This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-10T18:48:58+00:00 www.secnews.physaphae.fr SecureMac - Security focused on MAC également connu sous le nom de heur: trojan-downloader.osx.lazarus.gen Type: Menace hybride Plateforme: Mac OS 9 Dernière mise à jour: 28/11/24 7:01 AM Niveau de menace: High Description Ce malware installe une porte dérobée pour l'exécution de la commande distante et abuse du fichier de configuration Zshenv pour la persistance, en contournant les mécanismes de sécurité de MacOS comme les notifications des éléments de connexion. BLUENOROFF REPLATION DE LA MONAGE MacScan peut détecter et supprimer la menace hybride Bluenoroff de votre système, ainsi que de protéger d'autres menaces de sécurité et de confidentialité. Un essai de 30 jours est disponible pour scanner votre système pour cette menace. Télécharger macScan

---

>also known as HEUR:Trojan-Downloader.OSX.Lazarus.gen Type: Hybrid Threat Platform: Mac OS 9 Last updated: 11/28/24 7:01 am Threat Level: High Description This malware installs a backdoor for remote command execution and abuses the zshenv configuration file for persistence, bypassing macOS’s security mechanisms like Login Items notifications. BlueNoroff Threat Removal MacScan can detect and remove BlueNoroff Hybrid Threat from your system, as well as provide protection against other security and privacy threats. A 30-day trial is available to scan your system for this threat. Download MacScan ]]> 2025-05-07T10:17:41+00:00 https://www.securemac.com/definitions/BlueNoroff www.secnews.physaphae.fr/article.php?IdArticle=8672872 False Malware,Threat APT 38 2.0000000000000000 GB Hacker - Blog de reverseur Les analystes de menaces de push silencieuses ont découvert une nouvelle campagne de cyberattaque effrayante orchestrée par le groupe de menace persistante avancée (APT) nord-coréen connue sous le nom d'interview contagieuse, également appelée célèbre Chollima, un sous-groupe du célèbre groupe Lazare. Cette entité parrainée par l'État a été impliquée dans de nombreux efforts de cyber-espionnage sophistiqués ciblant les industries mondiales, avec un […] particulier […]

---

>Silent Push Threat Analysts have uncovered a chilling new cyberattack campaign orchestrated by the North Korean Advanced Persistent Threat (APT) group known as Contagious Interview, also referred to as Famous Chollima, a subgroup of the notorious Lazarus group. This state-sponsored entity has been implicated in numerous sophisticated cyber-espionage efforts targeting global industries, with a particular […] ]]> 2025-04-25T17:34:28+00:00 https://gbhackers.com/north-korean-apt-hackers-pose-as-companies/ www.secnews.physaphae.fr/article.php?IdArticle=8667769 False Malware,Threat APT 38 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) At least six organizations in South Korea have been targeted by the prolific North Korea-linked Lazarus Group as part of a campaign dubbed Operation SyncHole. The activity targeted South Korea\'s software, IT, financial, semiconductor manufacturing, and telecommunications industries, according to a report from Kaspersky published today. The earliest evidence of compromise was first detected in]]> 2025-04-24T19:41:00+00:00 https://thehackernews.com/2025/04/lazarus-hits-6-south-korean-firms-via.html www.secnews.physaphae.fr/article.php?IdArticle=8667217 False Malware,Vulnerability,Threat APT 38 3.0000000000000000 GB Hacker - Blog de reverseur Une récente campagne de cyber-espionnage par le célèbre groupe de menaces persistantes (APT) de Lazarus avancée (APT), suivie comme «Opération Synchole», a compromis au moins six organisations sud-coréennes à travers les logiciels, l'informatique, le financier, les semi-conducteurs et les secteurs de télécommunications depuis novembre 2024. […]

---

>A recent cyber espionage campaign by the notorious Lazarus Advanced Persistent Threat (APT) group, tracked as “Operation SyncHole,” has compromised at least six South Korean organizations across software, IT, financial, semiconductor, and telecommunications sectors since November 2024. According to detailed research, the attackers employed a combination of watering hole attacks and exploited vulnerabilities in widely […] ]]> 2025-04-24T17:07:50+00:00 https://gbhackers.com/lazarus-apt-targets-organizations/ www.secnews.physaphae.fr/article.php?IdArticle=8667290 False Vulnerability,Threat APT 38 3.0000000000000000 Bleeping Computer - Magazine Américain In a recent espionage campaign, the infamous North Korean threat group Lazarus targeted multiple organizations in the software, IT, finance, and telecommunications sectors in South Korea. [...]]]> 2025-04-24T15:13:32+00:00 https://www.bleepingcomputer.com/news/security/lazarus-hackers-breach-six-companies-in-watering-hole-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8667329 False Threat APT 38 3.0000000000000000 Global Security Mag - Site de news francais Malwares]]> 2025-04-24T09:27:52+00:00 https://www.globalsecuritymag.fr/kaspersky-decouvre-de-nouvelles-cyberattaques-menees-par-lazarus-visant-les.html www.secnews.physaphae.fr/article.php?IdArticle=8667081 False None APT 38 3.0000000000000000 Kaspersky - Kaspersky Research blog Kaspersky GReAT experts uncovered a new campaign by Lazarus APT that exploits vulnerabilities in South Korean software products and uses a watering hole approach.]]> 2025-04-24T05:00:04+00:00 https://securelist.com/operation-synchole-watering-hole-attacks-by-lazarus/116326/ www.secnews.physaphae.fr/article.php?IdArticle=8666967 False Vulnerability APT 38 3.0000000000000000 The State of Security - Magazine Américain Advanced Persistent Threat (APT) groups are not a new scourge. These sophisticated, state-sponsored cyber adversaries, with deep pockets and highly advanced technical skills, conduct prolonged and targeted attacks to infiltrate networks, exfiltrate sensitive data, and disrupt critical infrastructure. The stakes have never been higher, so in this blog, we\'ll look at some of the most notorious APT actors, their unique Tactics, Techniques, and Procedures (TTPs), and attacks attributed to them, and offer a few tips on how to defend against them. The Lazarus Group Originating from North Korea, the...]]> 2025-04-16T02:46:50+00:00 https://www.tripwire.com/state-of-security/apt-rogues-gallery-worlds-most-dangerous-cyber-adversaries www.secnews.physaphae.fr/article.php?IdArticle=8663404 False Threat,Technical APT 38 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korean threat actors behind Contagious Interview have adopted the increasingly popular ClickFix social engineering tactic to lure job seekers in the cryptocurrency sector to deliver a previously undocumented Go-based backdoor called GolangGhost on Windows and macOS systems. The new activity, assessed to be a continuation of the campaign, has been codenamed ClickFake Interview by]]> 2025-04-03T17:52:00+00:00 https://thehackernews.com/2025/04/lazarus-group-targets-job-seekers-with.html www.secnews.physaphae.fr/article.php?IdArticle=8660049 False Malware,Threat APT 38 3.0000000000000000 SecurityWeek - Security News Les pirates de Lazarus de la Corée du Nord utilisent la technique ClickFix pour le déploiement de logiciels malveillants dans de nouvelles attaques ciblant l'écosystème de crypto-monnaie.

