What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2025-05-07 10:17:41 | Bluenoroff (lien direct) | > également connu sous le nom de heur: trojan-downloader.osx.lazarus.gen
Type:
Menace hybride
Plateforme:
Mac OS 9
Dernière mise à jour:
28/11/24 7:01 AM
Niveau de menace:
High
Description
Ce malware installe une porte dérobée pour l'exécution de la commande distante et abuse du fichier de configuration Zshenv pour la persistance, en contournant les mécanismes de sécurité de MacOS comme les notifications des éléments de connexion.
BLUENOROFF REPLATION DE LA MONAGE
MacScan peut détecter et supprimer la menace hybride Bluenoroff de votre système, ainsi que de protéger d'autres menaces de sécurité et de confidentialité. Un essai de 30 jours est disponible pour scanner votre système pour cette menace.
Télécharger macScan
>also known as HEUR:Trojan-Downloader.OSX.Lazarus.gen Type: Hybrid Threat Platform: Mac OS 9 Last updated: 11/28/24 7:01 am Threat Level: High Description This malware installs a backdoor for remote command execution and abuses the zshenv configuration file for persistence, bypassing macOS’s security mechanisms like Login Items notifications. BlueNoroff Threat Removal MacScan can detect and remove BlueNoroff Hybrid Threat from your system, as well as provide protection against other security and privacy threats. A 30-day trial is available to scan your system for this threat. Download MacScan |
Malware Threat | APT 38 | ★★ |
 |
2025-05-05 15:05:25 | Les pirates utilisent des leurres sur le thème des attaques de Pahalgam pour cibler les fonctionnaires du gouvernement indien Hackers Use Pahalgam Attack-Themed Decoys to Target Indian Government Officials (lien direct) |
> L'équipe SEQRITE LABS APT a découvert une cyber campagne sophistiquée par la tribu transparente liée au Pakistan (APT36) ciblant le gouvernement indien et le personnel de défense. Cette opération, centrée sur la récente attaque terroriste de Pahalgam le 22 avril 2025, exploite des thèmes chargés émotionnellement pour distribuer des documents de phishing et déployer des charges utiles malveillantes. Exploitation des tensions géopolitiques pour le cyber-espionnage le […]
>The Seqrite Labs APT team has uncovered a sophisticated cyber campaign by the Pakistan-linked Transparent Tribe (APT36) targeting Indian Government and Defense personnel. This operation, centered around the recent Pahalgam terror attack on April 22, 2025, leverages emotionally charged themes to distribute phishing documents and deploy malicious payloads. Exploiting Geopolitical Tensions for Cyber Espionage The […] |
APT 36 | ★★★ | |
 |
2025-04-29 05:00:00 | Bonjour 0 jours, mon vieil ami: une analyse d'exploitation du 2024 zéro-jour Hello 0-Days, My Old Friend: A 2024 Zero-Day Exploitation Analysis (lien direct) |
Écrit par: Casey Charrier, James Sadowski, Clement Lecigne, Vlad Stolyarov
Résumé exécutif GoogleThreat Intelligence Group (GTIG) tracked 75 zero-day vulnerabilities exploited in the wild in 2024, a decrease from the number we identified in 2023 (98 vulnerabilities), but still an increase from 2022 (63 vulnerabilities). We divided the reviewed vulnerabilities into two main categories: end-user platforms and products (e.g., mobile devices, operating systems, and browsers) and enterprise-focused technologies, such as security software and appliances. Vendors continue to drive improvements that make some zero-day exploitation harder, demonstrated by both dwindling numbers across multiple categories and reduced observed attacks against previously popular targets. At the same time, commercial surveillance vendors (CSVs) appear to be increasing their operational security practices, potentially leading to decreased attribution and detection. We see zero-day exploitation targeting a greater number and wider variety of enterprise-specific technologies, although these technologies still remain a smaller proportion of overall exploitation when compared to end-user technologies. While the historic focus on the exploitation of popular end-user technologies and their users continues, the shift toward increased targeting of enterprise-focused products will require a wider and more diverse set of vendors to increase proactive security measures in order to reduce future zero-day exploitation attempts. Scope This report describes what Google Threat Intelligence Group (GTIG) knows about zero-day exploitation in 2024. We discuss how targeted vendors and exploited products drive trends that reflect threat actor goals and shifting exploitation approaches, and then closely examine several examples of zero-day exploitation from 2024 that demonstrate how actors use both historic and novel techniques to exploit vulnerabilities in targeted products. The following content leverages original research conducted by GTIG, combined with breach investigation findings and reporting from reliable open sources, though we cannot independently confirm the reports of every source. Research in this space is dynamic and the numbers may adjust due to the ongoing discovery of past incidents through digital forensic investigations. The numbers presented here reflect our best understanding of current data. GTIG defines a zero-day as a vulnerability that was maliciously exploited in the wild before a patch was made publicly available. GTIG acknowledges that the trends observed and discussed in this report are based on detected and disclosed zero-days. Our analysis represents exploitation tracked by GTIG but may not reflect all zero-day exploitation. aside_block Key Takeaways Zero-day exploitation continues to grow gradually. The 75 zero-day vulnerabilities exploited in 2024 follow a pattern that has emerged |
Malware Tool Vulnerability Threat Patching Mobile Prediction Cloud Commercial | APT 37 | ★★ |
|
2025-04-25 17:34:28 | Les pirates nord-coréens APT se présentent en tant qu'entre entreprises pour répandre les logiciels malveillants aux demandeurs d'emploi North Korean APT Hackers Pose as Companies to Spread Malware to Job Seekers (lien direct) |
> Les analystes de menaces de push silencieuses ont découvert une nouvelle campagne de cyberattaque effrayante orchestrée par le groupe de menace persistante avancée (APT) nord-coréen connue sous le nom d'interview contagieuse, également appelée célèbre Chollima, un sous-groupe du célèbre groupe Lazare. Cette entité parrainée par l'État a été impliquée dans de nombreux efforts de cyber-espionnage sophistiqués ciblant les industries mondiales, avec un […] particulier […]
>Silent Push Threat Analysts have uncovered a chilling new cyberattack campaign orchestrated by the North Korean Advanced Persistent Threat (APT) group known as Contagious Interview, also referred to as Famous Chollima, a subgroup of the notorious Lazarus group. This state-sponsored entity has been implicated in numerous sophisticated cyber-espionage efforts targeting global industries, with a particular […] |
Malware Threat | APT 38 | ★★★ |
 |
2025-04-24 19:41:00 | Lazarus frappe 6 entreprises sud-coréennes via Cross Ex, Innix Zero-Day et ThreatNeedle malware Lazarus Hits 6 South Korean Firms via Cross EX, Innorix Zero-Day and ThreatNeedle Malware (lien direct) |
Au moins six organisations en Corée du Sud ont été ciblées par le prolifique groupe de Lazare lié à la Corée du Nord dans le cadre d'une campagne surnommée Opération Synchole.
