Your Followed Topics

Top 2 lazarus group News Today

#1
JSON services hijacked by North Korean hackers to send out malware
#1 out of 2
technology1d ago

JSON services hijacked by North Korean hackers to send out malware

https://www.techradar.com/pro/security/json-services-hijacked-by-north-korean-hackers-to-send-out-malware
Techradar.com
  • North Korean Lazarus Group actors used JSON storage services to host malware in the Contagious Interview operation.
  • The attack chain began with fake LinkedIn profiles offering jobs to developers, guiding them to download a demo project.
  • BeaverTail and a Python backdoor named InvisibleFerret were dropped from a JSON storage service as part of the payload.
  • TsunamiKit is a multi-stage toolkit that can act as an infostealer or a cryptojacker to mine Monero.
  • Researchers note the attackers used legitimate services to blend in with normal traffic and stay hidden.
  • The Contagious Interview campaign targeted developers for data exfiltration and crypto wallet theft.
  • BeaverTail and TsunamiKit can blend into normal traffic by using hosted storage services and code repositories.
  • NVISIO researchers flagged the Contagious Interview techniques as part of ongoing investigations into the campaign.
  • The attackers used a fake LinkedIn outreach method to lure developers into downloading the malware demo projects.
  • The report emphasizes the use of Base64-encoded data pointing to JSON storage services as part of the malware delivery.
Vote 0
0
#2
US chips away at North Korean IT worker fraud with guilty pleas, cryptocurrency seizure
#2 out of 2562.0 est. views
crime20h ago

US chips away at North Korean IT worker fraud with guilty pleas, cryptocurrency seizure

https://www.cybersecuritydive.com/news/doj-north-korea-remote-worker-crackdown/805689/
Cybersecuritydive.com
  • The Justice Department charged and secured guilty pleas from four Americans and a Ukrainian national for helping North Korea recruit remote IT workers.
  • The defendants allegedly earned illicit proceeds and contributed to more than 136 U.S. companies affected by the fraud.
  • The DOJ also announced the seizure of more than $15 million in cryptocurrency linked to the Lazarus Group.
  • Officials described North Korea’s remote IT worker schemes as a national security and economic threat.
  • Investigations linked the crypto seizures to the Lazarus Group, a known North Korea hacker collective.
  • U.S. prosecutors framed the actions as part of a broader 'DPRK RevGen: Domestic Enabler Initiative' to disrupt Pyongyang’s illicit funding.
  • The actions followed years of warnings to businesses about North Korean remote IT worker operations.
  • The pleas occurred across multiple jurisdictions, including Florida, Georgia, and Washington, D.C.
  • Officials emphasized this was part of a broader U.S. effort to disrupt North Korea’s financing of illicit programs.
Vote 0
0

Explore Your Interests

Unlimited Access
Personalized Feed
Full Experience
or
By continuing, you agree to the Privacy Policy.. You also agree to receive our newsletters, you can opt-out any time.

Explore Your Interests

Create an account and enjoy content that interests you with your personalized feed

Unlimited Access
Personalized Feed
Full Experience
or
By continuing, you agree to the Privacy Policy.. You also agree to receive our newsletters, you can opt-out any time.

Advertisement

Advertisement