---

>North Korea\'s Lazarus hackers are using the ClickFix technique for malware deployment in fresh attacks targeting the cryptocurrency ecosystem. ]]> 2025-04-02T10:45:54+00:00 https://www.securityweek.com/lazarus-uses-clickfix-tactics-in-fake-cryptocurrency-job-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8659799 False Malware APT 38 3.0000000000000000 Dark Reading - Informationweek Branch A continuation of the North Korean nation-state threat\'s campaign against employment seekers uses the social engineering attack to target CeFi organizations with the GolangGhost backdoor.]]> 2025-04-01T13:21:21+00:00 https://www.darkreading.com/cyberattacks-data-breaches/lazarus-apt-clickfix-bandwagon-attacks www.secnews.physaphae.fr/article.php?IdArticle=8659619 False Threat APT 38 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine New “ClickFake Interview” campaign attributed to the Lazarus Group targets crypto professionals with fake job offers]]> 2025-03-31T15:00:00+00:00 https://www.infosecurity-magazine.com/news/clickfake-interview-campaign/ www.secnews.physaphae.fr/article.php?IdArticle=8659410 False None APT 38 3.0000000000000000 Bleeping Computer - Magazine Américain The notorious North Korean Lazarus hacking group has reportedly adopted \'ClickFix\' tactics to deploy malware targeting job seekers in the cryptocurrency industry, particularly centralized finance (CeFi). [...]]]> 2025-03-31T11:56:54+00:00 https://www.bleepingcomputer.com/news/security/north-korean-hackers-adopt-clickfix-attacks-to-target-crypto-firms/ www.secnews.physaphae.fr/article.php?IdArticle=8659416 False Malware APT 38 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Treasury Department has announced that it\'s removing sanctions against Tornado Cash, a cryptocurrency mixer service that has been accused of aiding the North Korea-linked Lazarus Group to launder their ill-gotten proceeds. "Based on the Administration\'s review of the novel legal and policy issues raised by use of financial sanctions against financial and commercial activity occurring]]> 2025-03-22T13:02:00+00:00 https://thehackernews.com/2025/03/us-treasury-lifts-tornado-cash.html www.secnews.physaphae.fr/article.php?IdArticle=8657361 False Commercial APT 38 2.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Les chercheurs de socket ont déclaré que les packages de logiciels malveillants avaient été téléchargés collectivement plus de 330 fois. GitHub a supprimé tous les packages malveillants mercredi.

---

>Socket researchers said the malware-ridden packages were collectively downloaded over 330 times. GitHub removed all of the malicious packages Wednesday. ]]> 2025-03-12T22:31:17+00:00 https://cyberscoop.com/lazarus-group-north-korea-malicious-npm-packages-socket/ www.secnews.physaphae.fr/article.php?IdArticle=8655397 False None APT 38 2.0000000000000000 HackRead - Chercher Cyber Lazarus Group targets developers with malicious npm packages, stealing credentials, crypto, and installing backdoor. Stay alert to protect your projects.]]> 2025-03-12T00:15:21+00:00 https://hackread.com/lazarus-group-backdoor-fake-npm-packages-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8655158 False None APT 38 2.0000000000000000 BBC - BBC News - Technology Hackers from the infamous Lazarus Group are in a cat-and-mouse game to launder their stolen funds from the ByBit heist.]]> 2025-03-10T01:11:47+00:00 https://www.bbc.com/news/articles/c2kgndwwd7lo www.secnews.physaphae.fr/article.php?IdArticle=8654807 False Hack APT 38 3.0000000000000000 Detection Engineering - Blog Sécu Let\'s take out Lazarus.]]> 2025-03-05T13:03:46+00:00 https://www.detectionengineering.net/p/det-eng-weekly-105-im-assembling www.secnews.physaphae.fr/article.php?IdArticle=8653814 False None APT 38 2.0000000000000000 TechRepublic - Security News US North Korea\'s Lazarus Group pulled off the $1.5B Bybit hack, making it the biggest crypto heist ever. Here\'s how they did it-and what\'s next.]]> 2025-03-03T14:05:24+00:00 https://www.techrepublic.com/article/bybit-hack-north-korea-crypto-heist-2025/ www.secnews.physaphae.fr/article.php?IdArticle=8653050 False Hack APT 38 3.0000000000000000 Recorded Future - FLux Recorded Future The bureau attributed the $1.5 billion hack to the North Korean threat actor known as TraderTraitor, or Lazarus, following similar assessments by cybersecurity researchers.]]> 2025-02-27T15:28:39+00:00 https://therecord.media/fbi-bybit-laundering-crypto-warning www.secnews.physaphae.fr/article.php?IdArticle=8651661 False Hack,Threat APT 38 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Federal Bureau of Investigation (FBI) formally linked the record-breaking $1.5 billion Bybit hack to North Korean threat actors, as the company\'s CEO Ben Zhou declared a "war against Lazarus." The agency said the Democratic People\'s Republic of Korea (North Korea) was responsible for the theft of the virtual assets from the cryptocurrency exchange, attributing it to a specific cluster]]> 2025-02-27T12:45:00+00:00 https://thehackernews.com/2025/02/bybit-hack-traced-to-safewallet-supply.html www.secnews.physaphae.fr/article.php?IdArticle=8651510 False Hack,Threat APT 38 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine FBI confirms North Korea\'s Lazarus Group responsible for Bybit crypto heist]]> 2025-02-27T09:35:00+00:00 https://www.infosecurity-magazine.com/news/fbi-confirms-north-koreas-lazarus/ www.secnews.physaphae.fr/article.php?IdArticle=8651545 False None APT 38 3.0000000000000000 The Register - Site journalistique Anglais

---

Up to $140M in bounty rewards for return of Ethereum allegedly pilfered by hermit nation Cryptocurrency exchange Bybit, just days after suspected North Korean operatives stole $1.5 billion in Ethereum from it, has launched a bounty program to help recover its funds.… ]]> 2025-02-26T23:49:20+00:00 https://go.theregister.com/feed/www.theregister.com/2025/02/26/bybit_lazarus_bounty/ www.secnews.physaphae.fr/article.php?IdArticle=8651414 False None APT 38,APT 37 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Le montant volé la semaine dernière dépasse ce que le groupe a pu voler tout en 2024.