L'activité a ciblé les logiciels de la Corée du Sud, les logiciels, l'industrie financière, la fabrication de semi-conducteurs et les industries de télécommunications, selon un rapport de Kaspersky publié aujourd'hui. La première preuve de compromis a été détectée pour la première fois dans
At least six organizations in South Korea have been targeted by the prolific North Korea-linked Lazarus Group as part of a campaign dubbed Operation SyncHole. The activity targeted South Korea\'s software, IT, financial, semiconductor manufacturing, and telecommunications industries, according to a report from Kaspersky published today. The earliest evidence of compromise was first detected in |
Malware Vulnerability Threat | APT 38 | ★★★ |
|
2025-04-24 17:07:50 | Lazarus APT cible les organisations en exploitant des vulnérabilités d'une journée Lazarus APT Targets Organizations by Exploiting One-Day Vulnerabilities (lien direct) |
> Une récente campagne de cyber-espionnage par le célèbre groupe de menaces persistantes (APT) de Lazarus avancée (APT), suivie comme «Opération Synchole», a compromis au moins six organisations sud-coréennes à travers les logiciels, l'informatique, le financier, les semi-conducteurs et les secteurs de télécommunications depuis novembre 2024. […]
>A recent cyber espionage campaign by the notorious Lazarus Advanced Persistent Threat (APT) group, tracked as “Operation SyncHole,” has compromised at least six South Korean organizations across software, IT, financial, semiconductor, and telecommunications sectors since November 2024. According to detailed research, the attackers employed a combination of watering hole attacks and exploited vulnerabilities in widely […] |
Vulnerability Threat | APT 38 | ★★★ |
 |
2025-04-24 15:13:32 | Les pirates de Lazarus violent six entreprises dans des attaques de trou d'eau Lazarus hackers breach six companies in watering hole attacks (lien direct) |
Dans une récente campagne d'espionnage, le tristement célèbre groupe de menaces nord-coréen Lazarus a ciblé plusieurs organisations dans les secteurs du logiciel, de l'informatique, des finances et des télécommunications en Corée du Sud. [...]
In a recent espionage campaign, the infamous North Korean threat group Lazarus targeted multiple organizations in the software, IT, finance, and telecommunications sectors in South Korea. [...] |
Threat | APT 38 | ★★★ |
 |
2025-04-24 09:27:52 | Kaspersky découvre de nouvelles cyberattaques menées par Lazarus visant les chaînes d\'approvisionnement sud-coréennes (lien direct) | Kaspersky découvre de nouvelles cyberattaques menées par Lazarus visant les chaînes d'approvisionnement sud-coréennes - Malwares | APT 38 | ★★★ | |
 |
2025-04-24 05:00:04 | Opération Synchole: Lazarus APT remonte au puits Operation SyncHole: Lazarus APT goes back to the well (lien direct) |
Les grands experts de Kaspersky ont découvert une nouvelle campagne de Lazarus APT qui exploite les vulnérabilités dans les produits logiciels sud-coréens et utilise une approche du trou d'eau.
Kaspersky GReAT experts uncovered a new campaign by Lazarus APT that exploits vulnerabilities in South Korean software products and uses a watering hole approach. |
Vulnerability | APT 38 | ★★★ |
|
2025-04-23 11:02:35 | Les pirates APT34 utilisent le port 8080 pour les fausses réponses 404 et les clés SSH partagées APT34 Hackers Use Port 8080 for Fake 404 Responses and Shared SSH Keys (lien direct) |
> Les chercheurs ont découvert les premiers indicateurs d'infrastructures malveillantes liées à l'APT34, également connu sous le nom de Oilrig, un groupe de menaces iranien présumé connu pour cibler des secteurs comme l'éducation, le gouvernement, l'énergie, les télécommunications et les ONG. Entre novembre 2024 et avril 2025, une série de domaines et de serveurs ont été suivis, imitant une organisation académique en Irak (Biam-Iraq [.] Org) et Fictieuse Basé au Royaume-Uni […]
>Researchers have uncovered early indicators of malicious infrastructure linked to APT34, also known as OilRig, a suspected Iranian threat group notorious for targeting sectors like education, government, energy, telecom, and NGOs. Between November 2024 and April 2025, a series of domains and servers were tracked, impersonating an academic organization in Iraq (biam-iraq[.]org) and fictitious UK-based […] |
Threat | APT 34 | ★★★ |
 |
2025-04-18 21:02:33 | Vendredi Blogging Squid: Live Colossal Squid Tourned Friday Squid Blogging: Live Colossal Squid Filmed (lien direct) |
Un calmar colossal en direct a été filmé pour le d'abord Time Dans l'océan. Ce n'est qu'un juvénile: un pied de long.
