What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-04-25 22:17:00 | Le groupe de Lazarus de la Corée du Nord déploie un nouveau rat Kaolin via de faux leurres d'emploi North Korea\\'s Lazarus Group Deploys New Kaolin RAT via Fake Job Lures (lien direct) |
L'acteur des menaces en Corée du Nord & NBSP; connu sous le nom de Lazarus & NBSP; Group a utilisé ses leurres de travail fabriqués à l'épreuve pour livrer un nouveau troyen à distance appelé & NBSP; Kaolin Rat.
Le malware pourrait: "En dehors de la fonctionnalité de rat standard, & nbsp; modifier le dernier horodatage d'écriture d'un fichier sélectionné et charger tout serveur de DLL reçu du serveur [Command and Control]"
The North Korea-linked threat actor known as Lazarus Group employed its time-tested fabricated job lures to deliver a new remote access trojan called Kaolin RAT. The malware could, "aside from standard RAT functionality, change the last write timestamp of a selected file and load any received DLL binary from [command-and-control] server," Avast security researcher Luigino |
Malware Threat | APT 38 | ★★ |
|
2024-02-29 13:47:00 | Lazarus exploite les fautes de frappe pour faufiler les logiciels malveillants PYPI dans les systèmes de développement Lazarus Exploits Typos to Sneak PyPI Malware into Dev Systems (lien direct) |
Le groupe de piratage nord-coréen nord-coréen Lazarus a téléchargé quatre packages dans le référentiel d'index de package Python (PYPI) dans le but d'infecter les systèmes de développeurs par des logiciels malveillants.
Les packages, maintenant supprimés, sont & nbsp; pycryptoenv, & nbsp; pycryptoconf, & nbsp; quasarlib et & nbsp; swapmempool.Ils ont été téléchargés collectivement 3 269 fois, PycryptoConf représentant le plus
The notorious North Korean state-backed hacking group Lazarus uploaded four packages to the Python Package Index (PyPI) repository with the goal of infecting developer systems with malware. The packages, now taken down, are pycryptoenv, pycryptoconf, quasarlib, and swapmempool. They have been collectively downloaded 3,269 times, with pycryptoconf accounting for the most |
Malware | APT 38 | ★★★★ |
|
2023-11-01 14:32:00 | Hackers nord-coréens ciblant les experts en crypto avec des logiciels malveillants de Kandy Korn North Korean Hackers Tageting Crypto Experts with KANDYKORN macOS Malware (lien direct) |
Des acteurs de menaces parrainés par l'État de la République de Corée (RPDC) du peuple démocrate ont été trouvés ciblant les ingénieurs de blockchain d'une plate-forme d'échange de crypto sans nom via Discord avec un nouveau malware macOS surnommé Kandykorn.
Elastic Security Labs a déclaré que l'activité, tracée en avril 2023, présente des chevauchements avec le tristement célèbre groupe collectif adversaire Lazare, citant une analyse de la
State-sponsored threat actors from the Democratic People\'s Republic of Korea (DPRK) have been found targeting blockchain engineers of an unnamed crypto exchange platform via Discord with a novel macOS malware dubbed KANDYKORN. Elastic Security Labs said the activity, traced back to April 2023, exhibits overlaps with the infamous adversarial collective Lazarus Group, citing an analysis of the |
Malware Threat | APT 38 APT 38 | ★★ |
|
2023-10-27 20:27:00 | Le groupe coréen Lazarus cible le fournisseur de logiciels utilisant des défauts connus N. Korean Lazarus Group Targets Software Vendor Using Known Flaws (lien direct) |
Le groupe de Lazare aligné nord-en Corée a été attribué comme derrière une nouvelle campagne dans laquelle un fournisseur de logiciel sans nom a été compromis par l'exploitation de défauts de sécurité connus dans un autre logiciel de haut niveau.