---

>The amount stolen last week surpasses what the group was able to steal in all of 2024. ]]> 2025-02-25T18:49:07+00:00 https://cyberscoop.com/bybit-lazarus-group-north-korea-ethereum/ www.secnews.physaphae.fr/article.php?IdArticle=8650952 False None APT 38 4.0000000000000000 Dark Reading - Informationweek Branch Cyberattackers believed to be affiliated with the state-sponsored threat group pulled off the largest crypto heist reported to date, stealing $1.5 billion from exchange Bybit. It was carried out by interfering with a routine transfer between wallets.]]> 2025-02-25T10:16:39+00:00 https://www.darkreading.com/cyberattacks-data-breaches/north-korea-lazarus-crypto-heist www.secnews.physaphae.fr/article.php?IdArticle=8650949 False Threat APT 38 4.0000000000000000 Recorded Future - FLux Recorded Future Cybersecurity researchers say North Korean hackers are behind the largest cryptocurrency heist in history and are actively laundering the more than $1.4 billion in cryptocurrency stolen from the Bybit exchange on Friday.]]> 2025-02-24T18:28:46+00:00 https://therecord.media/lazarus-hackers-behind-bybit-crypto-heist www.secnews.physaphae.fr/article.php?IdArticle=8650592 False None APT 38 4.0000000000000000 Recorded Future - FLux Recorded Future The latest package of EU sanctions related to Russia\'s invasion of Ukraine included the leader of the North Korean intelligence agency known for backing the Lazarus group and other high-profile hacking operations.]]> 2025-02-24T18:25:49+00:00 https://therecord.media/eu-sanctions-north-korea-ukraine-war-lazarus-group www.secnews.physaphae.fr/article.php?IdArticle=8650593 False None APT 38 3.0000000000000000 HackRead - Chercher Cyber Investigators link the $1.4B Bybit hack to North Korea\'s Lazarus Group, exposing a major crypto heist tied to state-backed cybercrime and money laundering.]]> 2025-02-23T20:13:39+00:00 https://hackread.com/investigators-link-bybit-hack-north-korea-lazarus-group/ www.secnews.physaphae.fr/article.php?IdArticle=8650283 False Hack APT 38 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korean threat actor known as the Lazarus Group has been linked to a previously undocumented JavaScript implant named Marstech1 as part of limited targeted attacks against developers. The active operation has been dubbed Marstech Mayhem by SecurityScorecard, with the malware delivered by means of an open-source repository hosted on GitHub that\'s associated with a profile named "]]> 2025-02-14T23:58:00+00:00 https://thehackernews.com/2025/02/lazarus-group-deploys-marstech1.html www.secnews.physaphae.fr/article.php?IdArticle=8648530 False Malware,Threat APT 38 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine SecurityScorecard has uncovered a sophisticated campaign linked to North Korea\'s Lazarus Group, distributing crypto-stealing malware]]> 2025-02-13T10:15:00+00:00 https://www.infosecurity-magazine.com/news/north-korea-crypto-devs-npm/ www.secnews.physaphae.fr/article.php?IdArticle=8648337 False Malware APT 38 3.0000000000000000 Mandiant - Blog Sécu de Mandiant 2025-02-11T20:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/cybercrime-multifaceted-national-security-threat/ www.secnews.physaphae.fr/article.php?IdArticle=8648141 False Ransomware,Malware,Tool,Vulnerability,Threat,Legislation,Medical,Cloud,Technical APT 41,APT 38,APT 29,APT 43,APT 44 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine A Bitdefender researcher was targeted by North Korea\'s Lazarus with the lure of a fake job offer]]> 2025-02-06T14:50:00+00:00 https://www.infosecurity-magazine.com/news/lazarus-bitdefender-linkedin-scam/ www.secnews.physaphae.fr/article.php?IdArticle=8647224 False None APT 38 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korea-linked Lazarus Group has been linked to an active campaign that leverages fake LinkedIn job offers in the cryptocurrency and travel sectors to deliver malware capable of infecting Windows, macOS, and Linux operating systems. According to cybersecurity company Bitdefender, the scam begins with a message sent on a professional social media network, enticing them with the promise of]]> 2025-02-05T20:25:00+00:00 https://thehackernews.com/2025/02/cross-platform-javascript-stealer.html www.secnews.physaphae.fr/article.php?IdArticle=8647065 False Malware APT 38 3.0000000000000000 The Register - Site journalistique Anglais Stealing crypto is so 2024. Supply-chain attacks leading to data exfil pays off better? North Korea\'s Lazarus Group compromised hundreds of victims across the globe in a massive secret-stealing supply chain attack that was ongoing as of earlier this month, according to security researchers.… ]]> 2025-01-29T23:51:45+00:00 https://go.theregister.com/feed/www.theregister.com/2025/01/29/lazarus_groups_supply_chain_attack/ www.secnews.physaphae.fr/article.php?IdArticle=8644522 False None APT 38 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korean threat actor known as the Lazarus Group has been observed leveraging a "web-based administrative platform" to oversee its command-and-control (C2) infrastructure, giving the adversary the ability to centrally supervise all aspects of their campaigns. "Each C2 server hosted a web-based administrative platform, built with a React application and a Node.js API," SecurityScorecard\'s]]> 2025-01-29T22:26:00+00:00 https://thehackernews.com/2025/01/lazarus-group-uses-react-based-admin.html www.secnews.physaphae.fr/article.php?IdArticle=8644398 False Threat APT 38 3.0000000000000000 Dark Reading - Informationweek Branch The threat actor is using a sophisticated network of VPNs and proxies to centrally manage command and control servers from Pyongyang.]]> 2025-01-29T21:39:00+00:00 https://www.darkreading.com/cyberattacks-data-breaches/researchers-uncover-lazarus-admin-layer-c2-servers www.secnews.physaphae.fr/article.php?IdArticle=8644483 False Threat APT 38 3.0000000000000000 Techworm - News wrote in a blog post published on Thursday. In Windows, a Relative Identifier (RID) is part of a Security Identifier (SID), which exclusively distinguishes each user and group within a domain. For instance, an administrator account will have a RID value of “500”, “501” for guest accounts, “512” for the domain admins group, and for regular users, the RID will start from the value “of 1000”. In a RID hijacking attack, hackers change the RID of a low-privilege account to the same value as an administrator account. As a result, Windows grants administrative privileges to the account. However, to pull this off, attackers need access to the SAM (Security Account Manager) registry, which requires them to already have SYSTEM-level access to the targeted machine for modification. Attackers typically use tools such as PsExec and JuicyPotato to escalate their privileges and launch a SYSTEM-level command prompt. While SYSTEM access is the highest privilege in Windows, it has certain limitations: it doesn\'t allow remote access, cannot interact with GUI apps, generates noisy activity that can be easily detected and doesn\'t persist after a system reboot. To work around these issues, Andariel first created a hidden, low-privilege local user account by appending a “$” character to its username. This made the account invisible in regular listings but still accessible in the SAM registry. The attackers then carried out RID hijacking to escalate the account’s privileges to the administrator level. According to the researchers, Andariel added the modified account to the Remote Desktop Users and Administrators groups, giving them more control over the system. The group tweaked the SAM registry using custom malware and an open-source tool to execute the RID hijacking. Although SYSTEM access could allow the direct creation of administrator accounts, this method is less conspicuous, making it difficult to detect and prevent. To avoid detection, Andariel also exported and backed up the modified registry settings, deleted the rogue account, and restored it later from the backup when needed, bypassing system logs and making detection even harder. To reduce the risk of RID hijacking, system administrators should implement proactive measures such as: Use the Local Security Authority (LSA) Subsystem Service to monitor unusual login attempts and password changes. Prevent unauthorized access to the SAM registry. Restricting the use of tools like PsExec and JuicyPotato. Disabling guest accounts. Enforcing multi-factor authentication (MFA) for all user accounts, including low-privileged ones.