Comme d'habitude, vous pouvez également utiliser ce post de calmar pour parler des histoires de sécurité dans les nouvelles que je n'ai pas couvertes.
A live colossal squid was filmed for the first time in the ocean. It’s only a juvenile: a foot long. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. |
APT 32 | ★★ | |
 |
2025-04-16 02:46:50 | APT ROGUES \\ 'Gallery: le cyber-adversaires les plus dangereux du monde \\ APT Rogues\\' Gallery: The World\\'s Most Dangerous Cyber Adversaries (lien direct) |
Les groupes avancés de menace persistante (APT) ne sont pas un nouveau fléau. Ces cyber-adversaires sophistiqués et parrainés par l'État, avec des poches profondes et des compétences techniques très avancées, effectuent des attaques prolongées et ciblées pour infiltrer les réseaux, exfiltrer des données sensibles et perturber l'infrastructure critique. Les enjeux n'ont jamais été plus élevés, donc dans ce blog, nous examinerons certains des acteurs appropriés les plus notoires, leurs tactiques, techniques et procédures uniques (TTPS) et les attaques qui leur sont attribuées, et offrir quelques conseils sur la façon de se défendre contre eux. Le groupe Lazare originaire de la Corée du Nord, le ...
Advanced Persistent Threat (APT) groups are not a new scourge. These sophisticated, state-sponsored cyber adversaries, with deep pockets and highly advanced technical skills, conduct prolonged and targeted attacks to infiltrate networks, exfiltrate sensitive data, and disrupt critical infrastructure. The stakes have never been higher, so in this blog, we\'ll look at some of the most notorious APT actors, their unique Tactics, Techniques, and Procedures (TTPs), and attacks attributed to them, and offer a few tips on how to defend against them. The Lazarus Group Originating from North Korea, the... |
Threat Technical | APT 38 | ★★★ |
|
2025-04-03 17:52:00 | Le groupe Lazarus cible les demandeurs d'emploi avec une tactique Clickfix pour déployer des logiciels malveillants de Golangghost Lazarus Group Targets Job Seekers With ClickFix Tactic to Deploy GolangGhost Malware (lien direct) |
Les acteurs de la menace nord-coréenne derrière une interview contagieuse ont adopté la tactique de l'ingénierie sociale de Clickfix de plus en plus populaire pour attirer les demandeurs d'emploi dans le secteur de la crypto-monnaie pour offrir une porte dérobée au départ sans papiers sans documentation appelée Golangghost sur Windows et MacOS.
La nouvelle activité, évaluée comme étant une continuation de la campagne, a été nommé Code Clickfake Interview par
The North Korean threat actors behind Contagious Interview have adopted the increasingly popular ClickFix social engineering tactic to lure job seekers in the cryptocurrency sector to deliver a previously undocumented Go-based backdoor called GolangGhost on Windows and macOS systems. The new activity, assessed to be a continuation of the campaign, has been codenamed ClickFake Interview by |
Malware Threat | APT 38 | ★★★ |
 |
2025-04-02 10:45:54 | Lazarus utilise des tactiques Clickfix dans de fausses attaques d'emploi de crypto-monnaie Lazarus Uses ClickFix Tactics in Fake Cryptocurrency Job Attacks (lien direct) |
> Les pirates de Lazarus de la Corée du Nord utilisent la technique ClickFix pour le déploiement de logiciels malveillants dans de nouvelles attaques ciblant l'écosystème de crypto-monnaie.
>North Korea\'s Lazarus hackers are using the ClickFix technique for malware deployment in fresh attacks targeting the cryptocurrency ecosystem. |
Malware | APT 38 | ★★★ |
 |
2025-04-01 13:21:21 | Lazarus apt saute dans le train de Clickfix dans les attaques récentes Lazarus APT Jumps on ClickFix Bandwagon in Recent Attacks (lien direct) |
Une continuation de la campagne nord-coréenne de l'État-nation \\ contre les demandeurs d'emploi utilise l'attaque d'ingénierie sociale pour cibler les organisations CEFI avec la porte dérobée de Golangghost.
A continuation of the North Korean nation-state threat\'s campaign against employment seekers uses the social engineering attack to target CeFi organizations with the GolangGhost backdoor. |
Threat | APT 38 | ★★ |
 |
2025-03-31 15:00:00 | Campagne d'interview de Clickfake par Lazarus cible les demandeurs d'emploi cryptographiques ClickFake Interview Campaign by Lazarus Targets Crypto Job Seekers (lien direct) |
Nouvelle campagne «Clickfake Interview» attribuée au groupe Lazarus cible les professionnels des cryptos avec de fausses offres d'emploi
New “ClickFake Interview” campaign attributed to the Lazarus Group targets crypto professionals with fake job offers |
APT 38 | ★★★ | |
|
2025-03-31 11:56:54 | Les pirates nord-coréens adoptent des attaques Clickfix pour cibler les entreprises cryptographiques North Korean hackers adopt ClickFix attacks to target crypto firms (lien direct) |
Le célèbre groupe nord-coréen de piratage de Lazarus aurait adopté des tactiques \\ 'clickfix \' pour déployer des travailleurs de logiciels malveillants dans l'industrie de la crypto-monnaie, en particulier la finance centralisée (CEFI). [...]
