22 articles tagged with "North Korea"
North Korea's Lazarus Group uses RemotePE, a fileless RAT that executes entirely in RAM, to target DeFi platforms. The group has stolen $577M in crypto this year alone.
Matthew Knoot and Erick Prince sentenced for operating laptop farms that helped North Korean IT workers infiltrate 70 US companies, generating over $1.2 million for Pyongyang.
North Korean threat actors are befriending targets on Facebook, building trust over weeks, then delivering RokRAT malware through trojanized PDF readers. Military and government officials targeted.
Google attributes the Axios npm supply chain attack to UNC1069, a North Korean threat actor. Malicious versions deployed WAVESHAPER.V2 backdoor across Windows, macOS, and Linux.
Google researchers expose EtherHiding technique storing malware payloads in Ethereum and BNB smart contracts. First nation-state adoption of unkillable blockchain C2 infrastructure.
eSentire researchers expose Omnistealer, a North Korean infostealer storing payloads in blockchain transactions. 300,000 credentials compromised across government and defense sectors.
Contagious Interview campaign escalates with trojanized developer tools across five ecosystems. Packages impersonate logging utilities and steal credentials.
Solana's Drift Protocol lost $285 million in 2026's largest DeFi hack. TRM Labs attributes the attack to North Korean actors who exploited oracle manipulation and pre-signed transactions.
FortiGuard Labs exposes DPRK campaign using LNK files and GitHub repositories for command-and-control against South Korean targets. 22 evasion techniques identified.
North Korean threat group Konni weaponizes KakaoTalk messaging app after compromising victims via spear-phishing. EndRAT, RftRAT deployed in multi-stage campaign.
North Korean APT37's Ruby Jumper campaign uses RESTLEAF, THUMBSBD, and FOOTWINE malware to exfiltrate data from isolated systems via USB drives.
Contagious Interview campaign weaponizes fake job interviews to deploy OtterCookie and FlexibleFerret malware. Targets crypto and AI developers for credentials.
Security researchers uncover 26 malicious npm packages using steganography to hide command infrastructure in computer science essays. Famous Chollima cluster targets developers with RAT.
North Korean APT37 deploys six new malware tools to breach air-gapped systems using USB drives and cloud C2. Zscaler reveals RESTLEAF, THUMBSBD, and FOOTWINE surveillance capabilities.
Microsoft uncovers developer-targeting campaign using fake coding assessments to deliver JavaScript backdoors through VS Code automation triggers and Vercel-hosted payloads.
North Korea's Lazarus Group targets blockchain developers with fake recruitment campaign distributing RAT malware through 36 poisoned npm and PyPI packages.
Google Mandiant exposes UNC1069's use of AI-generated deepfake video, compromised executive accounts, and ClickFix attacks to deploy macOS malware against cryptocurrency firms.
Check Point uncovers Konni campaign using AI-generated PowerShell backdoors to target blockchain developers across Asia-Pacific. Marks shift from diplomatic espionage.
North Korean APT embeds malicious QR codes in spear-phishing emails to bypass corporate email security and compromise mobile devices.
DPRK hackers stole $2B in cryptocurrency in 2025 alone. Understanding Lazarus Group's operations helps defend against state-sponsored financial theft.
North Korean APT-Q-1 now combines fraudulent cryptocurrency job postings with ClickFix social engineering to deploy GolangGhost backdoor and BeaverTail stealer.
DPRK-affiliated threat actors dominated crypto theft in 2025, accounting for 76% of exchange compromises with cumulative theft now exceeding $6.75 billion.