---

Cybersecurity researchers at AhnLab have discovered that a North Korean threat group uses malicious files to hijack RIDs and grant admin access to low-privilege Windows accounts. According to ASEC researchers, AhnLab’s security intelligence center, the hacking group behind the attack is the “Andariel” threat group, linked to North Korea’s Lazarus hacker group. “RID Hijacking is ]]> 2025-01-25T20:07:25+00:00 https://www.techworm.net/2025/01/hacker-rid-hijacking-create-admin-accounts-windows.html www.secnews.physaphae.fr/article.php?IdArticle=8642525 False Malware,Tool,Threat APT 38,APT 45 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine SecurityScorecard identified a new campaign in which the North Korean Lazarus group aims to steal source code, secrets and cryptocurrency wallet keys from developer environments]]> 2025-01-17T15:30:00+00:00 https://www.infosecurity-magazine.com/news/lazarus-developers-data-theft/ www.secnews.physaphae.fr/article.php?IdArticle=8638804 False None APT 38 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korea-linked Lazarus Group has been attributed to a new cyber attack campaign dubbed Operation 99 that targeted software developers looking for freelance Web3 and cryptocurrency work to deliver malware. "The campaign begins with fake recruiters, posing on platforms like LinkedIn, luring developers with project tests and code reviews," Ryan Sherstobitoff, senior vice president of Threat]]> 2025-01-15T21:07:00+00:00 https://thehackernews.com/2025/01/lazarus-group-targets-web3-developers.html www.secnews.physaphae.fr/article.php?IdArticle=8637830 False Malware,Threat APT 38 2.0000000000000000 Dark Reading - Informationweek Branch "Operation 99" uses job postings to lure freelance software developers into downloading malicious Git repositories. From there, malware infiltrates developer projects to steal source code, secrets, and cryptocurrency.]]> 2025-01-15T16:02:08+00:00 https://www.darkreading.com/threat-intelligence/north-korea-lazarus-apt-developer-recruitment-attacks www.secnews.physaphae.fr/article.php?IdArticle=8637791 False Malware APT 38 2.0000000000000000 Recorded Future - FLux Recorded Future The governments said North Korea\'s notorious Lazarus Group hackers “continue to demonstrate a pattern of malicious behavior in cyberspace by conducting numerous cybercrime campaigns to steal cryptocurrency and targeting exchanges, digital asset custodians, and individual users.”]]> 2025-01-15T15:47:12+00:00 https://therecord.media/us-japan-south-korea-urge-crypto-industry-of-north-korean-hackers www.secnews.physaphae.fr/article.php?IdArticle=8637788 False None APT 38 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot Last week\'s OSINT reporting highlights the persistence and evolution of cyber threats targeting a wide range of sectors, from cryptocurrency exchanges to aerospace and defense industries. The predominant attack vectors include phishing, exploitation of long-standing vulnerabilities, and the use of advanced malware like StealBit, OtterCookie, and VBCloud. Threat actors such as North Korea\'s Lazarus Group and TraderTraitor, as well as botnets like FICORA and CAPSAICIN, continue to refine their tactics, leveraging]]> 2024-12-30T12:02:43+00:00 https://community.riskiq.com/article/2ec56fef www.secnews.physaphae.fr/article.php?IdArticle=8631656 False Ransomware,Malware,Tool,Vulnerability,Threat,Cloud APT 38 2.0000000000000000 HackRead - Chercher Cyber KEY SUMMARY POINTS Securelist by Kaspersky has published its latest threat intelligence report focused on the activities of…]]> 2024-12-23T20:06:03+00:00 https://hackread.com/lazarus-group-nuclear-industry-cookieplus-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8629231 False Malware,Threat APT 38 4.0000000000000000 Recorded Future - FLux Recorded Future Researchers at Kaspersky said they found the Lazarus Group using “a complex infection chain that included multiple types of malware, such as a downloader, loader, and backdoor, demonstrating the group\'s evolved delivery and improved persistence methods.”]]> 2024-12-23T19:32:18+00:00 https://therecord.media/lazarus-group-new-tools-kaspersky www.secnews.physaphae.fr/article.php?IdArticle=8629232 False Malware,Tool APT 38 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Lazarus Group, an infamous threat actor linked to the Democratic People\'s Republic of Korea (DPRK), has been observed leveraging a "complex infection chain" targeting at least two employees belonging to an unnamed nuclear-related organization within the span of one month in January 2024. The attacks, which culminated in the deployment of a new modular backdoor referred to as CookiePlus, are]]> 2024-12-20T16:14:00+00:00 https://thehackernews.com/2024/12/lazarus-group-spotted-targeting-nuclear.html www.secnews.physaphae.fr/article.php?IdArticle=8627927 False Malware,Threat APT 38 4.0000000000000000 Kaspersky - Kaspersky Research blog Lazarus targets employees of a nuclear-related organization with a bunch of malware, such as MISTPEN, LPEClient, RollMid, CookieTime and a new modular backdoor CookiePlus.]]> 2024-12-19T10:00:55+00:00 https://securelist.com/lazarus-new-malware/115059/ www.secnews.physaphae.fr/article.php?IdArticle=8627438 False Malware APT 38 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-11-18T12:22:31+00:00 https://community.riskiq.com/article/2560112c www.secnews.physaphae.fr/article.php?IdArticle=8613484 False Ransomware,Malware,Tool,Vulnerability,Threat,Prediction,Medical,Cloud,Technical APT 41,APT 38 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot Researchers at Group-IB have ide]]> 2024-11-15T15:40:32+00:00 https://community.riskiq.com/article/7c6b391d www.secnews.physaphae.fr/article.php?IdArticle=8611812 False Malware,Threat,Prediction APT 38 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors have been found leveraging a new technique that abuses extended attributes for macOS files to smuggle a new malware called RustyAttr. The Singaporean cybersecurity company has attributed the novel activity with moderate confidence to the infamous North Korea-linked Lazarus Group, citing infrastructure and tactical overlaps observed in connection with prior campaigns, including]]> 2024-11-14T15:21:00+00:00 https://thehackernews.com/2024/11/new-rustyattr-malware-targets-macos.html www.secnews.physaphae.fr/article.php?IdArticle=8610957 False Malware,Threat APT 38 3.0000000000000000 HackRead - Chercher Cyber Group-IB has uncovered Lazarus group\'s stealthy new trojan and technique of hiding malicious code in extended attributes on…]]> 2024-11-14T13:13:41+00:00 https://hackread.com/lazarus-group-macos-rustyattr-trojan-fake-job-pdfs/ www.secnews.physaphae.fr/article.php?IdArticle=8611075 False None APT 38 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Lazarus APT has been found smuggling malware onto macOS devices using custom extended attributes, evading detection]]> 2024-11-13T16:00:00+00:00 https://www.infosecurity-magazine.com/news/lazarus-extended-attributes-macos/ www.secnews.physaphae.fr/article.php?IdArticle=8610465 False Malware APT 38 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-28T11:27:40+00:00 https://community.riskiq.com/article/fa5a55d5 www.secnews.physaphae.fr/article.php?IdArticle=8602805 False Ransomware,Spam,Malware,Tool,Vulnerability,Threat,Prediction,Medical,Cloud,Technical APT 38,Guam 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-25T16:11:10+00:00 https://community.riskiq.com/article/e831e4ae www.secnews.physaphae.fr/article.php?IdArticle=8601740 False Ransomware,Malware,Tool,Vulnerability,Threat APT 38 2.0000000000000000 Global Security Mag - Site de news francais Investigations]]> 2024-10-24T23:33:00+00:00 https://www.globalsecuritymag.fr/le-groupe-apt-lazarus-a-exploite-une-vulnerabilite-zero-day-dans-chrome-pour.html www.secnews.physaphae.fr/article.php?IdArticle=8602217 False Vulnerability,Threat APT 38 2.0000000000000000 HackRead - Chercher Cyber North Korean hackers from Lazarus Group exploited a zero-day vulnerability in Google Chrome to target cryptocurrency investors with…]]> 2024-10-24T17:38:25+00:00 https://hackread.com/north-korean-hackers-crypto-deceptive-game-zero-day-exploit/ www.secnews.physaphae.fr/article.php?IdArticle=8601586 False Vulnerability,Threat APT 38 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Lazarus Group exploited Google Chrome zero-day, infecting systems with Manuscrypt malware]]> 2024-10-24T16:00:00+00:00 https://www.infosecurity-magazine.com/news/lazarus-group-exploits-google/ www.secnews.physaphae.fr/article.php?IdArticle=8601571 False Malware,Vulnerability,Threat APT 38 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korean threat actor known as Lazarus Group has been attributed to the zero-day exploitation of a now-patched security flaw in Google Chrome to seize control of infected devices. Cybersecurity vendor Kaspersky said it discovered a novel attack chain in May 2024 that targeted the personal computer of an unnamed Russian national with the Manuscrypt backdoor. This entails triggering the]]> 2024-10-24T15:23:00+00:00 https://thehackernews.com/2024/10/lazarus-group-exploits-google-chrome.html www.secnews.physaphae.fr/article.php?IdArticle=8601531 False Vulnerability,Threat APT 38 2.0000000000000000 SecurityWeek - Security News Le Lazarus APT a créé un site Web trompeur qui a exploité un chrome zéro-jour pour installer des logiciels malveillants et voler la crypto-monnaie.