The notorious North Korean Lazarus hacking group has reportedly adopted \'ClickFix\' tactics to deploy malware targeting job seekers in the cryptocurrency industry, particularly centralized finance (CeFi). [...] |
Malware | APT 38 | ★★★ |
|
2025-03-28 21:04:42 | Vendredi Blogging Squid: Squid Werewolf Hacking Group Friday Squid Blogging: Squid Werewolf Hacking Group (lien direct) |
Dans une autre intersection rare Squid / Cybersecurity, APT37 est également connu sous le nom de " squid welwolf ."
Comme d'habitude, vous pouvez également utiliser ce post de calmar pour parler des histoires de sécurité dans les nouvelles que je n'ai pas couvertes.
In another rare squid/cybersecurity intersection, APT37 is also known as “Squid Werewolf.” As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. |
APT 37 | ★★★ | |
|
2025-03-28 06:00:00 | L'APP34 lié à l'Iran \\ est des espions sur les alliés Irak et Yémen Iran\\'s MOIS-Linked APT34 Spies on Allies Iraq & Yemen (lien direct) |
La République islamique garde ses ennemis proches et ses amis plus près, avec des attaques d'espionnage destinées aux voisins voisins.
The Islamic Republic is keeping its enemies close and its friends closer, with espionage attacks aimed at nearby neighbors. |
APT 34 | ★★★ | |
|
2025-03-27 18:01:00 | APT36 Spoofs India Publier un site Web pour infecter les utilisateurs de Windows et Android avec des logiciels malveillants APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware (lien direct) |
Un groupe avancé de menace persistante (APT) avec des liens avec le Pakistan a été attribué à la création d'un faux site Web se faisant passer pour le système postal du secteur public d'Inde \\ dans le cadre d'une campagne conçue pour infecter les utilisateurs de Windows et Android dans le pays.
La société de cybersécurité Cyfirma a attribué la campagne avec une confiance moyenne à un acteur de menace appelé APT36, également connu sous le nom de
An advanced persistent threat (APT) group with ties to Pakistan has been attributed to the creation of a fake website masquerading as India\'s public sector postal system as part of a campaign designed to infect both Windows and Android users in the country. Cybersecurity company CYFIRMA has attributed the campaign with medium confidence to a threat actor called APT36, which is also known as |
Malware Threat Mobile | APT 36 | ★★★ |
|
2025-03-22 13:02:00 | Les sanctions en espèces de Tornado en espèces du Trésor américain au milieu de la Corée du Nord U.S. Treasury Lifts Tornado Cash Sanctions Amid North Korea Money Laundering Probe (lien direct) |
Le Département du Trésor américain a annoncé qu'il a supprimé les sanctions contre les tornadques, un service de mélangeur de crypto-monnaie qui a été accusé d'avoir aidé le groupe de Lazare lié à la Corée du Nord pour blanchir son produit mal acquis.
"Sur la base de l'examen de l'administration des nouvelles questions juridiques et politiques soulevées par l'utilisation de sanctions financières contre les activités financières et commerciales sur
The U.S. Treasury Department has announced that it\'s removing sanctions against Tornado Cash, a cryptocurrency mixer service that has been accused of aiding the North Korea-linked Lazarus Group to launder their ill-gotten proceeds. "Based on the Administration\'s review of the novel legal and policy issues raised by use of financial sanctions against financial and commercial activity occurring |
Commercial | APT 38 | ★★ |
|
2025-03-13 19:53:00 | Scarcruft de la Corée du Nord déploie des logiciels malveillants kospys, espionnant les utilisateurs d'Android via de fausses applications utilitaires North Korea\\'s ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps (lien direct) |
L'acteur de menace en la Corée du Nord, connu sous le nom de Scarcruft, aurait été à l'origine d'un outil de surveillance Android jamais vu auparavant nommé Kospy ciblant les utilisateurs coréens et anglophones.
Lookout, qui a partagé les détails de la campagne de logiciels malveillants, a déclaré que les premières versions remontent à mars 2022. Les échantillons les plus récents ont été signalés en mars 2024. Il n'est pas clair à quel point ces efforts ont réussi.
"
The North Korea-linked threat actor known as ScarCruft is said to have been behind a never-before-seen Android surveillance tool named KoSpy targeting Korean and English-speaking users. Lookout, which shared details of the malware campaign, said the earliest versions date back to March 2022. The most recent samples were flagged in March 2024. It\'s not clear how successful these efforts were. " |
Malware Tool Threat Mobile | APT 37 | ★★ |
|
2025-03-13 12:58:55 | Les pirates nord-coréens ont distribué des logiciels espions Android via Google Play North Korean Hackers Distributed Android Spyware via Google Play (lien direct) |
> L'APT37 lié à la Corée du Nord a été observé ciblant les utilisateurs d'Android avec des logiciels espions distribués via Google Play.