Selon Kaspersky, les séquences d'attaque ont abouti au déploiement de familles de logiciels malveillants tels que Signbt et Lpeclient, un outil de piratage connu utilisé par l'acteur de menace pour
The North Korea-aligned Lazarus Group has been attributed as behind a new campaign in which an unnamed software vendor was compromised through the exploitation of known security flaws in another high-profile software. The attack sequences, according to Kaspersky, culminated in the deployment of malware families such as SIGNBT and LPEClient, a known hacking tool used by the threat actor for |
Malware Tool Threat | APT 38 APT 38 | ★★★ |
|
2023-09-05 15:45:00 | Les chercheurs mettent en garde contre les cyber-armes utilisées par le groupe Andariel du groupe Lazarus \\ Researchers Warn of Cyber Weapons Used by Lazarus Group\\'s Andariel Cluster (lien direct) |
L'acteur de menace nord-coréen connue sous le nom d'Andariel a été observé en utilisant un arsenal d'outils malveillants dans ses cyber-assaut contre les sociétés et les organisations de l'homologue du Sud.
"Une caractéristique des attaques identifiées en 2023 est qu'il existe de nombreuses souches de logiciels malveillants développées dans la langue go", a déclaré le Ahnlab Security Emergency Response Center (ASEC) dans une plongée profonde
The North Korean threat actor known as Andariel has been observed employing an arsenal of malicious tools in its cyber assaults against corporations and organizations in the southern counterpart. “One characteristic of the attacks identified in 2023 is that there are numerous malware strains developed in the Go language,” the AhnLab Security Emergency Response Center (ASEC) said in a deep dive |
Malware Tool Threat | APT 38 | ★★ |
|
2023-08-24 20:46:00 | Le groupe Lazarus exploite la faille critique Zoho Manage en train de déployer des logiciels malveillants furtifs Lazarus Group Exploits Critical Zoho ManageEngine Flaw to Deploy Stealthy QuiteRAT Malware (lien direct) |
L'acteur de menaces en Corée du Nord connu sous le nom de groupe Lazare a été observé exploitant un défaut de sécurité critique maintenant paralysé un impact sur Zoho ManageEngine Servicedesk Plus pour distribuer un chevalier d'accès à distance appelé tel que quiterat.
Les objectifs comprennent des infrastructures de l'épine dorsale sur Internet et des entités de santé en Europe et aux États-Unis, la société de cybersécurité Cisco Talos a déclaré dans une analyse en deux parties
The North Korea-linked threat actor known as Lazarus Group has been observed exploiting a now-patched critical security flaw impacting Zoho ManageEngine ServiceDesk Plus to distribute a remote access trojan called such as QuiteRAT. Targets include internet backbone infrastructure and healthcare entities in Europe and the U.S., cybersecurity company Cisco Talos said in a two-part analysis |
Malware Threat | APT 38 APT 38 | ★★ |
|
2023-05-24 13:00:00 | Le groupe coréen Lazarus cible les serveurs Microsoft IIS pour déployer des logiciels malveillants d'espionnage N. Korean Lazarus Group Targets Microsoft IIS Servers to Deploy Espionage Malware (lien direct) |
Le tristement célèbre acteur du groupe Lazarus a ciblé les versions vulnérables des serveurs Microsoft Internet Information Services (IIS) comme voie de violation initiale pour déployer des logiciels malveillants sur des systèmes ciblés.
Les résultats proviennent du Ahnlab Security Emergency Response Center (ASEC), qui a détaillé la poursuite de la menace persistante avancée (APT) Abus continu des techniques de chargement secondaire DLL pour déployer des logiciels malveillants.
"Le
The infamous Lazarus Group actor has been targeting vulnerable versions of Microsoft Internet Information Services (IIS) servers as an initial breach route to deploy malware on targeted systems. The findings come from the AhnLab Security Emergency response Center (ASEC), which detailed the advanced persistent threat\'s (APT) continued abuse of DLL side-loading techniques to deploy malware. "The |
Malware | APT 38 | ★★ |
|
2023-04-25 16:57:00 | Sous-groupe Lazarus ciblant les appareils Apple avec un nouveau malware macOS de RustBucket Lazarus Subgroup Targeting Apple Devices with New RustBucket macOS Malware (lien direct) |
Un acteur de menace nord-coréen motivé financièrement est soupçonné d'être derrière une nouvelle souche malveillante de pomme de macos appelée Rustbucket.
"[RustBucket] communique avec les serveurs de commande et de contrôle (C2) pour télécharger et exécuter divers PAyloads, "les chercheurs de Jamf Threat Labs Ferdous Saljooki et Jaron Bradley ont déclaré enUn rapport technique publié la semaine dernière.
