This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-12T06:22:21+00:00 www.secnews.physaphae.fr The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korea-linked threat actor known as Lazarus Group employed its time-tested fabricated job lures to deliver a new remote access trojan called Kaolin RAT. The malware could, "aside from standard RAT functionality, change the last write timestamp of a selected file and load any received DLL binary from [command-and-control] server," Avast security researcher Luigino]]> 2024-04-25T22:17:00+00:00 https://thehackernews.com/2024/04/north-koreas-lazarus-group-deploys-new.html www.secnews.physaphae.fr/article.php?IdArticle=8488646 False Malware,Threat APT 38 2.0000000000000000 Dark Reading - Informationweek Branch Lazarus, Kimsuky, and Andariel all got in on the action, stealing "important" data from firms responsible for defending their southern neighbors (from them).]]> 2024-04-24T16:27:13+00:00 https://www.darkreading.com/cyberattacks-data-breaches/north-korea-apt-triumvirate-spied-on-south-korean-defense-industry-for-years www.secnews.physaphae.fr/article.php?IdArticle=8488095 False None APT 38 2.0000000000000000 Zataz - Magazine Francais de secu 2024-03-19T14:01:20+00:00 https://www.zataz.com/lazarus-group-htx-heco/ www.secnews.physaphae.fr/article.php?IdArticle=8466703 False Hack APT 38 3.0000000000000000 Recorded Future - FLux Recorded Future Le groupe de piratage de Lazarus de la Corée du Nord aurait repris un ancien service afin de laver 23 millions de dollars volés lors d'une attaque en novembre. & NBSP;Les enquêteurs de la société de recherche Blockchain, Elliptic, ont déclaré vendredi qu'au dernier jour où ils avaient & nbsp;vu les fonds - une partie des 112,5 millions de dollars volés au HTX

---

North Korea\'s Lazarus hacking group allegedly has turned back to an old service in order to launder $23 million stolen during an attack in November.  Investigators at blockchain research company Elliptic said on Friday that in the last day they had  seen the funds - part of the $112.5 million stolen from the HTX]]> 2024-03-15T18:33:59+00:00 https://therecord.media/lazarus-group-north-korea-tornado-cash-money-laundering www.secnews.physaphae.fr/article.php?IdArticle=8464489 False None APT 38 3.0000000000000000 AhnLab - Korean Security Firm aperçu du 13 février 2024, Microsoft a annoncé une élévation du noyau Windows des privilèges Vulnérabilité CVE-2012-21338correctif.La vulnérabilité se produit à certains ioctl de & # 8220; appid.sys & # 8221;Connu sous le nom de pilote AppLocker, l'une des fonctionnalités Windows.L'acteur de menace peut lire et écrire sur une mémoire de noyau aléatoire en exploitant la vulnérabilité, et peut soit désactiver les produits de sécurité ou gagner le privilège du système.Avast a rapporté que le groupe de menaces Lazarus a récemment utilisé la vulnérabilité CVE-2024-21338 à désactiver les produits de sécurité.Ainsi, les utilisateurs de Windows OS sont ...

---

Overview On February 13th, 2024, Microsoft announced a Windows Kernel Elevation of Privilege Vulnerability CVE-2024-21338 patch. The vulnerability occurs at certain IOCTL of “appid.sys” known as AppLocker‘s driver, one of the Windows feature. The threat actor can read and write on a random kernel memory by exploiting the vulnerability, and can either disable security products or gain system privilege. AVAST reported that the Lazarus threat group has recently used CVE-2024-21338 vulnerability to disable security products. Thus, Windows OS users are... ]]> 2024-03-06T08:56:56+00:00 https://asec.ahnlab.com/en/62668/ www.secnews.physaphae.fr/article.php?IdArticle=8459725 False Vulnerability,Threat APT 38 2.0000000000000000 Dark Reading - Informationweek Branch North Korean state actors Lazarus Group used a Windows AppLocker zero day, along with a new and improved rootkit, in a recent cyberattack, researchers report.]]> 2024-03-01T00:17:13+00:00 https://www.darkreading.com/vulnerabilities-threats/microsoft-zero-day-used-by-lazarus-in-rootkit-attack www.secnews.physaphae.fr/article.php?IdArticle=8457255 False Threat APT 38 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The notorious Lazarus Group actors exploited a recently patched privilege escalation flaw in the Windows Kernel as a zero-day to obtain kernel-level access and disable security software on compromised hosts. The vulnerability in question is CVE-2024-21338 (CVSS score: 7.8), which can permit an attacker to gain SYSTEM privileges. It was resolved by Microsoft earlier this month as part]]> 2024-02-29T16:49:00+00:00 https://thehackernews.com/2024/02/lazarus-hackers-exploited-windows.html www.secnews.physaphae.fr/article.php?IdArticle=8456930 False Vulnerability,Threat APT 38 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The notorious North Korean state-backed hacking group Lazarus uploaded four packages to the Python Package Index (PyPI) repository with the goal of infecting developer systems with malware. The packages, now taken down, are pycryptoenv, pycryptoconf, quasarlib, and swapmempool. They have been collectively downloaded 3,269 times, with pycryptoconf accounting for the most]]> 2024-02-29T13:47:00+00:00 https://thehackernews.com/2024/02/lazarus-exploits-typos-to-sneak-pypi.html www.secnews.physaphae.fr/article.php?IdArticle=8456854 False Malware APT 38 4.0000000000000000 SecurityWeek - Security News Le groupe nord-coréen Lazarus a exploité le conducteur Applocker Zero-Day CVE-2024-21338 pour l'escalade des privilèges dans les attaques impliquant Fudmodule Rootkit.

---

>North Korean group Lazarus exploited AppLocker driver zero-day CVE-2024-21338 for privilege escalation in attacks involving FudModule rootkit. ]]> 2024-02-29T10:28:36+00:00 https://www.securityweek.com/windows-zero-day-exploited-by-north-korean-hackers-in-rootkit-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8456926 False Vulnerability,Threat APT 38 3.0000000000000000 Bleeping Computer - Magazine Américain Japan\'s Computer Security Incident Response Team (JPCERT/CC) is warning that the notorious North Korean hacking group Lazarus has uploaded four malicious PyPI packages to infect developers with malware. [...]]]> 2024-02-28T10:04:50+00:00 https://www.bleepingcomputer.com/news/security/japan-warns-of-malicious-pypi-packages-created-by-north-korean-hackers/ www.secnews.physaphae.fr/article.php?IdArticle=8456467 False Malware APT 38 2.0000000000000000 AhnLab - Korean Security Firm à travers le groupe & # 8220; Lazarus utilise la technique de chargement latéral DLL & # 8221;[1] Article de blog, Ahnlab Security Intelligence Center (ASEC) a précédemment couvert comment le groupe Lazare a utilisé la technique d'attaque de chargement de chargement DLL en utilisant des applications légitimes au stade d'accès initial pour atteindre la prochaine étape de leur processus d'attaque.Ce billet de blog couvrira les variantes de DLL ajoutées et leur routine de vérification pour les cibles.Le groupe Lazare est un groupe approprié qui cible les entreprises sud-coréennes, les institutions, les groupes de réflexion et autres.Sur ...