>The North Korea-linked APT37 has been observed targeting Android users with spyware distributed via Google Play. |
Mobile | APT 37 | ★★ |
 |
2025-03-12 22:31:17 | Le groupe Lazarus trompe les développeurs avec 6 nouveaux packages NPM malveillants Lazarus Group deceives developers with 6 new malicious npm packages (lien direct) |
> Les chercheurs de socket ont déclaré que les packages de logiciels malveillants avaient été téléchargés collectivement plus de 330 fois. GitHub a supprimé tous les packages malveillants mercredi.
>Socket researchers said the malware-ridden packages were collectively downloaded over 330 times. GitHub removed all of the malicious packages Wednesday. |
APT 38 | ★★ | |
 |
2025-03-12 15:11:46 | Les logiciels espions dans des applications Android de faux sont attribués au groupe nord-coréen Spyware in bogus Android apps is attributed to North Korean group (lien direct) |
Un groupe nord-coréen national a suivi APT37 ou Scarcruft a placé des services publics infectés dans les magasins d'applications Android dans le cadre d'une campagne d'espionnage, selon les chercheurs de Lookout.
A North Korean nation-state group tracked as APT37 or ScarCruft placed infected utilities in Android app stores as part of an espionage campaign, according to researchers at Lookout. |
Mobile | APT 37 | ★★ |
|
2025-03-12 00:15:21 | Le groupe Lazare a caché la porte dérobée dans de faux packages NPM dans la dernière attaque Lazarus Group Hid Backdoor in Fake npm Packages in Latest Attack (lien direct) |
Le groupe Lazare cible les développeurs avec des forfaits NPM malveillants, le vol d'identification, la crypto et l'installation de la porte dérobée. Restez vigilant pour protéger vos projets.
Lazarus Group targets developers with malicious npm packages, stealing credentials, crypto, and installing backdoor. Stay alert to protect your projects. |
APT 38 | ★★ | |
 |
2025-03-10 01:11:47 | Les pirates nord-coréens encaissent des centaines de millions à partir de 1,5 milliard de dollars de piratage North Korean hackers cash out hundreds of millions from $1.5bn ByBit hack (lien direct) |
Les pirates du tristement célèbre groupe Lazare sont dans un jeu de chat et de souris pour blanchir leurs fonds volés au braquage du Bybit.
Hackers from the infamous Lazarus Group are in a cat-and-mouse game to launder their stolen funds from the ByBit heist. |
Hack | APT 38 | ★★★ |
 |
2025-03-05 13:03:46 | DET. Anglais. Hebdomadaire # 105 - Je rassemble une équipe Det. Eng. Weekly #105 - I\\'m assembling a team (lien direct) |
Soit \\ retirer Lazarus.
Let\'s take out Lazarus. |
APT 38 | ★★ | |
 |
2025-03-03 14:05:24 | Comment la Corée du Nord a exécuté le plus gros crispo de tous les temps How North Korea Executed the Largest Crypto Heist Ever (lien direct) |
Le groupe de Lazarus de la Corée du Nord a réussi le piratage de 1 milliard de dollars, ce qui en fait le plus grand braquage de crypto de tous les temps. Voici comment ils l'ont fait et ce qui est à côté.
North Korea\'s Lazarus Group pulled off the $1.5B Bybit hack, making it the biggest crypto heist ever. Here\'s how they did it-and what\'s next. |
Hack | APT 38 | ★★★ |
|
2025-02-27 15:28:39 | Le FBI exhorte la communauté crypto à éviter le blanchiment de fonds de Bybit Hack FBI urges crypto community to avoid laundering funds from Bybit hack (lien direct) |
Le Bureau a attribué le piratage de 1,5 milliard de dollars à l'acteur de menace nord-coréen connu sous le nom de TraderTraitor, ou Lazarus, à la suite d'évaluations similaires de chercheurs en cybersécurité.
The bureau attributed the $1.5 billion hack to the North Korean threat actor known as TraderTraitor, or Lazarus, following similar assessments by cybersecurity researchers. |
Hack Threat | APT 38 | ★★★ |
|
2025-02-27 12:45:00 | Bybit Hack Traced to Safe {Wallet} Attaque de la chaîne d'approvisionnement exploitée par des pirates nord-coréens Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers (lien direct) |
Le Federal Bureau of Investigation (FBI) des États-Unis a officiellement lié le piratage record de 1,5 milliard de dollars à des acteurs de menace nord-coréens, alors que le PDG de la société Ben Zhou a déclaré une «guerre contre Lazare».
L'agence a déclaré que la République de Corée du peuple démocrate (Corée du Nord) était responsable du vol des actifs virtuels de l'échange de crypto-monnaie, l'attribuant à un cluster spécifique
The U.S. Federal Bureau of Investigation (FBI) formally linked the record-breaking $1.5 billion Bybit hack to North Korean threat actors, as the company\'s CEO Ben Zhou declared a "war against Lazarus." The agency said the Democratic People\'s Republic of Korea (North Korea) was responsible for the theft of the virtual assets from the cryptocurrency exchange, attributing it to a specific cluster |
Hack Threat | APT 38 | ★★★ |
|
2025-02-27 09:35:00 | Le FBI confirme le groupe de Lazarus de la Corée du Nord en tant que pirates de crypto de Bybit FBI Confirms North Korea\\'s Lazarus Group as Bybit Crypto Hackers (lien direct) |
Le FBI confirme le groupe de Lazarus de la Corée du Nord responsable de Bybit Crypto Heist
FBI confirms North Korea\'s Lazarus Group responsible for Bybit crypto heist |
APT 38 | ★★★ | |
 |
2025-02-26 23:49:20 | Bybit déclare la guerre à la Corée du Nord la Corée du Nord Lazarus, le crime de crime pour regagner 1,5 milliard de dollars volé au portefeuille Bybit declares war on North Korea\\'s Lazarus crime-ring to regain $1.5B stolen from wallet (lien direct) |
jusqu'à 140 millions de dollars de récompenses de primes pour le retour d'Ethereum qui prétendument pilé par l'Hermit Nation Échange de crypto-monnaie, quelques jours seulement après que des agents nord-coréens présumés aient volé 1,5 milliard de dollars en Ethereum à partir de celui virtual = \\ '/ data_centre / _whitePaper_textLinks_top.html \' ->
Up to $140M in bounty rewards for return of Ethereum allegedly pilfered by hermit nation Cryptocurrency exchange Bybit, just days after suspected North Korean operatives stole $1.5 billion in Ethereum from it, has launched a bounty program to help recover its funds.… |
APT 38 APT 37 | ★★★ | |
|
2025-02-25 18:49:07 | Les analystes cryptographiques stupéfaits par les capacités de Lazarus Group \\ en vol de 1,46 milliard de dollars Crypto analysts stunned by Lazarus Group\\'s capabilities in $1.46B Bybit theft (lien direct) |
> Le montant volé la semaine dernière dépasse ce que le groupe a pu voler tout en 2024.
