The North Korean state-sponsored threat actor known as Kimsuky (aka Velvet Chollima) has been attributed to a fresh set of cyber attacks targeting South Korean military and corporate entities through March and April 2026. “Kimsuky employed a range of tailored social engineering tactics, such as spoofing security software installation pages and crafting a fake Webex…
Tag: Korean
AI, Global Security News
North Korean APT Targets Yanbian Gamers via Trojanized Platform
ESET warns that North Korean hackers compromised a Yanbian gaming site in a supply‑chain attack, trojanizing Windows and Android software to spy on users
AI, Global Security News
ScarCruft hackers push BirdCall Android malware via game platform
The North Korean hacker group APT37 has been delivering an Android version of a backdoor called BirdCall in a supply-chain attack through a video game platform. […]
AI, Global Security News
76% of All Crypto Stolen in 2026 Is Now in North Korea
North Korean threat actors are pulling off historic cryptocurrency heists on a yearly, sometimes weekly basis now. AI might be helping them.
AI, Global Security News, malware
BlueNoroff Uses Fake Zoom Calls to Turn Victims Into Attack Lures
The North Korean group is using stolen victim videos, AI-generated avatars, and fake Zoom calls to scale malware attacks against cryptocurrency executives.
Global Security News
KelpDAO suffers $290 million heist tied to Lazarus hackers
State-sponsored North Korean hackers are likely behind the $290 million crypto-heist that impacted the KelpDAO DeFi project on Saturday. […]
AI, Cybersecurity, Global Security News, Government & Policy, malware
Why the Axios attack proves AI is mandatory for supply chain security
Two weeks ago, a suspected North Korean threat actor slipped malicious code into a package within Axios, a widely used JavaScript library. The immediate concern was the blast radius: roughly 100 million weekly downloads spanning enterprises, startups, and government systems. But beyond the sheer scale, the attack’s speed was just as worrisome – a stark…
AI, Global Security News
How to spot a North Korean fake in a job interview
North Korean operatives are getting hired at companies by passing job interviews using fake identities and AI tools. In this Help Net Security video, Adrian Cheek, a senior cybercrime researcher at Flare, outlines several ways organizations can catch these attempts before extending an offer. Basic video checks, like asking candidates to move their head or…
AI, Global Security News
US Nationals Jailed for Operating Fake Remote Worker Laptop Farms for North Korea
US authorities jail two Americans for aiding North Korean laptop farm scams that infiltrated over 100 firms
Global Security News
US nationals behind DPRK IT worker ‘laptop farm’ sent to prison
Two U.S. nationals have been sent to prison for helping North Korean remote information technology (IT) workers to pose as U.S. residents and get hired by over 100 companies across the country, including many Fortune 500 firms. […]
AI, Global Security News
North Korea’s APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware
The North Korean hacking group tracked as APT37 (aka ScarCruft) has been attributed to a fresh multi-stage, social engineering campaign in which threat actors approached targets on Facebook and added them as friends on the social media platform, turning the trust-building exercise into a delivery channel for a remote access trojan called RokRAT. “The threat actor used…
AI, Global Security News, malware
GraphAlgo Scam: Lazarus Hackers Register Real US LLCs to Spread Malware
ReversingLabs has discovered a fresh wave of the graphalgo campaign in which North Korean Lazarus hackers are using fake Florida LLCs, mimicking SWFT Blockchain, and using GitHub typo-squatting to target developers with malware.
AI, Global Security News, malware
Social engineering attacks on open source developers are escalating
North Korean hackers spent weeks socially engineering an Axios maintainer through a fake Slack workspace, a cloned company identity, and a fabricated Microsoft Teams call that tricked him into installing a RAT posings as a software update. They used the access they gained to inject malware into npm packages downloaded 100+ million times a week.…
Global Security News
North Korean Hackers Pose as Trading Firm to Steal $285M from Drift
North Korean hackers (UNC4736) posed as a trading firm for six months to infiltrate Drift Protocol, using social engineering tactics to steal $285M without suspicion.