---

Through the “Lazarus Group Uses the DLL Side-Loading Technique” [1] blog post, AhnLab SEcurity intelligence Center(ASEC) has previously covered how the Lazarus group used the DLL side-loading attack technique using legitimate applications in the initial access stage to achieve the next stage of their attack process. This blog post will cover the added DLL variants and their verification routine for the targets. The Lazarus group is an APT group that targets South Korean companies, institutions, think tanks, and others. On... ]]> 2024-01-23T00:40:00+00:00 https://asec.ahnlab.com/en/60792/ www.secnews.physaphae.fr/article.php?IdArticle=8441897 False None APT 38 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Description Cisco Talos has discovered a new campaign conducted by the Lazarus Group, called "Operation Blacksmith," which employs at least three new DLang-based malware families, two of which are remote access trojans (RATs), where one of these uses Telegram bots and channels as a medium of command and control (C2) communications. The RATs are named "NineRAT" and "DLRAT," and the downloader is called "BottomLoader." The campaign consists of continued opportunistic targeting of enterprises globally that publicly host and expose their vulnerable infrastructure to n-day vulnerability exploitation such as CVE-2021-44228 (Log4j). Lazarus has targeted manufacturing, agricultural, and physical security companies. The malware is written in DLang, indicating a definitive shift in TTPs from APT groups falling under the Lazarus umbrella with the increased adoption of malware being authored using non-traditional frameworks such as the Qt framework, including MagicRAT and QuiteRAT. #### Reference URL(s) 1. https://blog.talosintelligence.com/lazarus_new_rats_dlang_and_telegram/ #### Publication Date December 11, 2023 #### Author(s) Jungsoo An ]]> 2023-12-13T19:34:57+00:00 https://community.riskiq.com/article/04580784 www.secnews.physaphae.fr/article.php?IdArticle=8422247 False Malware,Vulnerability APT 38 3.0000000000000000 The Register - Site journalistique Anglais Sure, they do crimes. But the plausible deniability governments adore means they deserve a different label Cybercrime gangs like the notorious Lazarus group and spyware vendors like Israel\'s NSO should be considered cyber mercenaries – and become the subject of a concerted international response – according to a Monday report from Delhi-based think tank Observer Research Foundation (ORF).…]]> 2023-12-13T06:05:28+00:00 https://go.theregister.com/feed/www.theregister.com/2023/12/13/cyber_mercenary_orf_report/ www.secnews.physaphae.fr/article.php?IdArticle=8421881 False None APT 38 2.0000000000000000 Silicon - Site de News Francais 2023-12-12T10:21:10+00:00 https://www.silicon.fr/log4j-menace-persiste-474135.html www.secnews.physaphae.fr/article.php?IdArticle=8421459 False None APT 38 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Cisco Talos discovered a new campaign conducted by the Lazarus Group that it has codenamed \'Operation Blacksmith,\' employing... ]]> 2023-12-12T09:32:48+00:00 https://industrialcyber.co/threats-attacks/cisco-reveals-operation-blacksmith-as-lazarus-targets-organizations-with-new-telegram-based-malware-in-dlang/ www.secnews.physaphae.fr/article.php?IdArticle=8421437 False Malware APT 38 3.0000000000000000 Recorded Future - FLux Recorded Future Les pirates connectés à Groupe de Lazarus de la Corée du Nord ont exploité le Vulnérabilité LOG4J Dans une campagne d'attaques ciblant les entreprises dans les secteurs de la fabrication, de l'agriculture et de la sécurité physique.Connu sous le nom de «Faire du forgeron de l'opération», la campagne a vu les pirates de Lazarus utiliser au moins trois nouvelles familles de logiciels malveillants, selon des chercheurs de Cisco Talos qui ont nommé l'un des

---

Hackers connected to North Korea\'s Lazarus Group have been exploiting the Log4j vulnerability in a campaign of attacks targeting companies in the manufacturing, agriculture and physical security sectors. Known as “Operation Blacksmith,” the campaign saw Lazarus hackers use at least three new malware families, according to researchers at Cisco Talos who named one of the]]> 2023-12-11T20:30:00+00:00 https://therecord.media/north-korean-hackers-using-log www.secnews.physaphae.fr/article.php?IdArticle=8421198 False Malware,Vulnerability APT 38 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The notorious North Korea-linked threat actor known as the Lazarus Group has been attributed to a new global campaign that involves the opportunistic exploitation of security flaws in Log4j to deploy previously undocumented remote access trojans (RATs) on compromised hosts. Cisco Talos is tracking the activity under the name Operation Blacksmith, noting the use of three DLang-based]]> 2023-12-11T18:30:00+00:00 https://thehackernews.com/2023/12/lazarus-group-using-log4j-exploits-to.html www.secnews.physaphae.fr/article.php?IdArticle=8421079 False Threat APT 38 3.0000000000000000 The Register - Site journalistique Anglais 2023-12-11T18:08:15+00:00 https://go.theregister.com/feed/www.theregister.com/2023/12/11/lazarus_group_edang/ www.secnews.physaphae.fr/article.php?IdArticle=8421157 False Malware APT 38 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Cisco Talos said Operation Blacksmith leveraged the flaw in publicly facing VMWare Horizon servers]]> 2023-12-11T17:00:00+00:00 https://www.infosecurity-magazine.com/news/lazarus-group-log4shell-flaw/ www.secnews.physaphae.fr/article.php?IdArticle=8421119 False None APT 38 2.0000000000000000 Bleeping Computer - Magazine Américain The notorious North Korean hacking group known as Lazarus continues to exploit CVE-2021-44228, aka "Log4Shell," this time to deploy three previously unseen malware families written in DLang. [...]]]> 2023-12-11T16:25:32+00:00 https://www.bleepingcomputer.com/news/security/lazarus-hackers-drop-new-rat-malware-using-2-year-old-log4j-bug/ www.secnews.physaphae.fr/article.php?IdArticle=8421215 False Malware,Threat APT 38 2.0000000000000000 Dark Reading - Informationweek Branch The infamous vulnerability may be on the older side at this point, but North Korea\'s primo APT Lazarus is creating new, unique malware around it at a remarkable clip.]]> 2023-12-11T16:15:00+00:00 https://www.darkreading.com/threat-intelligence/lazarus-group-still-juicing-log4shell-rats-written-d www.secnews.physaphae.fr/article.php?IdArticle=8421118 False Malware,Vulnerability APT 38 2.0000000000000000 Recorded Future - FLux Recorded Future La police métropolitaine de Séoul a accusé mardi un groupe de piratage nord-coréen de cibler des sociétés sud-coréennes liées à l'industrie de la défense et de voler des informations sensibles sur les systèmes d'armes anti-aériens.Dans un communiqué de presse, faire connaître l'enquête sur le groupe de piratage d'Andariel - qui a des liens vers le célèbre groupe de Lazare - la police a déclaré qu'ils

---

The Seoul Metropolitan Police on Tuesday accused a North Korean hacking group of targeting South Korean companies connected to the defense industry and stealing sensitive information about anti-aircraft weapon systems. In a press release publicizing the investigation into the Andariel hacking group - which has links to the notorious Lazarus Group - police said they]]> 2023-12-06T21:30:00+00:00 https://therecord.media/north-korea-hackers-stole-anti-aircraft-system-data www.secnews.physaphae.fr/article.php?IdArticle=8419690 False None APT 38 3.0000000000000000 Dark Reading - Informationweek Branch The prolific threat actor has laundered hundreds of millions of dollars in stolen virtual currency through the service.]]> 2023-11-30T17:35:00+00:00 https://www.darkreading.com/cyberattacks-data-breaches/feds-seize-sinbad-crypto-mixer-used-by-north-korea-s-lazarus www.secnews.physaphae.fr/article.php?IdArticle=8418122 False Threat APT 38,APT 38 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors from the Democratic People\'s Republic of Korea (DPRK) are increasingly targeting the cryptocurrency sector as a major revenue generation mechanism since at least 2017 to get around sanctions imposed against the country. "Even though movement in and out of and within the country is heavily restricted, and its general population is isolated from the rest of the world, the regime\'s]]> 2023-11-30T17:25:00+00:00 https://thehackernews.com/2023/11/north-koreas-lazarus-group-rakes-in-3.html www.secnews.physaphae.fr/article.php?IdArticle=8418053 False Threat APT 38,APT 38 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Treasury Department on Wednesday imposed sanctions against Sinbad, a virtual currency mixer that has been put to use by the North Korea-linked Lazarus Group to launder ill-gotten proceeds. "Sinbad has processed millions of dollars\' worth of virtual currency from Lazarus Group heists, including the Horizon Bridge and Axie Infinity heists," the department said. "Sinbad is also used by]]> 2023-11-30T11:39:00+00:00 https://thehackernews.com/2023/11/us-treasury-sanctions-sinbad.html www.secnews.physaphae.fr/article.php?IdArticle=8417988 False None APT 38,APT 38 2.0000000000000000 Recorded Future - FLux Recorded Future Le département du Trésor américain le mercredi sanctionné Un mélangeur de crypto-monnaie populaire utilisé pour blanchir les fonds volés par des pirates liés au gouvernement nord-coréen.Le Contrôle des actifs étrangers (OFAC) du Département du Trésor a annoncé de nouvelles sanctions sur Sinbad.io, qui, selon les responsables

---

The U.S. Treasury Department on Wednesday sanctioned a popular cryptocurrency mixer used to launder funds stolen by hackers connected to the North Korean government. The Treasury Department\'s Office of Foreign Assets Control (OFAC) announced new sanctions on Sinbad.io, which officials said has been used by North Korea\'s Lazarus Group to process millions of dollars\' worth]]> 2023-11-29T21:45:00+00:00 https://therecord.media/us-treasury-sanctions-sinbad-crypto-mixer www.secnews.physaphae.fr/article.php?IdArticle=8417908 False None APT 38,APT 38 2.0000000000000000 HackRead - Chercher Cyber Par waqas US Treasury sanctions Sinbad.io pour blanchir des millions de fonds volés liés au groupe de Lazarus de la Corée du Nord. Ceci est un article de HackRead.com Lire le message original: US saisit le mélangeur Bitcoin Sinbad.io utilisé par Lazarus Group