>The amount stolen last week surpasses what the group was able to steal in all of 2024. |
APT 38 | ★★★★ | |
|
2025-02-25 10:16:39 | La Lazarus de la Corée du Nord réalise le plus grand braquage cryptographique de l'histoire North Korea\\'s Lazarus Pulls Off Biggest Crypto Heist in History (lien direct) |
Les cyberattaques qui seraient affiliés au groupe de menaces parrainé par l'État ont réussi le plus grand braquage cryptographique signalé à ce jour, volant 1,5 milliard de dollars de borbit de bourse. Il a été réalisé en interférant avec un transfert de routine entre les portefeuilles.
Cyberattackers believed to be affiliated with the state-sponsored threat group pulled off the largest crypto heist reported to date, stealing $1.5 billion from exchange Bybit. It was carried out by interfering with a routine transfer between wallets. |
Threat | APT 38 | ★★★★ |
|
2025-02-24 18:28:46 | Les pirates de Lazarus de la Corée du Nord derrière le vol de crypto de 1,4 milliard de dollars de Bybit, disent les chercheurs North Korea\\'s Lazarus hackers behind $1.4 billion crypto theft from Bybit, researchers say (lien direct) |
Les chercheurs en cybersécurité affirment que les pirates nord-coréens sont à l'origine du plus grand braquage de crypto-monnaie de l'histoire et blanchissent activement les plus de 1,4 milliard de dollars de crypto-monnaie volées vendredi à l'échange de Bybit.
Cybersecurity researchers say North Korean hackers are behind the largest cryptocurrency heist in history and are actively laundering the more than $1.4 billion in cryptocurrency stolen from the Bybit exchange on Friday. |
APT 38 | ★★★★ | |
|
2025-02-24 18:25:49 | L'UE sanctions nord-coréen liée au groupe Lazare sur la participation à la guerre ukrainienne EU sanctions North Korean tied to Lazarus group over involvement in Ukraine war (lien direct) |
Le dernier paquet de sanctions de l'UE lié à l'invasion de l'Ukraine par la Russie comprenait le chef de l'agence de renseignement nord-coréenne connue pour soutenir le groupe Lazare et d'autres opérations de piratage de haut niveau.
The latest package of EU sanctions related to Russia\'s invasion of Ukraine included the leader of the North Korean intelligence agency known for backing the Lazarus group and other high-profile hacking operations. |
APT 38 | ★★★ | |
|
2025-02-23 20:13:39 | Les enquêteurs relient 1,4 milliard de dollars de piratage par bybit au groupe de Lazarus de la Corée du Nord Investigators Link $1.4B Bybit Hack to North Korea\\'s Lazarus Group (lien direct) |
Les enquêteurs relient le piratage de 1 milliard de dollars au groupe de Lazarus de la Corée du Nord, exposant un braquage de crypto majeur lié à la cybercriminalité et au blanchiment d'argent soutenues par l'État.
Investigators link the $1.4B Bybit hack to North Korea\'s Lazarus Group, exposing a major crypto heist tied to state-backed cybercrime and money laundering. |
Hack | APT 38 | ★★ |
|
2025-02-14 23:58:00 | Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks (lien direct) | The North Korean threat actor known as the Lazarus Group has been linked to a previously undocumented JavaScript implant named Marstech1 as part of limited targeted attacks against developers.