AI, Global Security News, malware
UNC1069 Targets Node.js Maintainers via Fake LinkedIn, Slack Profiles
North Korean group UNC1069 targets Node.js maintainers using fake LinkedIn and Slack profiles to spread malware and compromise open source packages.
AI, Global Security News
Software supply chain hacks trigger wave of intrusions, data theft
After linking the Axios npm supply chain attack to North Korean hackers, Google researchers warned that “hundreds of thousands of stolen secrets could potentially be circulating” as a result of this and the Trivy, KICS, LiteLLM, and Telnyx supply chain attacks (linked to TeamPCP). “This could enable further software supply chain attacks, software as a…
AI, Exploits, Global Security News, malware
Google links Axios npm supply chain attack to North Korea-linked APT UNC1069
Google links the Axios npm supply chain attack to North Korean threat group UNC1069, targeting financial gain. Google has attributed the recent Axios npm supply chain compromise to a North Korean threat group tracked as UNC1069. The attack, aimed at financial gain, exploited the package to target developers and organizations relying on Axios. John Hultquist…
AI, Cybersecurity, Data Breaches, Global Security News, Network Security, Risk Management
Insider Threats Rise with North Korean AI Hiring Fraud Schemes
A suspected North Korean operative attempted to infiltrate a cybersecurity firm using a stolen identity and an AI-generated resume, underscoring how hiring pipelines are becoming an attack vector. The failed attempt reveals how threat actors are blending identity theft, automation, and anonymized infrastructure to bypass traditional recruiting safeguards. “In June 2025, we used a combination…
AI, Global Security News, malware
North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware
The North Korean threat actors behind the Contagious Interview campaign, also tracked as WaterPlum, have been attributed to a malware family tracked as StoatWaffle that’s distributed via malicious Microsoft Visual Studio Code (VS Code) projects. The use of VS Code “tasks.json” to distribute malware is a relatively new tactic adopted by the threat actor since…
Global Security News
North Korean Hacker Lands Remote IT Job, Caught After VPN Slip
New research from LevelBlue reveals how a suspected North Korean operative landed a remote IT role to fund national weapons programmes.
AI, Apps, Global Security News
Konni Deploys EndRAT Through Phishing, Uses KakaoTalk to Propagate Malware
North Korean threat actors have been observed sending phishing to compromise targets and obtain access to a victim’s KakaoTalk desktop application to distribute malicious payloads to certain contacts. The activity has been attributed by South Korean threat intelligence firm Genians to a hacking group referred to as Konni. “Initial access was achieved through a spear-phishing…
AI, Global Security News, malware, Network Security
North Korean fake IT worker tradecraft exposed
Research from GitLab has exposed the latest tradecraft behind North Korean fake IT worker scams. GitLab banned 131 North Korean-attributed accounts last year, most of which involved JavaScript repositories that acted as resources in the so-called Contagious Interview campaign. In most cases, GitLab projects acted as obfuscated loaders for malware payloads — such as BeaverTail…
Global Security News
Fake LinkedIn Interview Used by Lazarus Hackers to Target AllSecure CEO
Researchers at AllSecure have revealed how North Korean hackers from the Lazarus Group used a fake LinkedIn job interview and deepfake technology to target their CEO.