---

>By Waqas US Treasury Sanctions Sinbad.io for Laundering Millions in Stolen Funds Linked to North Korea\'s Lazarus Group. This is a post from HackRead.com Read the original post: US Seizes Bitcoin Mixer Sinbad.io Used by Lazarus Group]]> 2023-11-29T19:37:23+00:00 https://www.hackread.com/us-seizes-bitcoin-mixer-sinbad-io-lazarus-group/ www.secnews.physaphae.fr/article.php?IdArticle=8417881 False None APT 38,APT 38 2.0000000000000000 Dark Reading - Informationweek Branch Lazarus and its cohorts are switching loaders and other code between RustBucket and KandyKorn macOS malware to fool victims and researchers.]]> 2023-11-28T17:30:00+00:00 https://www.darkreading.com/threat-intelligence/north-korean-apts-mix-and-match-malware-components-to-evade-detection www.secnews.physaphae.fr/article.php?IdArticle=8417572 False Malware APT 38,APT 38 2.0000000000000000 AhnLab - Korean Security Firm tout en surveillant les attaques récentes du groupe de menace Andariel, le centre d'intervention d'urgence de sécurité Ahnlab (ASEC) a découvert que le Centre d'AndarieAttaquer le cas dans lequel le groupe est supposé exploiter la vulnérabilité de l'exécution du code distant Apache ActiveMQ (CVE-2023-46604) pour installer des logiciels malveillants.Le groupe Andariel Threat cible généralement les entreprises et les institutions sud-coréennes, et le groupe est connu pour être soit dans une relation coopérative du groupe de menaces de Lazare, soit dans un groupe subsidiaire de Lazarus.Leurs attaques contre la Corée du Sud ont été les premières ...

---

While monitoring recent attacks by the Andariel threat group, AhnLab Security Emergency response Center (ASEC) has discovered the attack case in which the group is assumed to be exploiting Apache ActiveMQ remote code execution vulnerability (CVE-2023-46604) to install malware. The Andariel threat group usually targets South Korean companies and institutions, and the group is known to be either in a cooperative relationship of the Lazarus threat group, or a subsidiary group of Lazarus. Their attacks against South Korea were first... ]]> 2023-11-27T01:16:58+00:00 https://asec.ahnlab.com/en/59318/ www.secnews.physaphae.fr/article.php?IdArticle=8417067 False None APT 38 2.0000000000000000 Bleeping Computer - Magazine Américain A joint advisory by the National Cyber Security Centre (NCSC) and Korea\'s National Intelligence Service (NIS) discloses a supply-chain attack executed by North Korean hackers involving the MagicLineThe National Cyber Security Centre (NCSC) and Korea\'s National Intelligence Service (NIS) warn that the North Korean Lazarus hacking grou [...]]]> 2023-11-24T12:28:14+00:00 https://www.bleepingcomputer.com/news/security/uk-and-south-korea-hackers-use-zero-day-in-supply-chain-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8416630 False None APT 38 3.0000000000000000 Bleeping Computer - Magazine Américain Microsoft says a North Korean hacking group has breached Taiwanese multimedia software company CyberLink and trojanized one of its installers to push malware in a supply chain attack targeting potential victims worldwide. [...]]]> 2023-11-22T13:06:25+00:00 https://www.bleepingcomputer.com/news/security/microsoft-lazarus-hackers-breach-cyberlink-in-supply-chain-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8416021 False Malware APT 38,APT 38 3.0000000000000000 AhnLab - Korean Security Firm L'équipe d'analyse ASEC a identifié les circonstances du groupe Andariel distribuant des logiciels malveillants via une attaque en utilisant une certaine gestion des actifsprogramme.Le groupe Andariel est connu pour être dans une relation coopérative avec ou une organisation filiale du groupe Lazare.Le groupe Andariel lance généralement des attaques de phishing de lance, d'arrosage ou de chaîne d'approvisionnement pour la pénétration initiale.Il existe également un cas où le groupe a exploité une solution de gestion centrale pendant le processus d'installation de logiciels malveillants.Récemment, le groupe Andariel ...

---

The ASEC analysis team identified the circumstances of the Andariel group distributing malware via an attack using a certain asset management program. The Andariel group is known to be in a cooperative relationship with or a subsidiary organization of the Lazarus group. The Andariel group usually launches spear phishing, watering hole, or supply chain attacks for initial penetration. There is also a case where the group exploited a central management solution during the malware installation process. Recently, the Andariel group... ]]> 2023-11-20T06:31:18+00:00 https://asec.ahnlab.com/en/59073/ www.secnews.physaphae.fr/article.php?IdArticle=8414705 False Malware,Technical APT 38,APT 38 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A sub-cluster within the infamous Lazarus Group has established new infrastructure that impersonates skills assessment portals as part of its social engineering campaigns. Microsoft attributed the activity to a threat actor it calls Sapphire Sleet, describing it as a "shift in the persistent actor\\\'s tactics." Sapphire Sleet, also called APT38, BlueNoroff, CageyChameleon, and CryptoCore, has a]]> 2023-11-11T19:03:00+00:00 https://thehackernews.com/2023/11/microsoft-warns-of-fake-skills.html www.secnews.physaphae.fr/article.php?IdArticle=8409670 False Threat APT 38,APT 38 3.0000000000000000 HackRead - Chercher Cyber Par waqas Bluenoroff est un sous-groupe du plus grand groupe soutenu par l'État nord-coréen appelé Lazarus. Ceci est un article de HackRead.com Lire le post original: Bluenoroff APT lié à Lazare ciblant les macOS avec des logiciels malveillants objcshellz

---

>By Waqas BlueNoroff is a subgroup of the larger North Korean state-backed group called Lazarus. This is a post from HackRead.com Read the original post: Lazarus-Linked BlueNoroff APT Targeting macOS with ObjCShellz Malware]]> 2023-11-08T10:34:54+00:00 https://www.hackread.com/lazarus-bluenoroff-apt-macos-objcshellz-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8407874 False Malware APT 38,APT 38 2.0000000000000000 HackRead - Chercher Cyber Par deeba ahmed Un autre jour, une autre opération de logiciels malveillants par le tristement célèbre groupe de Lazare ciblant les ingénieurs de la blockchain et les utilisateurs de crypto. Ceci est un article de HackRead.com Lire le post original: Lazarus groupe LazarusUtilise des logiciels malveillants de Kandykorn MacOS pour le vol cryptographique

---

>By Deeba Ahmed Another day, another malware operation by the infamous Lazarus group targeting blockchain engineers and crypto users. This is a post from HackRead.com Read the original post: Lazarus Group uses KandyKorn macOS malware for crypto theft]]> 2023-11-03T20:01:17+00:00 https://www.hackread.com/lazarus-kandykorn-macos-malware-crypto/ www.secnews.physaphae.fr/article.php?IdArticle=8405492 False Malware APT 38,APT 38 3.0000000000000000 Dark Reading - Informationweek Branch Posing as fellow engineers, the North Korean state-sponsored cybercrime group Lazarus tricked crypto-exchange developers into downloading the hard-to-detect malware.]]> 2023-11-03T18:55:00+00:00 https://www.darkreading.com/endpoint/kandykorn-macos-malware-lures-crypto-engineers www.secnews.physaphae.fr/article.php?IdArticle=8405460 False Malware APT 38,APT 38 2.0000000000000000 SecurityWeek - Security News Security researchers uncover new macOS and Windows malware associated with the North Korea-linked Lazarus Group. ]]> 2023-11-03T14:10:49+00:00 https://www.securityweek.com/north-korean-hackers-use-new-kandykorn-macos-malware-in-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8405892 False Malware APT 38,APT 38 2.0000000000000000 Bleeping Computer - Magazine Américain A new macOS malware dubbed \'KandyKorn\' has been spotted in a campaign attributed to the North Korean Lazarus hacking group, targeting blockchain engineers of a cryptocurrency exchange platform. [...]]]> 2023-11-02T15:22:01+00:00 https://www.bleepingcomputer.com/news/security/new-macos-kandykorn-malware-targets-cryptocurrency-engineers/ www.secnews.physaphae.fr/article.php?IdArticle=8404890 False Malware APT 38,APT 38 3.0000000000000000 Recorded Future - FLux Recorded Future Les pirates liés à la Corée du Nord ciblent les ingénieurs de blockchain \\ 'Apple avec de nouveaux logiciels malveillants avancés, ont révélé des chercheurs.Les tactiques et les techniques utilisées dans la campagne chevauchent l'activité du groupe de pirates nord-coréen parrainé par l'État Lazarus, comme l'a rapporté la société de cybersécurité Elastic Security Labs.L'objectif probable des pirates est de voler la crypto-monnaie comme