The active operation has been dubbed Marstech Mayhem by SecurityScorecard, with the malware delivered by means of an open-source repository hosted on GitHub that\'s associated with a profile named "
The North Korean threat actor known as the Lazarus Group has been linked to a previously undocumented JavaScript implant named Marstech1 as part of limited targeted attacks against developers. The active operation has been dubbed Marstech Mayhem by SecurityScorecard, with the malware delivered by means of an open-source repository hosted on GitHub that\'s associated with a profile named " |
Malware Threat | APT 38 | ★★ |
|
2025-02-13 10:15:00 | North Korea Targets Crypto Devs Through NPM Packages (lien direct) | SecurityScorecard has uncovered a sophisticated campaign linked to North Korea\'s Lazarus Group, distributing crypto-stealing malware
SecurityScorecard has uncovered a sophisticated campaign linked to North Korea\'s Lazarus Group, distributing crypto-stealing malware |
Malware | APT 38 | ★★★ |
|
2025-02-11 20:00:00 | Cybercrime: A Multifaceted National Security Threat (lien direct) | Executive Summary Cybercrime makes up a majority of the malicious activity online and occupies the majority of defenders\' resources. In 2024, Mandiant Consulting responded to almost four times more intrusions conducted by financially motivated actors than state-backed intrusions. Despite this overwhelming volume, cybercrime receives much less attention from national security practitioners than the threat from state-backed groups. While the threat from state-backed hacking is rightly understood to be severe, it should not be evaluated in isolation from financially motivated intrusions. A hospital disrupted by a state-backed group using a wiper and a hospital disrupted by a financially motivated group using ransomware have the same impact on patient care. Likewise, sensitive data stolen from an organization and posted on a data leak site can be exploited by an adversary in the same way data exfiltrated in an espionage operation can be. These examples are particularly salient today, as criminals increasingly target and leak data from hospitals. Healthcare\'s share of posts on data leak sites has doubled over the past three years, even as the number of data leak sites tracked by Google Threat Intelligence Group has increased by nearly 50% year over year. The impact of these attacks mean that they must be taken seriously as a national security threat, no matter the motivation of the actors behind it. Cybercrime also facilitates state-backed hacking by allowing states to purchase cyber capabilities, or co-opt criminals to conduct state-directed operations to steal data or engage in disruption. Russia has drawn on criminal capabilities to fuel the cyber support to their war in Ukraine. GRU-linked APT44 (aka Sandworm), a unit of Russian military intelligence, has employed malware available from cybercrime communities to conduct espionage and disruptive operations in Ukraine and CIGAR (aka RomCom), a group that historically focused on cybercrime, has conducted espionage operations against the Ukrainian government since 2022. However, this is not limited to Russia. Iranian threat groups deploy ransomware to raise funds while simultaneously conducting espionage, and Chinese espionage groups often supplement their income with cybercrime. Most notably, North Korea uses state-backed groups to directly generate revenue for the regime. North Korea has heavily targeted cryptocurrencies, compromising exchanges and individual victims\' crypto wallets. Despite the overlaps in effects and collaboration with states, tackling the root causes of cybercrime requires fundamentally different solutions. Cybercrime involves collaboration between disparate groups often across borders and without respect to sovereignty. Any solution requires international cooperation by both law enforcement and intelligence agencies to track, arrest, and prosecute these criminals. Individual takedowns can have important temporary effects, but the collaborative nature of cybercrime means that the disrupted group will be quickly replaced by others offering the same service. Achieving broader success will require collaboration between countries and public and private sectors on systemic solutions such as increasing education and resilience efforts. aside_block | Ransomware Malware Tool Vulnerability Threat Legislation Medical Cloud Technical | APT 41 APT 38 APT 29 APT 43 APT 44 | ★★★ |
|
2025-02-06 14:50:00 | Lazarus Group Targets Bitdefender Researcher with LinkedIn Recruiting Scam (lien direct) | A Bitdefender researcher was targeted by North Korea\'s Lazarus with the lure of a fake job offer
A Bitdefender researcher was targeted by North Korea\'s Lazarus with the lure of a fake job offer |
APT 38 | ★★★ | |
|
2025-02-05 20:25:00 | Cross-Platform JavaScript Stealer Targets Crypto Wallets in New Lazarus Group Campaign (lien direct) | The North Korea-linked Lazarus Group has been linked to an active campaign that leverages fake LinkedIn job offers in the cryptocurrency and travel sectors to deliver malware capable of infecting Windows, macOS, and Linux operating systems.
According to cybersecurity company Bitdefender, the scam begins with a message sent on a professional social media network, enticing them with the promise of
The North Korea-linked Lazarus Group has been linked to an active campaign that leverages fake LinkedIn job offers in the cryptocurrency and travel sectors to deliver malware capable of infecting Windows, macOS, and Linux operating systems. According to cybersecurity company Bitdefender, the scam begins with a message sent on a professional social media network, enticing them with the promise of |
Malware | APT 38 | ★★★ |
|
2025-01-29 23:51:45 | North Koreans clone open source projects to plant backdoors, steal credentials (lien direct) | Stealing crypto is so 2024. Supply-chain attacks leading to data exfil pays off better? North Korea\'s Lazarus Group compromised hundreds of victims across the globe in a massive secret-stealing supply chain attack that was ongoing as of earlier this month, according to security researchers.…
Stealing crypto is so 2024. Supply-chain attacks leading to data exfil pays off better? North Korea\'s Lazarus Group compromised hundreds of victims across the globe in a massive secret-stealing supply chain attack that was ongoing as of earlier this month, according to security researchers.… |
APT 38 | ★★★ | |
|
2025-01-29 22:26:00 | Lazarus Group Uses React-Based Admin Panel to Control Global Cyber Attacks (lien direct) | The North Korean threat actor known as the Lazarus Group has been observed leveraging a "web-based administrative platform" to oversee its command-and-control (C2) infrastructure, giving the adversary the ability to centrally supervise all aspects of their campaigns.
"Each C2 server hosted a web-based administrative platform, built with a React application and a Node.js API," SecurityScorecard\'s
The North Korean threat actor known as the Lazarus Group has been observed leveraging a "web-based administrative platform" to oversee its command-and-control (C2) infrastructure, giving the adversary the ability to centrally supervise all aspects of their campaigns. "Each C2 server hosted a web-based administrative platform, built with a React application and a Node.js API," SecurityScorecard\'s |
Threat | APT 38 | ★★★ |
|
2025-01-29 21:39:00 | Researchers Uncover Lazarus Group Admin Layer for C2 Servers (lien direct) | The threat actor is using a sophisticated network of VPNs and proxies to centrally manage command and control servers from Pyongyang.