---

>The Lazarus APT created a deceptive website that exploited a Chrome zero-day to install malware and steal cryptocurrency. ]]> 2024-10-24T13:02:10+00:00 https://www.securityweek.com/north-korean-hackers-exploited-chrome-zero-day-for-cryptocurrency-theft/ www.secnews.physaphae.fr/article.php?IdArticle=8601542 False Malware,Vulnerability,Threat APT 38 2.0000000000000000 Dark Reading - Informationweek Branch The North Korean actor is going after cryptocurrency investors worldwide leveraging a genuine-looking game site and AI-generated content and images.]]> 2024-10-23T20:55:13+00:00 https://www.darkreading.com/cyberattacks-data-breaches/lazarus-group-exploits-chrome-zero-day-campaign www.secnews.physaphae.fr/article.php?IdArticle=8601480 False Vulnerability,Threat APT 38 2.0000000000000000 Kaspersky - Kaspersky Research blog Kaspersky GReAT experts break down the new campaign of Lazarus APT which uses social engineering and exploits a zero-day vulnerability in Google Chrome for financial gain.]]> 2024-10-23T11:00:48+00:00 https://securelist.com/lazarus-apt-steals-crypto-with-a-tank-game/114282/ www.secnews.physaphae.fr/article.php?IdArticle=8601458 False Vulnerability,Threat APT 38 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-21T11:41:26+00:00 https://community.riskiq.com/article/02320e34 www.secnews.physaphae.fr/article.php?IdArticle=8600983 False Ransomware,Malware,Tool,Vulnerability,Threat,Cloud APT 38,APT 37,APT-C-17 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-18T20:59:53+00:00 https://community.riskiq.com/article/b0437795 www.secnews.physaphae.fr/article.php?IdArticle=8599903 False Malware,Tool APT 38 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-15T21:16:48+00:00 https://community.riskiq.com/article/9ce29d67 www.secnews.physaphae.fr/article.php?IdArticle=8598422 False Malware,Tool,Threat APT 38 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-02T20:01:11+00:00 https://community.riskiq.com/article/a558d6ba www.secnews.physaphae.fr/article.php?IdArticle=8590707 False Tool,Vulnerability,Threat,Patching APT 38 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors with ties to North Korea have been observed using poisoned Python packages as a way to deliver a new malware called PondRAT as part of an ongoing campaign. PondRAT, according to new findings from Palo Alto Networks Unit 42, is assessed to be a lighter version of POOLRAT (aka SIMPLESEA), a known macOS backdoor that has been previously attributed to the Lazarus Group and deployed in]]> 2024-09-23T12:09:00+00:00 https://thehackernews.com/2024/09/new-pondrat-malware-hidden-in-python.html www.secnews.physaphae.fr/article.php?IdArticle=8582747 False Malware,Threat APT 38 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-20T15:50:36+00:00 https://community.riskiq.com/article/906408c8 www.secnews.physaphae.fr/article.php?IdArticle=8580619 False Malware,Tool,Threat APT 38 3.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain Convainquez-les de télécharger des logiciels malveillants.De A Article de presse Ces attaques particulières de l'équipe de piratage de piratage financée par l'État nord-coréen Lazarus est nouveau, mais la campagne globale de logiciels malveillants contre la communauté de développement de Python est en cours depuis au moins août 2023, lorsqu'un certain nombre de Python open source populaireLes outils ont été dupliqués avec malveillance avec des logiciels malveillants ajoutés.Maintenant, cependant, il y a aussi des attaques impliquant & # 8220; Tests de codage & # 8221;Cela n'existe que pour amener l'utilisateur final à installer des logiciels malveillants cachés sur son système (intelligemment caché avec le codage de base64) qui permet une exécution à distance une fois présente.La capacité d'exploitation à ce stade est à peu près illimitée, en raison de la flexibilité de Python et de la façon dont elle interagit avec le système d'exploitation sous-jacent ...

---

Interesting social engineering attack: luring potential job applicants with fake recruiting pitches, trying to convince them to download malware. From a news article These particular attacks from North Korean state-funded hacking team Lazarus Group are new, but the overall malware campaign against the Python development community has been running since at least August of 2023, when a number of popular open source Python tools were maliciously duplicated with added malware. Now, though, there are also attacks involving “coding tests” that only exist to get the end user to install hidden malware on their system (cleverly hidden with Base64 encoding) that allows remote execution once present. The capacity for exploitation at that point is pretty much unlimited, due to the flexibility of Python and how it interacts with the underlying OS...]]> 2024-09-17T11:02:34+00:00 https://www.schneier.com/blog/archives/2024/09/python-developers-targeted-with-malware-during-fake-job-interviews.html www.secnews.physaphae.fr/article.php?IdArticle=8578307 False Malware,Tool APT 38 3.0000000000000000 Contagio - Site d infos ransomware 2023-11-23 Palo Alto Unit42: Hacking Employers and Seeking Employment: Two Job-Related This is a 2023 article by Unit42 covering two cyber campaigns, "Contagious Interview" (CL-STA-0240) and "Wagemole" (CL-STA-0241), linked to the Lazarus group (North Korea). There is a more recent campaign VMCONNECT described by Reversing Labs here 2024-09-10 Fake recruiter coding tests target devs with malicious Python packages but I don\'t have samples for that one. These campaigns target job-seeking activities to deploy malware and conduct espionage. Contagious Interview (CL-STA-0240):The campaign targets software developers by posing as employers and convincing them to download malicious NPM packages during fake job interviews. The malware, BeaverTail and InvisibleFerret, is cross-platform, running on Windows, Linux, and macOS.BeaverTail: A JavaScript-based malware