16 articles tagged with "North Korea"
Contagious Interview campaign escalates with trojanized developer tools across five ecosystems. Packages impersonate logging utilities and steal credentials.
Solana's Drift Protocol lost $285 million in 2026's largest DeFi hack. TRM Labs attributes the attack to North Korean actors who exploited oracle manipulation and pre-signed transactions.
FortiGuard Labs exposes DPRK campaign using LNK files and GitHub repositories for command-and-control against South Korean targets. 22 evasion techniques identified.
North Korean threat group Konni weaponizes KakaoTalk messaging app after compromising victims via spear-phishing. EndRAT, RftRAT deployed in multi-stage campaign.
North Korean APT37's Ruby Jumper campaign uses RESTLEAF, THUMBSBD, and FOOTWINE malware to exfiltrate data from isolated systems via USB drives.
Contagious Interview campaign weaponizes fake job interviews to deploy OtterCookie and FlexibleFerret malware. Targets crypto and AI developers for credentials.
Security researchers uncover 26 malicious npm packages using steganography to hide command infrastructure in computer science essays. Famous Chollima cluster targets developers with RAT.
North Korean APT37 deploys six new malware tools to breach air-gapped systems using USB drives and cloud C2. Zscaler reveals RESTLEAF, THUMBSBD, and FOOTWINE surveillance capabilities.
Microsoft uncovers developer-targeting campaign using fake coding assessments to deliver JavaScript backdoors through VS Code automation triggers and Vercel-hosted payloads.
North Korea's Lazarus Group targets blockchain developers with fake recruitment campaign distributing RAT malware through 36 poisoned npm and PyPI packages.
Google Mandiant exposes UNC1069's use of AI-generated deepfake video, compromised executive accounts, and ClickFix attacks to deploy macOS malware against cryptocurrency firms.
Check Point uncovers Konni campaign using AI-generated PowerShell backdoors to target blockchain developers across Asia-Pacific. Marks shift from diplomatic espionage.
North Korean APT embeds malicious QR codes in spear-phishing emails to bypass corporate email security and compromise mobile devices.
DPRK hackers stole $2B in cryptocurrency in 2025 alone. Understanding Lazarus Group's operations helps defend against state-sponsored financial theft.
North Korean APT-Q-1 now combines fraudulent cryptocurrency job postings with ClickFix social engineering to deploy GolangGhost backdoor and BeaverTail stealer.
DPRK-affiliated threat actors dominated crypto theft in 2025, accounting for 76% of exchange compromises with cumulative theft now exceeding $6.75 billion.