La société de gestion d'appareils Apple l'a attribuée
A financially-motivated North Korean threat actor is suspected to be behind a new Apple macOS malware strain called RustBucket. "[RustBucket] communicates with command and control (C2) servers to download and execute various payloads," Jamf Threat Labs researchers Ferdous Saljooki and Jaron Bradley said in a technical report published last week. The Apple device management company attributed it |
Malware Threat | APT 38 | ★★★ |
|
2023-04-20 17:26:00 | Le groupe Lazarus ajoute des logiciels malveillants Linux à Arsenal dans l'opération Dream Job Lazarus Group Adds Linux Malware to Arsenal in Operation Dream Job (lien direct) |
Le célèbre acteur parrainé par l'État aligné par la Corée du Nord connue sous le nom de groupe Lazare a été attribué à une nouvelle campagne destinée aux utilisateurs de Linux.
Les attaques font partie d'une activité persistante et de longue date suivie sous le nom de l'opération Dream Job, a déclaré Eset dans un nouveau rapport publié aujourd'hui.
Les résultats sont cruciaux, notamment parce qu'il marque le premier exemple publié publiquement de la
The notorious North Korea-aligned state-sponsored actor known as the Lazarus Group has been attributed to a new campaign aimed at Linux users. The attacks are part of a persistent and long-running activity tracked under the name Operation Dream Job, ESET said in a new report published today. The findings are crucial, not least because it marks the first publicly documented example of the |
Malware | APT 38 | ★★★ |
|
2023-02-23 17:17:00 | Lazarus Group Using New WinorDLL64 Backdoor to Exfiltrate Sensitive Data (lien direct) | A new backdoor associated with a malware downloader named Wslink has been discovered, with the tool likely used by the notorious North Korea-aligned Lazarus Group, new findings reveal. The payload, dubbed WinorDLL64 by ESET, is a fully-featured implant that can exfiltrate, overwrite, and delete files; execute PowerShell commands; and obtain comprehensive information about the underlying machine. | Malware Tool Medical | APT 38 | ★ |
|
2023-02-15 20:29:00 | North Korea\'s APT37 Targeting Southern Counterpart with New M2RAT Malware (lien direct) | The North Korea-linked threat actor tracked as APT37 has been linked to a piece of new malware dubbed M2RAT in attacks targeting its southern counterpart, suggesting continued evolution of the group's features and tactics. APT37, also tracked under the monikers Reaper, RedEyes, Ricochet Chollima, and ScarCruft, is linked to North Korea's Ministry of State Security (MSS) unlike the Lazarus and | Malware Threat Cloud | APT 38 APT 37 | ★★ |
|
2022-12-05 17:54:00 | Russian Courts Targeted by New CryWiper Data Wiper Malware Posing as Ransomware (lien direct) | A new data wiper malware called CryWiper has been found targeting Russian government agencies, including mayor's offices and courts. "Although it disguises itself as a ransomware and extorts money from the victim for 'decrypting' data, [it] does not actually encrypt, but purposefully destroys data in the affected system," Kaspersky researchers Fedor Sinitsyn and Janis Zinchenko said in a | Ransomware Malware Medical | APT 38 | ★★★ |
|
2022-12-05 16:00:00 | North Korean Hackers Spread AppleJeus Malware Disguised as Cryptocurrency Apps (lien direct) | The Lazarus Group threat actor has been observed leveraging fake cryptocurrency apps as a lure to deliver a previously undocumented version of the AppleJeus malware, according to new findings from Volexity. "This activity notably involves a campaign likely targeting cryptocurrency users and organizations with a variant of the AppleJeus malware by way of malicious Microsoft Office documents," | Malware Threat Medical | APT 38 | ★★★ |
|
2022-09-07 17:40:00 | North Korean Hackers Deploying New MagicRAT Malware in Targeted Campaigns (lien direct) | The prolific North Korean nation-state actor known as the Lazarus Group has been linked to a new remote access trojan called MagicRAT. The previously unknown piece of malware is said to have been deployed in victim networks that had been initially breached via successful exploitation of internet-facing VMware Horizon servers, Cisco Talos said in a report shared with The Hacker News. "While being | Malware Medical | APT 38 | |
|
2022-08-16 23:20:26 | North Korea Hackers Spotted Targeting Job Seekers with macOS Malware (lien direct) | The North Korea-backed Lazarus Group has been observed targeting job seekers with malware capable of executing on Apple Macs with Intel and M1 chipsets. Slovak cybersecurity firm ESET linked it to a campaign dubbed "Operation In(ter)ception" that was first disclosed in June 2020 and involved using social engineering tactics to trick employees working in the aerospace and military sectors into | Malware Medical | APT 38 | |