that steals cryptocurrency wallet information and loads the second-stage payload, InvisibleFerret.InvisibleFerret: A Python-based backdoor with capabilities including fingerprinting, remote control, keylogging, and browser credential theft. It communicates with a C2 server using JSON-formatted messages and supports commands for data exfiltration and additional malware deployment.The threat actors use GitHub to host malicious NPM packages, creating accounts with minimal activity to avoid detection.Wagemole (CL-STA-0241):Wagemole involves North Korean actors using fake identities to apply for remote IT jobs, likely to funnel wages to North Korea\'s weapons programs and potentially conduct espionage.Exposed Infrastructure: Researchers found resumes, interview scripts, and other fraudulent materials on GitHub. These documents impersonate IT professionals and aim to gain unauthorized employment at US companies.Download]]> 2024-09-12T14:11:31+00:00 https://contagiodump.blogspot.com/2024/09/2023-11-23-beavertail-and.html www.secnews.physaphae.fr/article.php?IdArticle=8575417 False Malware,Threat APT 38 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Lazarus Group has been observed impersonating Capital One staff to lure developers into downloading malware on open source repositories]]> 2024-09-12T13:00:00+00:00 https://www.infosecurity-magazine.com/news/lazarus-developers-vmconnect/ www.secnews.physaphae.fr/article.php?IdArticle=8575244 False Malware APT 38 2.0000000000000000 Bleeping Computer - Magazine Américain Members of the North Korean hacker group Lazarus posing as recruiters are baiting Python developers with coding test project for password management products that include malware. [...]]]> 2024-09-11T17:09:36+00:00 https://www.bleepingcomputer.com/news/security/fake-password-manager-coding-test-used-to-hack-python-developers/ www.secnews.physaphae.fr/article.php?IdArticle=8574813 False Malware,Hack APT 38 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have uncovered a new set of malicious Python packages that target software developers under the guise of coding assessments. "The new samples were tracked to GitHub projects that have been linked to previous, targeted attacks in which developers are lured using fake job interviews," ReversingLabs researcher Karlo Zanki said. The activity has been assessed to be part of]]> 2024-09-11T15:16:00+00:00 https://thehackernews.com/2024/09/developers-beware-lazarus-group-uses.html www.secnews.physaphae.fr/article.php?IdArticle=8574518 False Malware APT 38 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-09T11:04:46+00:00 https://community.riskiq.com/article/563312a4 www.secnews.physaphae.fr/article.php?IdArticle=8573205 False Ransomware,Malware,Tool,Vulnerability,Threat,Prediction,Medical,Commercial APT 38,APT 29 2.0000000000000000 HackRead - Chercher Cyber A new Group-IB report highlights an ongoing campaign by the North Korean Lazarus Group, known as the “Eager…]]> 2024-09-08T23:26:37+00:00 https://hackread.com/lazarus-group-blockchain-fake-video-conferencing-job-scam/ www.secnews.physaphae.fr/article.php?IdArticle=8572921 False None APT 38 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-06T20:50:58+00:00 https://community.riskiq.com/article/2d5ffbad www.secnews.physaphae.fr/article.php?IdArticle=8571535 True Ransomware,Malware,Tool,Threat APT 38 2.0000000000000000 Mandiant - Blog Sécu de Mandiant Where money goes, crime follows. The rapid growth of Web3 has presented new opportunities for threat actors, especially in decentralized finance (DeFi), where the heists are larger and more numerous than anything seen in the traditional finance sector. Mandiant has a long history of investigating bank heists. In 2016, Mandiant investigated the world\'s largest bank heist that occurred at the Bank of Bangladesh and resulted in the theft of $81 million by North Korea\'s APT38. While the group\'s operations were quite innovative and made for an entertaining 10-episode podcast by the BBC, it pales in comparison to Web3 heists. In 2022, the largest DeFi heist occurred on Sky Mavis\' Ronin Blockchain, which resulted in the theft of over $600 million by North Korean threat actors. While North Korea is arguably the world\'s leading cyber criminal enterprise, they are not the only player. Since 2020, there have been hundreds of Web3 heists reported, which has resulted in over $12 billion in stolen digital assets Source: Chainalysis 2024 Crypto Crime Report While social engineering, crypto drainers, rug pulls (scams), and ]]> 2024-09-03T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/examining-web3-heists/ www.secnews.physaphae.fr/article.php?IdArticle=8569124 False Malware,Hack,Vulnerability,Threat,Cloud APT 38 2.0000000000000000 Contagio - Site d infos ransomware ]]> 2024-09-02T16:43:39+00:00 https://contagiodump.blogspot.com/2024/09/2022-2024-north-korea-citrine-sleet.html www.secnews.physaphae.fr/article.php?IdArticle=8568712 False Vulnerability,Threat,Conference APT 38 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-08-29T19:44:20+00:00 https://community.riskiq.com/article/0ce29639 www.secnews.physaphae.fr/article.php?IdArticle=8567037 False Malware,Tool,Vulnerability,Threat APT 38 2.0000000000000000 SecureMac - Security focused on MAC également connu sous le nom de heur: trojan-psw.osx.beavertail.a Type: Menace hybride Plateforme: Mac OS 9 Dernière mise à jour: 07/31/24 15:52 PM Niveau de menace: High Description Nukesped est une menace hybride qui est attribuée au groupe nord-coréen Lazare, est un outil de cyber-espionnage avancé conçu pour voler des données sensibles et perturber les opérations. . Retrait des menaces nuclées MacScan peut détecter et éliminer la menace hybride nucléaire de votre système, ainsi que de protéger d'autres menaces de sécurité et de confidentialité.Un essai de 30 jours est disponible pour scanner votre système pour cette menace. télécharger macscan

