent target of […]

The post Hackers tied to North Korea target South Korea through Google Play Store, researchers say appeared first on Cyberscoop.

Continue reading Hackers tied to North Korea target South Korea through Google Play Store, researchers say→

U.S. CERT issues report on remote hacking tool used by North Korea

Posted on November 14, 2017 by Patrick Howell O'Neill

U.S. authorities issued a report Tuesday identifying a remote administration trojan (RAT) they say is used by the North Korea-based hackers to attack the aerospace, telecommunications and finance industries. The tool, called FALLCHILL, is used by a group that the Department of Homeland Security refers to as Hidden Cobra. That group is more popularly known as Lazarus Group, North Korea’s most active hacking group. The group has been widely accused of attempting multibillion-dollar bank thefts in 18 countries and aggression against “media, aerospace, financial, and critical infrastructure sectors in the United States and globally.” Hidden Cobra has used FALLCHILL since 2016 “to target the aerospace, telecommunications, and finance industries,” U.S. officials say, citing “trusted third-party reporting.” Lazarus Group is the result of a years-long national effort to develop and deploy hacking capabilities by North Korea. “They have switched across different domains,” Jon R. Lindsay, a professor at the Global Affairs at the University of Toronto, told CyberScoop earlier this year. […]

The post U.S. CERT issues report on remote hacking tool used by North Korea appeared first on Cyberscoop.

Continue reading U.S. CERT issues report on remote hacking tool used by North Korea→

Updates to Sofacy, Turla Highlight 2017 Q2 APT Activity

Posted on August 8, 2017 by Chris Brook

Attackers behind APT campaigns have kept busy in Q2 2017, adding new ways to bypass detection, crafting new payloads to drop, and identifying new zero days and backdoors to help them infect users and maintain persistence on machines.

Continue reading Updates to Sofacy, Turla Highlight 2017 Q2 APT Activity→