---

Hackers linked to North Korea are targeting blockchain engineers\' Apple devices with new, advanced malware, researchers have found. The tactics and techniques used in the campaign overlap with the activity of the North Korean state-sponsored hacker group Lazarus, as reported by cybersecurity firm Elastic Security Labs. The hackers\' likely goal is to steal cryptocurrency as]]> 2023-11-02T12:47:00+00:00 https://therecord.media/blockchain-engineers-crypto-exchange-macos-malware-north-korea www.secnews.physaphae.fr/article.php?IdArticle=8404681 False Malware APT 38,APT 38 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) State-sponsored threat actors from the Democratic People\'s Republic of Korea (DPRK) have been found targeting blockchain engineers of an unnamed crypto exchange platform via Discord with a novel macOS malware dubbed KANDYKORN. Elastic Security Labs said the activity, traced back to April 2023, exhibits overlaps with the infamous adversarial collective Lazarus Group, citing an analysis of the]]> 2023-11-01T14:32:00+00:00 https://thehackernews.com/2023/11/north-korean-hackers-tageting-crypto.html www.secnews.physaphae.fr/article.php?IdArticle=8403987 False Malware,Threat APT 38,APT 38 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Kaspersky unveiled the cyber campaign at the Security Analyst Summit]]> 2023-10-30T17:00:00+00:00 https://www.infosecurity-magazine.com/news/lazarus-group-targets-legitimate/ www.secnews.physaphae.fr/article.php?IdArticle=8403072 False Malware APT 38 2.0000000000000000 CyberWarzone - Cyber News [Plus ...]

---

The recent unveiling of a sinister alliance between an IT company and North Korean hackers, it’s evident that the cyber threat landscape has taken a [more...]]]> 2023-10-30T11:51:07+00:00 https://cyberwarzone.com/north-korean-lazarus-hackers-and-it-companys-billion-won-ransomware-heist/ www.secnews.physaphae.fr/article.php?IdArticle=8402774 False Ransomware,Threat APT 38 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korea-aligned Lazarus Group has been attributed as behind a new campaign in which an unnamed software vendor was compromised through the exploitation of known security flaws in another high-profile software. The attack sequences, according to Kaspersky, culminated in the deployment of malware families such as SIGNBT and LPEClient, a known hacking tool used by the threat actor for]]> 2023-10-27T20:27:00+00:00 https://thehackernews.com/2023/10/n-korean-lazarus-group-targets-software.html www.secnews.physaphae.fr/article.php?IdArticle=8401494 False Malware,Tool,Threat APT 38,APT 38 3.0000000000000000 Recorded Future - FLux Recorded Future Les pirates connectés au gouvernement nord-coréen ont exploité une vulnérabilité dans un fournisseur de logiciels «haut de gamme» pour cibler ses clients, selon un récent Rapport .À la mi-juillet, les chercheurs de la société de cybersécurité Kaspersky ont détecté une série d'attaques contre plusieurs victimes ciblées via un logiciel de sécurité non identifié conçu pour crypter les communications Web à l'aide du numérique

---

Hackers connected to the North Korean government have exploited a vulnerability in a “high-profile” software vendor to target its customers, according to a recent report. In mid-July, researchers from the cybersecurity firm Kaspersky detected a series of attacks on several victims who were targeted through unidentified security software designed to encrypt web communications using digital]]> 2023-10-27T16:30:00+00:00 https://therecord.media/north-korean-hackers-exploit-software-vulnerability www.secnews.physaphae.fr/article.php?IdArticle=8401515 False Vulnerability,Threat APT 38 4.0000000000000000 Bleeping Computer - Magazine Américain The North Korean Lazarus hacking group repeatedly compromised a software vendor using flaws in vulnerable software despite multiple patches and warnings being made available by the developer. [...]]]> 2023-10-27T12:15:29+00:00 https://www.bleepingcomputer.com/news/security/lazarus-hackers-breached-dev-repeatedly-to-deploy-signbt-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8401514 False Malware APT 38,APT 38 3.0000000000000000 Kaspersky - Kaspersky Research blog We unveil a Lazarus campaign exploiting security company products and examine its intricate connections with other campaigns]]> 2023-10-27T06:00:12+00:00 https://securelist.com/unveiling-lazarus-new-campaign/110888/ www.secnews.physaphae.fr/article.php?IdArticle=8401253 False None APT 38,APT 38 2.0000000000000000 AhnLab - Korean Security Firm août 2023 Problèmes majeurs sur les groupes de l'APT 1) Andariel 2) APT29 3) APT31 4) amer 5)Bronze Starlight 6) Callisto 7) Cardinbee 8) Typhoon de charbon de bois (Redhotel) 9) Terre estrie 10) Typhon de lin 11) Groundpeony 12) Chisel infâme 13) Kimsuky 14) Lazarus 15)Moustachedbouncher 16) Éléphant mystérieux (APT-K-47) 17) Nobelium (Blizzard de minuit) 18) Red Eyes (APT37) Aug_Thereat Trend Rapport sur les groupes APT

---

August 2023 Major Issues on APT Groups 1) Andariel 2) APT29 3) APT31 4) Bitter 5) Bronze Starlight 6) Callisto 7) Carderbee 8) Charcoal Typhoon (RedHotel) 9) Earth Estries 10) Flax Typhoon 11) GroundPeony 12) Infamous Chisel 13) Kimsuky 14) Lazarus 15) MoustachedBouncher 16) Mysterious Elephant (APT-K-47) 17) Nobelium (Midnight Blizzard) 18) Red Eyes (APT37) Aug_Threat Trend Report on APT Groups ]]> 2023-10-23T02:22:16+00:00 https://asec.ahnlab.com/en/57930/ www.secnews.physaphae.fr/article.php?IdArticle=8399124 False Threat,Prediction APT 38,APT 38,APT 29,APT 37,APT 31 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) North Korean threat actors are actively exploiting a critical security flaw in JetBrains TeamCity to opportunistically breach vulnerable servers, according to Microsoft. The attacks, which entail the exploitation of CVE-2023-42793 (CVSS score: 9.8), have been attributed to Diamond Sleet (aka Labyrinth Chollima) and Onyx Sleet (aka Andariel or Silent Chollima). It\'s worth noting that both the]]> 2023-10-19T12:41:00+00:00 https://thehackernews.com/2023/10/microsoft-warns-of-north-korean-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=8397598 False Threat APT 38 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korea-linked Lazarus Group (aka Hidden Cobra or TEMP.Hermit) has been observed using trojanized versions of Virtual Network Computing (VNC) apps as lures to target the defense industry and nuclear engineers as part of a long-running campaign known as Operation Dream Job. "The threat actor tricks job seekers on social media into opening malicious apps for fake job interviews," Kaspersky]]> 2023-10-18T20:21:00+00:00 https://thehackernews.com/2023/10/lazarus-group-targeting-defense-experts.html www.secnews.physaphae.fr/article.php?IdArticle=8397305 False Threat APT 38,APT 38,APT 37 2.0000000000000000 Recorded Future - FLux Recorded Future Les pirates ont ciblé plus d'une douzaine d'entreprises de pétrole, de gaz et de défense en Europe de l'Est avec une version mise à jour du cadre de la porte dérobée MATA, selon récent Research .La porte dérobée MATA était auparavant attribué au groupe de pirates nord-coréen Lazarus.Les chercheurs de la société de cybersécurité Kaspersky, qui ont découvert cette campagne, ne se sont pas directement liés

---

Hackers have targeted more than a dozen oil, gas and defense firms in Eastern Europe with an updated version of the MATA backdoor framework, according to recent research. The MATA backdoor was previously attributed to the North Korean hacker group Lazarus. Researchers at the cybersecurity firm Kaspersky, who uncovered this campaign, did not directly link]]> 2023-10-18T20:15:00+00:00 https://therecord.media/eastern-europe-energy-and-defense-targeted-mata www.secnews.physaphae.fr/article.php?IdArticle=8397422 False Threat,Industrial APT 38 4.0000000000000000 Bleeping Computer - Magazine Américain Microsoft says that the North Korean Lazarus and Andariel hacking groups are exploiting the CVE-2023-42793 flaw in TeamCity servers to deploy backdoor malware, likely to conduct software supply chain attacks. [...]]]> 2023-10-18T18:33:02+00:00 https://www.bleepingcomputer.com/news/security/north-korean-hackers-exploit-critical-teamcity-flaw-to-breach-networks/ www.secnews.physaphae.fr/article.php?IdArticle=8397455 False Vulnerability APT 38 3.0000000000000000 AhnLab - Korean Security Firm Le groupe Lazare est un groupe de piratage connu pour être parrainé par l'État et mène activement des activités de piratageDans le monde entier pour le gain financier, le vol de données et d'autres fins.Un aperçu simplifié de l'attaque du trou d'arrosage du groupe Lazare qui a abusé de la vulnérabilité inisafée est la suivante: un lien malveillant a été inséré dans un article spécifique sur un site Web d'actualités.Par conséquent, les entreprises et les institutions qui ont cliqué sur cet article étaient ciblées pour le piratage.Les pirates ont exploité des sites Web coréens vulnérables avec C2 ...