---

>also known as HEUR:Trojan-PSW.OSX.BeaverTail.a Type: Hybrid Threat Platform: Mac OS 9 Last updated: 07/31/24 3:52 pm Threat Level: High Description Nukesped is a hybrid threat that is attributed to the North Korean Lazarus Group, is an advanced cyber espionage tool designed to steal sensitive data and disrupt operations. Nukesped Threat Removal MacScan can detect and remove Nukesped Hybrid Threat from your system, as well as provide protection against other security and privacy threats. A 30-day trial is available to scan your system for this threat. Download MacScan ]]> 2024-08-29T10:04:45+00:00 https://www.securemac.com/definitions/Nukesped www.secnews.physaphae.fr/article.php?IdArticle=8566302 False Tool,Threat APT 38 3.0000000000000000 SecurityWeek - Security News La vulnérabilité, suivie en CVE-2024-38193 et ​​marquée comme \\ 'activement exploitée \' par Microsoft, permet des privilèges système sur les derniers systèmes d'exploitation Windows.

---

>The vulnerability, tracked as CVE-2024-38193 and marked as \'actively exploited\' by Microsoft, allows SYSTEM privileges on the latest Windows operating systems. ]]> 2024-08-19T15:35:53+00:00 https://www.securityweek.com/windows-zero-day-attack-linked-to-north-koreas-lazarus-apt/ www.secnews.physaphae.fr/article.php?IdArticle=8560350 False Vulnerability,Threat APT 38 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A newly patched security flaw in Microsoft Windows was exploited as a zero-day by Lazarus Group, a prolific state-sponsored actor affiliated with North Korea. The security vulnerability, tracked as CVE-2024-38193 (CVSS score: 7.8), has been described as a privilege escalation bug in the Windows Ancillary Function Driver (AFD.sys) for WinSock. "An attacker who successfully exploited this]]> 2024-08-19T12:35:00+00:00 https://thehackernews.com/2024/08/microsoft-patches-zero-day-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=8560131 False Vulnerability,Threat APT 38 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-07-24T23:34:10+00:00 https://community.riskiq.com/article/31828df1 www.secnews.physaphae.fr/article.php?IdArticle=8544253 False Ransomware,Malware,Tool,Vulnerability,Threat,Industrial,Cloud,Technical,Commercial APT 38 3.0000000000000000 Mandiant - Blog Sécu de Mandiant   Since early 2022, Mandiant has observed the revival and intensification of threat activity from actors leveraging hacktivist tactics and techniques. This comes decades after hacktivism first emerged as a form of online activism and several years since many defenders last considered hacktivism to be a serious threat. However, this new generation of hacktivism has grown to encompass a more complex and often impactful fusion of tactics different actors leverage for their specific objectives. Today\'s hacktivists exhibit increased capabilities in both intrusion and information operations demonstrated by a range of activities such as executing massive disruptive attacks, compromising networks to leak information, conducting information operations, and even tampering with physical world processes. They have leveraged their skills to gain notoriety and reputation, promote political ideologies, and actively support the strategic interests of nation-states. The anonymity provided by hacktivist personas coupled with the range of objectives supported by hacktivist tactics have made them a top choice for both state and non-state actors seeking to exert influence through the cyber domain. This blog post presents Mandiant\'s analysis of the hacktivism threat landscape, and provides analytical tools to understand and assess the level of risk posed by these groups. Based on years of experience tracking hacktivist actors, their claims, and attacks, our insight is meant to help organizations understand and prioritize meaningful threat activity against their own networks and equities. Figure 1: Sample of imagery used by hacktivists to promote their threat activity Proactive Monitoring of Hacktivist Threats Necessary for Defenders to Anticipate Cyberattacks Mandiant considers activity to be hacktivism when actors claim to or conduct attacks with the publicly stated intent of engaging in political or social activism. The large scale of hacktivism\'s resurgence presents a critical challenge to defenders who need to proactively sift through the noise and assess the risk posed by a multitude of actors with ranging degrees of sophistication. While in many cases hacktivist activity represents a marginal threat, in the most significant hacktivist operations Mandiant has tracked, threat actors have deliberately layered multiple tactics in hybrid operations in such a way that the effect of each component magnified the others. In some cases, hacktivist tactics have been deliberately employed by nation-state actors to support hybrid operations that can seriously harm victims. As the volume and complexity of activity grows and new actors leverage hacktivist tactics, defenders must determine how to filter, assess, and neutralize a range of novel and evolving threats. The proactive moni]]> 2024-06-27T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/global-revival-of-hacktivism/ www.secnews.physaphae.fr/article.php?IdArticle=8526607 False