The threat actor is using a sophisticated network of VPNs and proxies to centrally manage command and control servers from Pyongyang. |
Threat | APT 38 | ★★★ |
 |
2025-01-25 20:07:25 | Hackers Using RID Hijacking To Create Admin Accounts In Windows (lien direct) | Cybersecurity researchers at AhnLab have discovered that a North Korean threat group uses malicious files to hijack RIDs and grant admin access to low-privilege Windows accounts.
According to ASEC researchers, AhnLab’s security intelligence center, the hacking group behind the attack is the “Andariel” threat group, linked to North Korea’s Lazarus hacker group.
“RID Hijacking is an attack technique that involves modifying the RID value of an account with low privileges, such as a regular user or a guest account, to match the RID value of an account with higher privileges (Administrator). By modifying the RID value, threat actors can deceive the system into treating the account as having administrator privileges,” AhnLab wrote in a blog post published on Thursday.
In Windows, a Relative Identifier (RID) is part of a Security Identifier (SID), which exclusively distinguishes each user and group within a domain. For instance, an administrator account will have a RID value of “500”, “501” for guest accounts, “512” for the domain admins group, and for regular users, the RID will start from the value “of 1000”.
In a RID hijacking attack, hackers change the RID of a low-privilege account to the same value as an administrator account. As a result, Windows grants administrative privileges to the account.
However, to pull this off, attackers need access to the SAM (Security Account Manager) registry, which requires them to already have SYSTEM-level access to the targeted machine for modification.
Attackers typically use tools such as PsExec and JuicyPotato to escalate their privileges and launch a SYSTEM-level command prompt.
While SYSTEM access is the highest privilege in Windows, it has certain limitations: it doesn\'t allow remote access, cannot interact with GUI apps, generates noisy activity that can be easily detected and doesn\'t persist after a system reboot.
To work around these issues, Andariel first created a hidden, low-privilege local user account by appending a “$” character to its username.
This made the account invisible in regular listings but still accessible in the SAM registry. The attackers then carried out RID hijacking to escalate the account’s privileges to the administrator level.
According to the researchers, Andariel added the modified account to the Remote Desktop Users and Administrators groups, giving them more control over the system.
The group tweaked the SAM registry using custom malware and an open-source tool to execute the RID hijacking.
Although SYSTEM access could allow the direct creation of administrator accounts, this method is less conspicuous, making it difficult to detect and prevent.
To avoid detection, Andariel also exported and backed up the modified registry settings, deleted the rogue account, and restored it later from the backup when needed, bypassing system logs and making detection even harder.
To reduce the risk of RID hijacking, system administrators should implement proactive measures such as:
Use the Local Security Authority (LSA) Subsystem Service to monitor unusual login attempts and password changes.
Prevent unauthorized access to the SAM registry.
Restricting the use of tools like PsExec and JuicyPotato.
Disabling guest accounts.
Enforcing multi-factor authentication (MFA) for all user accounts, including low-privileged ones.
Cybersecurity researchers at AhnLab have discovered that a North Korean threat group uses malicious files to hijack RIDs and grant admin access to low-privilege Windows accounts. According to ASEC researchers, AhnLab’s security intelligence center, the hacking group behind the attack is the “Andariel” threat group, linked to North Korea’s Lazarus hacker group. “RID Hijacking is |
Malware Tool Threat | APT 38 APT 45 | ★★ |
|
2025-01-17 15:30:00 | Lazarus Group Targets Developers in New Data Theft Campaign (lien direct) | SecurityScorecard identified a new campaign in which the North Korean Lazarus group aims to steal source code, secrets and cryptocurrency wallet keys from developer environments
SecurityScorecard identified a new campaign in which the North Korean Lazarus group aims to steal source code, secrets and cryptocurrency wallet keys from developer environments |
APT 38 | ★★★ | |
|
2025-01-15 21:07:00 | Lazarus Group Targets Web3 Developers with Fake LinkedIn Profiles in Operation 99 (lien direct) | The North Korea-linked Lazarus Group has been attributed to a new cyber attack campaign dubbed Operation 99 that targeted software developers looking for freelance Web3 and cryptocurrency work to deliver malware.
"The campaign begins with fake recruiters, posing on platforms like LinkedIn, luring developers with project tests and code reviews," Ryan Sherstobitoff, senior vice president of Threat
The North Korea-linked Lazarus Group has been attributed to a new cyber attack campaign dubbed Operation 99 that targeted software developers looking for freelance Web3 and cryptocurrency work to deliver malware. "The campaign begins with fake recruiters, posing on platforms like LinkedIn, luring developers with project tests and code reviews," Ryan Sherstobitoff, senior vice president of Threat |
Malware Threat | APT 38 | ★★ |
|
2025-01-15 16:02:08 | North Korea\\'s Lazarus APT Evolves Developer-Recruitment Attacks (lien direct) | "Operation 99" uses job postings to lure freelance software developers into downloading malicious Git repositories. From there, malware infiltrates developer projects to steal source code, secrets, and cryptocurrency.
"Operation 99" uses job postings to lure freelance software developers into downloading malicious Git repositories. From there, malware infiltrates developer projects to steal source code, secrets, and cryptocurrency. |
Malware | APT 38 | ★★ |
To see everything:
Our RSS (filtrered)