---

The Lazarus group is a hacking group that is known to be state-sponsored and is actively conducting hacking activities worldwide for financial gain, data theft, and other purposes. A simplified overview of the Lazarus group’s watering hole attack that abused the INISAFE vulnerability is as follows: a malicious link was inserted within a specific article on a news website. Consequently, companies and institutions that clicked on this article were targeted for hacking. The hackers exploited vulnerable Korean websites with C2... ]]> 2023-10-17T00:55:09+00:00 https://asec.ahnlab.com/en/57736/ www.secnews.physaphae.fr/article.php?IdArticle=8396477 False Vulnerability APT 38 2.0000000000000000 AhnLab - Korean Security Firm aperçu1.Analyse de la porte dérobée de Volgmer….1.1.Version précoce de Volgmer …… .. 1.1.1.Analyse des compte-gouttes Volgmer …… .. 1.1.2.Analyse de la porte dérobée de Volgmer….1.2.Version ultérieure de Volgmer …… .. 1.2.1.Analyse de Volgmer Backdoor2.Analyse du téléchargeur Scout….2.1.DIGNES (Volgmer, Scout)….2.2.Analyse du téléchargeur Scout …… .. 2.2.1.Scout Downloader v1 …… .. 2.2.2.Scout Downloader V23.Conclusion Table des matières Le groupe de menaces de Lazarus parrainé par l'État a des dossiers d'activité qui remontent à 2009. Au début, leurs activités étaient principalement axées sur ...

---

Overview1. Analysis of Volgmer Backdoor…. 1.1. Early Version of Volgmer…….. 1.1.1. Analysis of Volgmer Dropper…….. 1.1.2. Analysis of Volgmer Backdoor…. 1.2. Later Version of Volgmer…….. 1.2.1. Analysis of Volgmer Backdoor2. Analysis of Scout Downloader…. 2.1. Droppers (Volgmer, Scout)…. 2.2. Analysis of Scout Downloader…….. 2.2.1. Scout Downloader v1…….. 2.2.2. Scout Downloader v23. Conclusion Table of Contents The seemingly state-sponsored Lazarus threat group has records of activity that date back to 2009. In the early days, their activities were mostly focused on... ]]> 2023-10-13T08:21:01+00:00 https://asec.ahnlab.com/en/57685/ www.secnews.physaphae.fr/article.php?IdArticle=8395055 False Threat APT 38 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) As much as $7 billion in cryptocurrency has been illicitly laundered through cross-chain crime, with the North Korea-linked Lazarus Group linked to the theft of roughly $900 million of those proceeds between July 2022 and July of this year. "As traditional entities such as mixers continue to be subject to seizures and sanctions scrutiny, the crypto crime displacement to chain- or asset-hopping]]> 2023-10-06T20:26:00+00:00 https://thehackernews.com/2023/10/north-koreas-lazarus-group-launders-900.html www.secnews.physaphae.fr/article.php?IdArticle=8392275 False None APT 38 2.0000000000000000 The Register - Site journalistique Anglais LightningCan evades infosec tools in new and interesting ways The Lazarus Group, the cybercrime gang linked to the North Korean government, has been named as the perpetrator of an attack against a Spanish aerospace firm, using a dangerous new piece of malware.…]]> 2023-10-04T07:30:06+00:00 https://go.theregister.com/feed/www.theregister.com/2023/10/04/lazarus_group_lightlesscan_malware_upgrade/ www.secnews.physaphae.fr/article.php?IdArticle=8391313 False Malware,Tool APT 38 2.0000000000000000 Dark Reading - Informationweek Branch The Lazarus Group\'s "LightlessCan" malware executes multiple native Windows commands within the RAT itself, making detection significantly harder, security vendor says.]]> 2023-10-02T20:51:09+00:00 https://www.darkreading.com/cloud/north-korea-meta-complex-backdoor-aerospace www.secnews.physaphae.fr/article.php?IdArticle=8390638 False Malware APT 38 3.0000000000000000 HackRead - Chercher Cyber Par waqas Rapport des pertes de crypto immunufi: T1 2023 voit les plus hautes pertes de l'année. Ceci est un article de HackRead.com Lire le post original: L'industrie cryptographique a perdu 685 millions de dollars au troisième trimestre 2023, 30% par le groupe Lazare

---

>By Waqas Immunefi Crypto Losses Report: Q3 2023 Sees Highest Losses of the Year. This is a post from HackRead.com Read the original post: Crypto Industry Lost $685 Million in Q3 2023, 30% by Lazarus Group]]> 2023-10-02T17:05:46+00:00 https://www.hackread.com/crypto-industry-q3-2023-lazarus-group/ www.secnews.physaphae.fr/article.php?IdArticle=8390569 False Studies APT 38 4.0000000000000000 knowbe4 - cybersecurity services Une récente attaque contre une entreprise aérospatiale espagnole non divulguée a tous commencé avec des messages aux employés de l'entreprise qui semblaient provenir de méta recruteurs, via la messagerie LinkedIn. chercheurs ESET à découvertL'attaque et l'attribué au groupe Lazare, en particulier une campagne surnommée Opération Dreamjob.Cette campagne du groupe Lazare était destinée aux entreprises de défense et aérospatiale dans le but de réaliser un cyberespionnage. & Nbsp;

---

A recent attack on an undisclosed Spanish aerospace company all started with messages to the company\'s employees that appeared to be coming from Meta recruiters, via LinkedIn Messaging. ESET researchers uncovered the attack and attributed it to the Lazarus group, particularly a campaign dubbed Operation DreamJob. This campaign by the Lazarus group was aimed at defense and aerospace companies with the goal of carrying out cyberespionage. ]]> 2023-10-02T16:29:11+00:00 https://blog.knowbe4.com/lazarus-attack-spanish-aerospace-company www.secnews.physaphae.fr/article.php?IdArticle=8390565 False None APT 38 3.0000000000000000 CyberWarzone - Cyber News Introduction Ever wondered how a seemingly innocent LinkedIn message can turn into a cybersecurity nightmare? A Spanish aerospace company recently]]> 2023-10-01T22:55:22+00:00 https://cyberwarzone.com/lazarus-group-targets-spanish-aerospace-company-through-linkedin-unveiling-the-lightlesscan-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8390245 False Malware APT 38 2.0000000000000000 Recorded Future - FLux Recorded Future Les pirates liés à un groupe notoire du gouvernement nord-coréen ont lancé une attaque contre une société aérospatiale en Espagne, selon des chercheurs de la société de sécurité ESET.Vendredi, dans un rapport, les chercheurs ont déclaré avoir découvert une campagne de pirates liés à Lazarus - un groupe infâme qui a volé des milliards de milliardsentreprises de crypto-monnaie

---

Hackers connected to a notorious group within the North Korean government launched an attack against an aerospace company in Spain, according to researchers at security company ESET. In a report on Friday, researchers said they discovered a campaign by hackers connected to Lazarus - an infamous group that has stolen billions from cryptocurrency firms over]]> 2023-09-29T21:45:00+00:00 https://therecord.media/north-korean-govt-hackers-spain www.secnews.physaphae.fr/article.php?IdArticle=8389658 False None APT 38 2.0000000000000000 HackRead - Chercher Cyber Par deeba ahmed Auparavant, lorsque le groupe a exploité LinkedIn, il a réussi à piloter 625 millions de dollars stupéfiants du réseau de blockchain Ronin Network (RON). Ceci est un article de HackRead.com Lire le post original: Lazarus apt exploitant Linkedin à cibler la société aérospatiale espagnole