AI, Global Security News
UNC4899 Breached Crypto Firm After Developer AirDropped Trojanized File to Work Device
The North Korean threat actor known as UNC4899 is suspected to be behind a sophisticated cloud compromise campaign targeting a cryptocurrency organization in 2025 to steal millions of dollars in cryptocurrency. The activity has been attributed with moderate confidence to the state-sponsored adversary, which is also tracked under the cryptonyms Jade Sleet, PUKCHONG, Slow Pisces,…
AI, Apps, Global Security News, Risk Management
Microsoft warns North Korean threat groups are scaling up fake worker schemes with generative AI
North Korean threat groups are using artificial intelligence tools to accelerate and expand the country’s long-running scheme to get remote technical workers hired at global companies for longer durations, Microsoft Threat Intelligence said in a report Friday. AI services are empowering North Korean operatives across the attack lifecycle. Attackers have turned AI into a “force…
AI, Global Security News
APT37 hackers use new malware to breach air-gapped networks
North Korean hackers are deploying newly uncovered tools to move data between internet-connected and air-gapped systems, spread via removable drives, and conduct covert surveillance. […]
AI, Data Breaches, Global Security News, malware, Network Security
ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks
The North Korean threat actor known as ScarCruft has been attributed to a fresh set of tools, including a backdoor that uses Zoho WorkDrive for command-and-control (C2) communications to fetch more payloads and an implant that uses removable media to relay commands and breach air-gapped networks. The campaign, codenamed Ruby Jumper by Zscaler ThreatLabz, involves…
AI, Global Security News
Malicious Next.js Repos Target Developers Via Fake Job Interviews
Linked to North Korean fake job-recruitment campaigns, the poisoned repositories are aimed at establishing persistent access to infected machines.
Global Security News
Lazarus Group Picks a New Poison: Medusa Ransomware
The North Korean threat group also leveraged Comebacker backdoor, Blindingcan RAT, and info stealer Infohook in its recent attacks.
AI, Data Breaches, Global Security News
Teenagers charged over public bike service breach that exposed 4.62 million records
Two South Korean teenagers have been charged in connection with a cyberattack that compromised the personal data of 4.62 million users of Seoul’s public bike service, Ttareungyi. The compromised data included user IDs, mobile phone numbers, addresses, dates of birth, gender, and weight. According to the Cyber Investigation Unit of the Seoul Metropolitan Police Agency,…
Global Security News
North Korean Lazarus Group Expands Ransomware Activity With Medusa
Ransomware Medusa linked to North Korean hackers targets US healthcare amid ongoing attacks
Global Security News
North Korean Lazarus group linked to Medusa ransomware attacks
North Korean state-backed hackers associated with the Lazarus threat group are targeting U.S. healthcare organizations in extortion attack using the Medusa ransomware. […]
AI, Global Security News, Government & Policy, Network Security
North Korean IT worker scam nets Ukrainian five-year sentence in the U.S.
A Ukrainian man was sentenced to five years in the U.S. for helping North Korean IT workers use stolen identities to get hired by U.S. firms. Oleksandr “Alexander” Didenko, a 29-year-old Ukrainian national, has been sentenced to five years in a U.S. prison for supporting North Korea’s fraudulent IT worker scheme. Didenko admitted stealing U.S.…
AI, Global Security News
Ukrainian gets 5 years for helping North Koreans infiltrate US firms
A Ukrainian national was sentenced to five years in prison for providing North Korean IT workers with stolen identities that helped them infiltrate U.S. companies. […]
AI, Global Security News, Government & Policy
Ukrainian sentenced to 5 years in prison for facilitating North Korean remote worker scheme
A Ukrainian national who ran multiple operations to aid the North Korean government’s expansive scheme to hire remote IT workers at U.S. companies was sentenced to five years in prison, the Justice Department said Thursday. Oleksandr Didenko stole U.S. citizens’ identities and created more than 2,500 fraudulent accounts on freelance IT job forums, money service…
AI, Global Security News
Fake job recruiters hide malware in developer coding challenges
A new variation of the fake recruiter campaign from North Korean threat actors is targeting JavaScript and Python developers with cryptocurrency-related tasks. […]
AI, Apple, CryptoCurrency, Global Security News, malware, Security
North Korean hackers use new macOS malware in crypto-theft attacks
North Korean hackers are running tailored campaigns using AI-generated video and the ClickFix technique to deliver malware for macOS and Windows to targets in the cryptocurrency sector. […]