Collaborate Disseminate
A state-sponsored tool most likely used by Chinese advanced persistent threat group APT41 was discovered inside the Linux servers of an undisclosed telecom company, surveilling incoming and outgoing SMS messages. FireEye Mandiant recently identified a … Continue reading Researchers Find SMS Monitoring Malware in Linux Telecom Servers
A hacking collective called the Lazarus Group has been trying to compromise MacOS systems in an elaborate scam involving cryptocurrency software and a realistic-looking website. Lazarus Group, a gang of hackers believed to be sponsored by North Korea, … Continue reading North Korean Hackers Tried to Infect macOS Systems with Fake Cryptocurrency App
When we first discovered ATMDtrack, we thought we were just looking at another ATM malware family. Now we can add another family to the Lazarus group’s arsenal: ATMDtrack and Dtrack. Continue reading Hello! My name is Dtrack
The FBI and Department of Homeland Security have identified a new strain of malware from North Korea, representing the latest in a long line of cyber attacks from the country Continue reading Feds hook ELECTRICFISH, new Windows malware from North Korea
Threat actors have the know-how to develop campaigns that target your weakest link. Learn how Lazarus APT took their malware to Apple’s macOS platform.
The post Lazarus APT Targets Mac Users with Poisoned Word Document appeared first on Security Boulev… Continue reading Lazarus APT Targets Mac Users with Poisoned Word Document
Further tracking of Lazarus activities targeting the financial sector enabled us to discover a new operation, active since at least November 2018, which utilizes PowerShell to control Windows systems and macOS malware for Apple users. Continue reading Cryptocurrency businesses still being targeted by Lazarus
Officials in Jackson County, a rural area in the southeastern US state of Georgia, were forced over the weekend to pay hackers almost half a million dollars after a ransomware attack brought its entire fleet of computer systems to its knees. According … Continue reading Jackson County pays ransomware operators $400k to regain access to computers
As President Donald Trump and North Korea’s Kim Jong Un prepare to meet again, cybersecurity researchers say Pyongyang-linked hackers are targeting Korean speakers with spearphishing emails tied to the diplomatic summit. The suspected North Korean hackers sent out a lure document last week purporting to be from a non-government organization, according to South Korean company ESTsecurity. The invitation from the “Korea-U.S. Friendship Society” invites recipients to a meeting in the South Korean capital of Seoul to analyze the results of the Trump-Kim summit, which begins Wednesday. Trump and Kim will discuss North Korea’s nuclear program, which, along with hacking tools, is a key pillar of the regime’s foreign policy. The spearphishing document was formatted in a South Korean word-processing application and came with malicious code associated with North Korean operatives, said ESTsecurity, a company that multiple independent researchers say does good analytical work. Cybersecurity company CrowdStrike has seen that same […]
The post North Korean hackers go on phishing expedition before Trump-Kim summit appeared first on CyberScoop.
Continue reading North Korean hackers go on phishing expedition before Trump-Kim summit
One of the United States’ biggest cyber adversaries has been targeting another, according to new research. Security vendor Check Point Technologies on Tuesday published findings in which its researchers “were observing what seemed to be a coordinated North Korean attack against Russian entities.” The company cautions that it’s “problematic” to definitively pinpoint who’s responsible for such an attack, though “analysis reveals intrinsic connections to the tactics, techniques and tools used by the North Korean APT group[.]” Lazarus has been blamed for highly publicized attacks on Sony Pictures, the Bangladesh Bank heist, and could be a key part of North Korean efforts to evade international sanctions by pursuing international espionage. The suspicious activity in this attack occurred “over the past few weeks,” the company said. Check Point said its researchers were tracking malicious Microsoft Office documents that appeared to be designed specifically targeted at Russian victims. A closer inspection of the […]
The post Hacking tools used by North Korea’s Lazarus Group aimed at Russian targets appeared first on CyberScoop.
Continue reading Hacking tools used by North Korea’s Lazarus Group aimed at Russian targets
It’s too soon to tell whether North Korean hackers were responsible for a cyberattack that prevented multiple major U.S. newspapers from delivering weekend editions on time. The attack last week against the Tribune Company disrupted printing operations at papers including the Los Angeles Times, the San Diego Union-Tribune, the New York Times and the Wall Street Journal. Several sources told the Los Angeles Times the attack appeared to be caused by Ryuk, a type of ransomware with low technical capabilities. Ryuk has infected hundreds of computers at multiple companies, according to researchers from security vendor Check Point. While Ryuk shares attributes with the Hermes malware, which is often attributed to suspected North Korean hackers known as the Lazarus Group, researchers say that doesn’t mean Pyongyang has launched a digital assault against U.S. press institutions. “The style of this attack fits the pattern of a lot of different groups at this point,” […]
The post Too soon to attribute cyberattack that disrupted U.S. newspapers, researchers say appeared first on CyberScoop.
Continue reading Too soon to attribute cyberattack that disrupted U.S. newspapers, researchers say