---

>By Deeba Ahmed Previously, when the group exploited LinkedIn, it managed to pilfer a staggering $625 million from the Ronin Network (RON) blockchain network. This is a post from HackRead.com Read the original post: Lazarus APT Exploiting LinkedIn to Target Spanish Aerospace Firm]]> 2023-09-29T19:43:27+00:00 https://www.hackread.com/lazarus-exploit-linkedin-spanish-aerospace-firm/ www.secnews.physaphae.fr/article.php?IdArticle=8389620 False Industrial APT 38 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korea-linked Lazarus Group has been linked to a cyber espionage attack targeting an unnamed aerospace company in Spain in which employees of the firm were approached by the threat actor posing as a recruiter for Meta. "Employees of the targeted company were contacted by a fake recruiter via LinkedIn and tricked into opening a malicious executable file presenting itself as a coding]]> 2023-09-29T17:40:00+00:00 https://thehackernews.com/2023/09/lazarus-group-impersonates-recruiter.html www.secnews.physaphae.fr/article.php?IdArticle=8389485 False Threat APT 38 3.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET During the attack, the group deployed several tools, most notably a newly-discovered sophisticated backdoor that ESET named LightlessCan]]> 2023-09-29T13:00:00+00:00 https://www.welivesecurity.com/en/videos/how-lazarus-impersonated-meta-attack-target-spain-week-security-tony-anscombe/ www.secnews.physaphae.fr/article.php?IdArticle=8389817 False None APT 38 3.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET While analyzing a Lazarus attack luring employees of an aerospace company, ESET researchers discovered a publicly undocumented backdoor]]> 2023-09-29T09:30:08+00:00 https://www.welivesecurity.com/en/eset-research/lazarus-luring-employees-trojanized-coding-challenges-case-spanish-aerospace-company/ www.secnews.physaphae.fr/article.php?IdArticle=8389818 False None APT 38,APT 38 3.0000000000000000 Bleeping Computer - Magazine Américain The North Korean \'Lazarus\' hacking group targeted employees of an aerospace company located in Spain with fake job opportunities to hack into the corporate network using a previously unknown \'LightlessCan\' backdoor. [...]]]> 2023-09-29T05:30:00+00:00 https://www.bleepingcomputer.com/news/security/lazarus-hackers-breach-aerospace-firm-with-new-lightlesscan-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8389428 False Malware,Hack APT 38 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korea-affiliated Lazarus Group has stolen nearly $240 million in cryptocurrency since June 2023, marking a significant escalation of its hacks. According to multiple reports from Certik, Elliptic, and ZachXBT, the infamous hacking group is said to be suspected behind the theft of $31 million in digital assets from the CoinEx exchange on September 12, 2023. The crypto heist aimed at]]> 2023-09-17T12:02:00+00:00 https://thehackernews.com/2023/09/north-koreas-lazarus-group-suspected-in.html www.secnews.physaphae.fr/article.php?IdArticle=8384403 False None APT 38,APT 38 2.0000000000000000 Recorded Future - FLux Recorded Future Les experts de la société de suivi des crypto-monnaies Elliptic disent que les pirates nord-coréens sont les principaux suspects du vol de 31 millions de dollars en crypto-monnaie du Coinex Exchange rapporté plus tôt cette semaine.Les analystes Comparation des transactions destiné à masquer les fonds pris dans le coinex baist avec les suites des attaquessur le casino en ligne pieu.com et portefeuille de crypto-monnaie

---

Experts at the cryptocurrency-tracking company Elliptic say North Korean hackers are the prime suspects in the theft of $31 million in cryptocurrency from the CoinEx exchange reported earlier this week. The analysts compared transactions intended to hide funds taken in the CoinEx heist with the aftermath of attacks on online casino Stake.com and cryptocurrency wallet]]> 2023-09-15T16:15:00+00:00 https://therecord.media/coinex-cryptocurrency-heist-north-korea www.secnews.physaphae.fr/article.php?IdArticle=8383748 False None APT 38 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine North Korean actors have become prolific crypto-thieves]]> 2023-09-14T09:30:00+00:00 https://www.infosecurity-magazine.com/news/lazarus-group-blamed-53m-heist-at/ www.secnews.physaphae.fr/article.php?IdArticle=8382592 False None APT 38,APT 38 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine ESET explained the impact of the supply chain attack translated to a 16.8% increase in Trojan detections]]> 2023-09-11T16:00:00+00:00 https://www.infosecurity-magazine.com/news/lazarus-group-targets-macos-supply/ www.secnews.physaphae.fr/article.php?IdArticle=8381404 False None APT 38,APT 38 2.0000000000000000 AhnLab - Korean Security Firm juillet 2023 Problèmes majeurs sur les groupes APT 1) APT28 2) APT29 3) APT31 4) Camouflaged Hunter 5) Chicheur charmant 6) Gamaredon 7) Kimsuky 8) Konni 9) Lazarus 10) Mustang Panda 11) Patchwork 12) Eyes rouges 13) Pirates d'espace 14) Turla 15) ATIP_2023_JUL_JULAT RAPPORT D'APTER LE Rapport sur les APT

---

July 2023 Major Issues on APT Groups 1) APT28 2) APT29 3) APT31 4) Camouflaged Hunter 5) Charming Kitten 6) Gamaredon 7) Kimsuky 8) Konni 9) Lazarus 10) Mustang Panda 11) Patchwork 12) Red Eyes 13) Space Pirates 14) Turla 15) Unclassified ATIP_2023_Jul_Threat Trend Report on APT Groups ]]> 2023-09-11T05:02:48+00:00 https://asec.ahnlab.com/en/56971/ www.secnews.physaphae.fr/article.php?IdArticle=8381128 False Threat,Prediction APT 38,APT 35,APT 35,APT 29,APT 29,APT 37,APT 37,APT 31,APT 28,APT 28 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korean threat actor known as Andariel has been observed employing an arsenal of malicious tools in its cyber assaults against corporations and organizations in the southern counterpart. “One characteristic of the attacks identified in 2023 is that there are numerous malware strains developed in the Go language,” the AhnLab Security Emergency Response Center (ASEC) said in a deep dive]]> 2023-09-05T15:45:00+00:00 https://thehackernews.com/2023/09/researchers-warn-of-cyber-weapons-used.html www.secnews.physaphae.fr/article.php?IdArticle=8379144 False Malware,Tool,Threat APT 38 2.0000000000000000 Kaspersky - Kaspersky Research blog Q2 2023 overview: targeted attacks such as Operation Triangulation, CloudWizard and Lazarus activity, Nokoyawa ransomware, and others.]]> 2023-08-30T10:00:05+00:00 https://securelist.com/it-threat-evolution-q2-2023/110355/ www.secnews.physaphae.fr/article.php?IdArticle=8376639 False Threat APT 38 3.0000000000000000 TechRepublic - Security News US The Cisco Talos report exposes new malware used by the group to target Internet backbone infrastructure and healthcare organizations in the U.K. and the U.S.]]> 2023-08-25T22:04:17+00:00 https://www.techrepublic.com/article/cisco-talos-lazarus-group-new-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8374666 False Malware APT 38,APT 38 3.0000000000000000 Recorded Future - FLux Recorded Future Un groupe de hackers notoire travaillant pour le compte du gouvernement nord-coréen utilise une nouvelle souche de malware pour attaquer les établissements de santé et l'infrastructure de base Internet en Europe et aux États-Unis.Des chercheurs en sécurité de Cisco Talos publié deux rapports décrivant une série d'incidents impliquant le groupe de piratage informatique Lazarus de longue date, qui ont fait la une des journaux.

---

A notorious hacking group working on behalf of the North Korean government is using a new strain of malware to attack healthcare entities and internet backbone infrastructure in Europe and the United States. Security researchers from Cisco Talos published two reports outlining a string of incidents involving the long-running Lazarus hacking group, which garnered headlines]]> 2023-08-25T13:32:00+00:00 https://therecord.media/lazarus-new-malware-manageengine-open-source www.secnews.physaphae.fr/article.php?IdArticle=8374521 False Malware APT 38,APT 38 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine QuiteRAT, the North-Korea-Backed group\'s new malware, exploits a 2022 ManageEngine ServiceDesk vulnerability]]> 2023-08-25T07:30:00+00:00 https://www.infosecurity-magazine.com/news/lazarus-internet-healthcare/ www.secnews.physaphae.fr/article.php?IdArticle=8374396 False Malware,Vulnerability APT 38,APT 38 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korea-linked threat actor known as Lazarus Group has been observed exploiting a now-patched critical security flaw impacting Zoho ManageEngine ServiceDesk Plus to distribute a remote access trojan called such as QuiteRAT. Targets include internet backbone infrastructure and healthcare entities in Europe and the U.S., cybersecurity company Cisco Talos said in a two-part analysis]]> 2023-08-24T20:46:00+00:00 https://thehackernews.com/2023/08/lazarus-group-exploits-critical-zoho.html www.secnews.physaphae.fr/article.php?IdArticle=8374129 False Malware,Threat APT 38,APT 38 2.0000000000000000 Dark Reading - Informationweek Branch The world\'s most notorious threat actor is using an unprecedented tactic for sneaking spyware into the IT networks of important companies.]]> 2023-08-24T12:05:00+00:00 https://www.darkreading.com/attacks-breaches/north-koreas-lazarus-group-used-gui-framework-to-build-stealthy-rat www.secnews.physaphae.fr/article.php?IdArticle=8374035 False Threat APT 38,APT 38 2.0000000000000000 The State of Security - Magazine Américain After a series of high-profile cryptocurrency heists, a state-sponsored North Korean malicious hacking group is poised to cash out millions of dollars. That\'s the opinion of the FBI, which this week has warned cryptocurrency companies about recent blockchain activity it has observed connected to the theft of hundreds of millions of cryptocurrency in recent months. The FBI says that the notorious North Korean-backed Lazarus Group is behind a series of recent attacks, including: June 22 2023 - The theft of $60 million worth of virtual currency from Alphapo. June 22 2023 - The theft of $37...]]> 2023-08-24T09:05:13+00:00 https://www.tripwire.com/state-of-security/north-korea-ready-cash-out-more-40-million-bitcoin-after-summer-hacks-warns-fbi www.secnews.physaphae.fr/article.php?IdArticle=8374079 False None APT 38,APT 38 2.0000000000000000 Bleeping Computer - Magazine Américain The North Korean state-backed hacker group tracked as Lazarus has been exploiting a critical vulnerability (CVE-2022-47966) in Zoho\'s ManageEngine ServiceDesk to compromise an internet backbone infrastructure provider and healthcare organizations. [...]]]> 2023-08-24T08:31:20+00:00 https://www.bleepingcomputer.com/news/security/hackers-use-public-manageengine-exploit-to-breach-internet-org/ www.secnews.physaphae.fr/article.php?IdArticle=8374056 False Vulnerability APT 38 2.0000000000000000 Dark Reading - Informationweek Branch The most recent stolen bitcoin comes just after three major operations occurred in June, with millions stolen in each heist.]]> 2023-08-23T19:00:00+00:00 https://www.darkreading.com/threat-intelligence/fbi-warns-of-cryptocurrency-heists-by-north-koreas-lazarus-group www.secnews.physaphae.fr/article.php?IdArticle=8373773 False None APT 38,APT 38 2.0000000000000000 Recorded Future - FLux Recorded Future Le FBI a attribué trois cyberattaques récentes sur les plateformes de crypto-monnaie au groupe de piratage APT38 du gouvernement nord-coréen - connu par de nombreux chercheurs sous le nom de Lazarus ouTRADERTRAITOR .Juin a vu trois incidents à la tête de titre impliquant des sociétés de crypto-monnaie: un 100 millions de dollars de pirate de portefeuille atomique le 2 juin , ainsi que deux attaques du 22 juin dans lesquelles les cybercriminels