|
2022-01-28 01:24:28 | North Korean Hackers Using Windows Update Service to Infect PCs with Malware (lien direct) | The notorious Lazarus Group actor has been observed mounting a new campaign that makes use of the Windows Update service to execute its malicious payload, expanding the arsenal of living-off-the-land (LotL) techniques leveraged by the APT group to further its objectives. The Lazarus Group, also known as APT38, Hidden Cobra, Whois Hacking Team, and Zinc, is the moniker assigned to the North | Malware Medical | APT 38 APT 28 | |
|
2021-12-17 03:05:10 | New PseudoManuscrypt Malware Infected Over 35,000 Computers in 2021 (lien direct) | Industrial and government organizations, including enterprises in the military-industrial complex and research laboratories, are the targets of a new malware botnet dubbed PseudoManyscrypt that has infected roughly 35,000 Windows computers this year alone. The name comes from its similarities to the Manuscrypt malware, which is part of the Lazarus APT group's attack toolset, Kaspersky | Malware | APT 38 | |
|
2021-10-27 00:14:47 | Latest Report Uncovers Supply Chain Attacks by North Korean Hackers (lien direct) | Lazarus Group, the advanced persistent threat (APT) group attributed to the North Korean government, has been observed waging two separate supply chain attack campaigns as a means to gain a foothold into corporate networks and target a wide range of downstream entities.
The latest intelligence-gathering operation involved the use of MATA malware framework as well as backdoors dubbed BLINDINGCAN |
Malware Threat Medical | APT 38 APT 28 | |
|
2021-06-16 05:25:25 | Malware Attack on South Korean Entities Was Work of Andariel Group (lien direct) | A malware campaign targeting South Korean entities that came to light earlier this year has been attributed to a North Korean nation-state hacking group called Andariel, once again indicating that Lazarus attackers are following the trends and their arsenal is in constant development.
"The way Windows commands and their options were used in this campaign is almost identical to previous Andariel |
Malware | APT 38 | |
|
2021-04-19 22:33:45 | Lazarus APT Hackers are now using BMP images to hide RAT malware (lien direct) | A spear-phishing attack operated by a North Korean threat actor targeting its southern counterpart has been found to conceal its malicious code within a bitmap (.BMP) image file to drop a remote access trojan (RAT) capable of stealing sensitive information.
Attributing the attack to the Lazarus Group based on similarities to prior tactics adopted by the adversary, researchers from Malwarebytes |
Malware Threat Medical | APT 38 | |
|
2021-02-26 03:02:08 | North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware (lien direct) | A prolific North Korean state-sponsored hacking group has been tied to a new ongoing espionage campaign aimed at exfiltrating sensitive information from organizations in the defense industry.
Attributing the attacks with high confidence to the Lazarus Group, the new findings from Kaspersky signal an expansion of the APT actor's tactics by going beyond the usual gamut of financially-motivated |
Malware Medical | APT 38 | ★★ |
|
2020-07-23 02:18:46 | North Korean Hackers Spotted Using New Multi-Platform Malware Framework (lien direct) | Lazarus Group, the notorious hacking group with ties to the North Korean regime, has unleashed a new multi-platform malware framework with an aim to infiltrate corporate entities around the world, steal customer databases, and distribute ransomware.
Capable of targeting Windows, Linux, and macOS operating systems, the MATA malware framework - so-called because of the authors' reference to the |
Malware Medical | APT 38 | |
|
2019-05-10 03:04:03 | North Korean Hackers Using ELECTRICFISH Tunnels to Exfiltrate Data (lien direct) | The U.S. Department of Homeland Security (DHS) and the FBI have issued another joint alert about a new piece of malware that the prolific North Korean APT hacking group Hidden Cobra has actively been using in the wild.
Hidden Cobra, also known as Lazarus Group and Guardians of Peace, is believed to be backed by North Korean government and known to launch cyber attacks against media |
Malware Medical | APT 38 |
1
We have: 23 articles.
We have: 23 articles.
To see everything:
Our RSS (filtrered)