---

The FBI has attributed three recent cyberattacks on cryptocurrency platforms to the North Korean government\'s APT38 hacking group - known by many researchers as Lazarus or TraderTraitor. June saw three headline-grabbing incidents involving cryptocurrency companies: a $100 million hack of Atomic Wallet on June 2, as well as two June 22 attacks in which cybercriminals]]> 2023-08-23T14:49:00+00:00 https://therecord.media/north-korea-lazarus-behind-crypto-heists www.secnews.physaphae.fr/article.php?IdArticle=8373688 False Hack APT 38,APT 38 2.0000000000000000 AhnLab - Korean Security Firm Tendances du groupe APT & # 8211;Juin 2023 1) Andariel 2) APT28 3) Cadet Blizzard (Dev-0586) 4) Camaro Dragon 5) Chicheau charmant (Mint Sandstorm) 6) Gamaredon (Shuckworm) 7) Ke3Chang (Apt15, Nickel) 8) Kimsuky 9) Lazarus 10) Eau boueuse 11) Mustang Panda 12) Oceanlotus 13) Patchwork (éléphant blanc) 14) REd Eyes (APT37) 15) Sharp Panda 16) Sidecopy 17) Soldat Stealth ATIP_2023_JUN_THREAT Rapport de tendance sur les groupes APT

---

APT Group Trends – June 2023  1) Andariel 2) APT28 3) Cadet Blizzard (DEV-0586) 4) Camaro Dragon 5) Charming Kitten (Mint Sandstorm) 6) Gamaredon (Shuckworm) 7) Ke3chang (APT15, Nickel) 8) Kimsuky 9) Lazarus 10) Muddy Water 11) Mustang Panda 12) OceanLotus 13) Patchwork (White Elephant) 14) Red Eyes (APT37) 15) Sharp Panda 16) SideCopy 17) Stealth Soldier ATIP_2023_Jun_Threat Trend Report on APT Groups ]]> 2023-08-16T06:46:45+00:00 https://asec.ahnlab.com/en/56195/ www.secnews.physaphae.fr/article.php?IdArticle=8370575 False Threat,Prediction APT 38,APT 35,APT 35,APT 25,APT 32,APT 32,APT 37,APT 37,APT 15,APT 15,APT 28,APT 28 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors associated with the hacking crew known as Patchwork have been spotted targeting universities and research organizations in China as part of a recently observed campaign. The activity, according to KnownSec 404 Team, entailed the use of a backdoor codenamed EyeShell. Patchwork, also known by the names Operation Hangover and Zinc Emerson, is suspected to be a threat group that]]> 2023-07-31T18:00:00+00:00 https://thehackernews.com/2023/07/patchwork-hackers-target-chinese.html www.secnews.physaphae.fr/article.php?IdArticle=8363854 False Threat APT 38,APT 38 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Two new breaches traced back to prolific Lazarus group]]> 2023-07-28T09:00:00+00:00 https://www.infosecurity-magazine.com/news/north-korean-hackers-100m-crypto/ www.secnews.physaphae.fr/article.php?IdArticle=8362628 False None APT 38,APT 38 2.0000000000000000 Bleeping Computer - Magazine Américain Estonian crypto-payments service provider CoinsPaid has announced that it experienced a cyber attack on July 22nd, 2023, that resulted in the theft of $37,200,000 worth of cryptocurrency. [...]]]> 2023-07-27T17:58:48+00:00 https://www.bleepingcomputer.com/news/security/coinspaid-blames-lazarus-hackers-for-theft-of-37-300-000-in-crypto/ www.secnews.physaphae.fr/article.php?IdArticle=8362435 False None APT 38 2.0000000000000000 Bleeping Computer - Magazine Américain Blockchain analysts blame the North Korean Lazarus hacking group for a recent attack on payment processing platform Alphapo where the attackers stole almost $60 million in crypto. [...]]]> 2023-07-26T16:19:34+00:00 https://www.bleepingcomputer.com/news/security/lazarus-hackers-linked-to-60-million-alphapo-cryptocurrency-heist/ www.secnews.physaphae.fr/article.php?IdArticle=8361882 False None APT 38 3.0000000000000000 Global Security Mag - Site de news francais Malwares]]> 2023-07-26T07:49:46+00:00 https://www.globalsecuritymag.fr/Le-groupe-APT-Lazarus-detourne-les-serveurs-IIS-Microsoft-pour-diffuser-des.html www.secnews.physaphae.fr/article.php?IdArticle=8361605 False None APT 38 2.0000000000000000 Bleeping Computer - Magazine Américain The North Korean state-sponsored Lazarus hacking group is breaching Windows Internet Information Service (IIS) web servers to hijack them for malware distribution. [...]]]> 2023-07-24T16:34:23+00:00 https://www.bleepingcomputer.com/news/security/lazarus-hackers-hijack-microsoft-iis-servers-to-spread-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8360915 False Malware APT 38 2.0000000000000000 AhnLab - Korean Security Firm Ahnlab Security Emergency Response Center (ASEC) a découvert que Lazarus, un groupe de menaces considéré comme des points de distribution à l'échelle nationale, attaque leurs logiciels de Windows Internet (IIS) Services Web et les utilise comme points de distribution pour leurs logiciels malveillants.Le groupe est connu pour utiliser la technique du trou d'arrosage pour l'accès initial. & # 160; [1] Le groupe pirate d'abord les sites Web coréens et modifie le contenu fourni à partir du site.Lorsqu'un système utilisant une version vulnérable d'Inisafe Crossweb Ex V6 visite ce site via un ...

---

AhnLab Security Emergency response Center (ASEC) has discovered that Lazarus, a threat group deemed to be nationally funded, is attacking Windows Internet Information Service (IIS) web servers and using them as distribution points for their malware. The group is known to use the watering hole technique for initial access. [1] The group first hacks Korean websites and modifies the content provided from the site. When a system using a vulnerable version of INISAFE CrossWeb EX V6 visits this website via a... ]]> 2023-07-24T01:00:00+00:00 https://asec.ahnlab.com/en/55369/ www.secnews.physaphae.fr/article.php?IdArticle=8360671 False Malware,Threat APT 38 2.0000000000000000 Recorded Future - FLux Recorded Future Les pirates nord-coréens étaient à l'origine d'une violation de l'entreprise logicielle JumpCloud qui faisait partie d'une tentative d'attaque de chaîne d'approvisionnement ciblant les sociétés de crypto-monnaie, a-t-il été rapporté jeudi.JumpCloud - qui fournit des outils de gestion de l'identité et de l'accès aux appareils d'entreprise - a annoncé plus tôt ce mois-ci qu'une «nation sophistiquée-Acteur de menace parrainé par l'État »avait réussi

---

North Korean hackers were behind a breach of the software business JumpCloud that formed part of an attempted supply-chain attack targeting cryptocurrency companies, it was reported on Thursday. JumpCloud - which provides identity and access management tools for enterprise devices - announced earlier this month that a “sophisticated nation-state sponsored threat actor” had managed in]]> 2023-07-20T12:50:00+00:00 https://therecord.media/north-korea-jumpcloud-attempted-supply-chain-attack-cryptocurrency www.secnews.physaphae.fr/article.php?IdArticle=8359229 False Tool,Threat APT 38 2.0000000000000000 Bleeping Computer - Magazine Américain US-based enterprise software company JumpCloud was breached by North Korean Lazarus Group hackers, according to security researchers at SentinelOne and CrowdStrike. [...]]]> 2023-07-20T08:25:44+00:00 https://www.bleepingcomputer.com/news/security/jumpcloud-breach-traced-back-to-north-korean-state-hackers/ www.secnews.physaphae.fr/article.php?IdArticle=8359230 False None APT 38,APT 38 2.0000000000000000 AhnLab - Korean Security Firm Les cas de grands groupes APT pour le mai 2023 réunis à partir de documents rendus publics par des sociétés de sécurité et des institutions sont comme commesuit.& # 8211;Agrius & # 8211;Andariel & # 8211;APT28 & # 8211;APT29 & # 8211;APT-C-36 (Blind Eagle) & # 8211;Camaro Dragon & # 8211;CloudWizard & # 8211;Earth Longzhi (APT41) & # 8211;Goldenjackal & # 8211;Kimsuky & # 8211;Lazarus & # 8211;Lancefly & # 8211;Oilalpha & # 8211;Red Eyes (Apt37, Scarcruft) & # 8211;Sidecopy & # 8211;Sidewinder & # 8211;Tribu transparente (APT36) & # 8211;Volt Typhoon (Silhouette de bronze) ATIP_2023_MAY_TRADEAT Rapport sur les groupes APT_20230609

---

The cases of major APT groups for May 2023 gathered from materials made public by security companies and institutions are as follows. – Agrius – Andariel – APT28 – APT29 – APT-C-36 (Blind Eagle) – Camaro Dragon – CloudWizard – Earth Longzhi (APT41) – GoldenJackal – Kimsuky – Lazarus – Lancefly – OilAlpha – Red Eyes (APT37, ScarCruft) – SideCopy – SideWinder – Transparent Tribe (APT36) – Volt Typhoon (Bronze Silhouette) ATIP_2023_May_Threat Trend Report on APT Groups_20230609 ]]> 2023-07-07T02:33:29+00:00 https://asec.ahnlab.com/en/55184/ www.secnews.physaphae.fr/article.php?IdArticle=8353225 False Threat,Prediction APT 38,GoldenJackal,GoldenJackal,APT-C-36,APT 29,APT 29,APT 37,APT 37,Guam,Guam,APT 28,APT 28,APT 41,APT 36,APT 36,APT-C-17,APT-C-17 3.0000000000000000 Bleeping Computer - Magazine Américain Security analysts have discovered a previously undocumented remote access trojan (RAT) named \'EarlyRAT,\' used by Andariel, a sub-group of the Lazarus North Korean state-sponsored hacking group. [...]]]> 2023-06-29T13:39:41+00:00 https://www.bleepingcomputer.com/news/security/new-earlyrat-malware-linked-to-north-korean-andariel-hacking-group/ www.secnews.physaphae.fr/article.php?IdArticle=8350710 False Malware APT 38 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Kaspersky analyzes the group\'s tactics and reveals the emergence of a new threat called EarlyRat]]> 2023-06-28T15:30:00+00:00 https://www.infosecurity-magazine.com/news/andariels-mistakes-uncover-new/ www.secnews.physaphae.fr/article.php?IdArticle=8350192 False Malware,Threat APT 38 3.0000000000000000 UnderNews - Site de news "pirate" francais Kaspersky a mené une enquête approfondie sur les activités d’Andariel, un sous-groupe notoire du groupe Lazarus. Au cours de cette enquête, les chercheurs de Kaspersky ont découvert une nouvelle famille de logiciels malveillants appelée EarlyRat, qui est utilisée par Andariel en plus de leur utilisation connue du malware DTrack et du ransomware Maui. L’analyse des […] The post Kaspersky découvre une nouvelle famille de logiciels malveillants utilisés par Andariel, le sous-groupe de Lazarus first appeared on UnderNews.]]> 2023-06-28T12:39:49+00:00 https://www.undernews.fr/malwares-virus-antivirus/kaspersky-decouvre-une-nouvelle-famille-de-logiciels-malveillants-utilises-par-andariel-le-sous-groupe-de-lazarus.html www.secnews.physaphae.fr/article.php?IdArticle=8350132 False Ransomware,Malware APT 38 4.0000000000000000 AhnLab - Korean Security Firm comme couvert précédemment ici sur le blog ASEC, le groupe de menace Lazarus exploite les vulnérabilités d'Inisafe Crossweb Ex etMagicline4nx dans leurs attaques.New Malware of Lazarus Threat Group Actor Group exploitant le processus Initch (26 avril 2022) Un cas d'infection par les logiciels malveillants par le groupe d'attaque de Lazarus désactivant les programmes anti-malware avec la technique BYOVD (31 octobre 2022) tout en surveillant les activités du groupe de menaces de Lazarus, Ahnlab Security Emergency Response Center (ASEC) a récemment découvert que la vulnérabilité zéro-jour de Vestcert ...

---

As covered before here on the ASEC Blog, the Lazarus threat group exploits the vulnerabilities of INISAFE CrossWeb EX and MagicLine4NX in their attacks. New Malware of Lazarus Threat Actor Group Exploiting INITECH Process (Apr 26, 2022) A Case of Malware Infection by the Lazarus Attack Group Disabling Anti-Malware Programs With the BYOVD Technique (Oct 31, 2022) While monitoring the activities of the Lazarus threat group, AhnLab Security Emergency response Center (ASEC) recently discovered that the zero-day vulnerability of VestCert... ]]> 2023-06-14T23:00:00+00:00 https://asec.ahnlab.com/en/54195/ www.secnews.physaphae.fr/article.php?IdArticle=8345547 False Malware,Vulnerability,Threat APT 38 2.0000000000000000 The Register - Site journalistique Anglais Users\' cryptocurrency wallets look unlikely to be refilled The North Korean criminal gang Lazarus Group has been blamed for last weekend\'s attack on Atomic Wallet that drained at least $35 million in cryptocurrency from private accounts.…]]> 2023-06-08T23:04:13+00:00 https://go.theregister.com/feed/www.theregister.com/2023/06/08/lazarus_link_atomic_wallet/ www.secnews.physaphae.fr/article.php?IdArticle=8343424 False None APT 38 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Notorious North Korean group pegged for recent campaign]]> 2023-06-08T09:00:00+00:00 https://www.infosecurity-magazine.com/news/lazarus-group-blamed-for-atomic/ www.secnews.physaphae.fr/article.php?IdArticle=8343266 False None APT 38 2.0000000000000000 Recorded Future - FLux Recorded Future Les pirates nord-coréens nords du groupe de Lazare pourraient potentiellement être responsables du braquage de crypto-monnaie de 35 millions de dollars de la plate-forme de portefeuille décentralisée Atomic Wallet, selon les analystes.Utilisateurs de portefeuilles atomiques \\ 'portefeuilles ont été compromis Plus tôt la semaine dernière.Selon la société \\ de la société, déclaration , moins de 1% de ses clients actifs mensuels ont été affectés par le hack.

---

The notorious North Korean hackers of Lazarus Group could potentially be responsible for the $35 million cryptocurrency heist from the decentralized wallet platform Atomic Wallet, according to analysts. Atomic Wallet users\' wallets were compromised earlier last week. According to the company\'s statement, less than 1% of its monthly active customers were affected by the hack.]]> 2023-06-07T20:11:00+00:00 https://therecord.media/lazarus-group-attributed-to-atomic-wallet-heist-elliptic www.secnews.physaphae.fr/article.php?IdArticle=8343141 False None APT 38 3.0000000000000000 Recorded Future - FLux Recorded Future Les pirates basés en Corée du Nord usurpent des institutions financières et des sociétés de capital-risque aux États-Unis, au Vietnam et au Japon, selon de nouvelles recherches.Le groupe insikt de l'avenir enregistré a lié la campagne à ]]> 2023-06-06T14:44:00+00:00 https://therecord.media/north-korean-hacking-group-spoofs-venture-capital-firms-finance-japan-vietnam www.secnews.physaphae.fr/article.php?IdArticle=8342577 False None APT 38 2.0000000000000000