Malware,Tool,Threat,Legislation,Industrial,Cloud,Commercial APT 38 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-05-31T22:14:46+00:00 https://community.riskiq.com/article/08f4a417 www.secnews.physaphae.fr/article.php?IdArticle=8510885 False Malware,Tool,Vulnerability,Threat APT 38 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A never-before-seen North Korean threat actor codenamed Moonstone Sleet has been attributed as behind cyber attacks targeting individuals and organizations in the software and information technology, education, and defense industrial base sectors with ransomware and bespoke malware previously associated with the infamous Lazarus Group. "Moonstone Sleet is observed to set up fake companies and]]> 2024-05-29T16:05:00+00:00 https://thehackernews.com/2024/05/microsoft-uncovers-moonstone-sleet-new.html www.secnews.physaphae.fr/article.php?IdArticle=8509208 False Ransomware,Malware,Threat,Industrial APT 38 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korea-linked threat actor known as Lazarus Group employed its time-tested fabricated job lures to deliver a new remote access trojan called Kaolin RAT. The malware could, "aside from standard RAT functionality, change the last write timestamp of a selected file and load any received DLL binary from [command-and-control] server," Avast security researcher Luigino]]> 2024-04-25T22:17:00+00:00 https://thehackernews.com/2024/04/north-koreas-lazarus-group-deploys-new.html www.secnews.physaphae.fr/article.php?IdArticle=8488646 False Malware,Threat APT 38 2.0000000000000000 Dark Reading - Informationweek Branch Lazarus, Kimsuky, and Andariel all got in on the action, stealing "important" data from firms responsible for defending their southern neighbors (from them).]]> 2024-04-24T16:27:13+00:00 https://www.darkreading.com/cyberattacks-data-breaches/north-korea-apt-triumvirate-spied-on-south-korean-defense-industry-for-years www.secnews.physaphae.fr/article.php?IdArticle=8488095 False None APT 38 2.0000000000000000 Zataz - Magazine Francais de secu 2024-03-19T14:01:20+00:00 https://www.zataz.com/lazarus-group-htx-heco/ www.secnews.physaphae.fr/article.php?IdArticle=8466703 False Hack APT 38 3.0000000000000000 Recorded Future - FLux Recorded Future Le groupe de piratage de Lazarus de la Corée du Nord aurait repris un ancien service afin de laver 23 millions de dollars volés lors d'une attaque en novembre. & NBSP;Les enquêteurs de la société de recherche Blockchain, Elliptic, ont déclaré vendredi qu'au dernier jour où ils avaient & nbsp;vu les fonds - une partie des 112,5 millions de dollars volés au HTX

---

North Korea\'s Lazarus hacking group allegedly has turned back to an old service in order to launder $23 million stolen during an attack in November.  Investigators at blockchain research company Elliptic said on Friday that in the last day they had  seen the funds - part of the $112.5 million stolen from the HTX]]> 2024-03-15T18:33:59+00:00 https://therecord.media/lazarus-group-north-korea-tornado-cash-money-laundering www.secnews.physaphae.fr/article.php?IdArticle=8464489 False None APT 38 3.0000000000000000 AhnLab - Korean Security Firm aperçu du 13 février 2024, Microsoft a annoncé une élévation du noyau Windows des privilèges Vulnérabilité CVE-2012-21338correctif.La vulnérabilité se produit à certains ioctl de & # 8220; appid.sys & # 8221;Connu sous le nom de pilote AppLocker, l'une des fonctionnalités Windows.L'acteur de menace peut lire et écrire sur une mémoire de noyau aléatoire en exploitant la vulnérabilité, et peut soit désactiver les produits de sécurité ou gagner le privilège du système.Avast a rapporté que le groupe de menaces Lazarus a récemment utilisé la vulnérabilité CVE-2024-21338 à désactiver les produits de sécurité.Ainsi, les utilisateurs de Windows OS sont ...

---

Overview On February 13th, 2024, Microsoft announced a Windows Kernel Elevation of Privilege Vulnerability CVE-2024-21338 patch. The vulnerability occurs at certain IOCTL of “appid.sys” known as AppLocker‘s driver, one of the Windows feature. The threat actor can read and write on a random kernel memory by exploiting the vulnerability, and can either disable security products or gain system privilege. AVAST reported that the Lazarus threat group has recently used CVE-2024-21338 vulnerability to disable security products. Thus, Windows OS users are... ]]> 2024-03-06T08:56:56+00:00 https://asec.ahnlab.com/en/62668/ www.secnews.physaphae.fr/article.php?IdArticle=8459725 False Vulnerability,Threat APT 38 2.0000000000000000 Dark Reading - Informationweek Branch North Korean state actors Lazarus Group used a Windows AppLocker zero day, along with a new and improved rootkit, in a recent cyberattack, researchers report.]]> 2024-03-01T00:17:13+00:00 https://www.darkreading.com/vulnerabilities-threats/microsoft-zero-day-used-by-lazarus-in-rootkit-attack www.secnews.physaphae.fr/article.php?IdArticle=8457255 False Threat APT 38 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The notorious Lazarus Group actors exploited a recently patched privilege escalation flaw in the Windows Kernel as a zero-day to obtain kernel-level access and disable security software on compromised hosts. The vulnerability in question is CVE-2024-21338 (CVSS score: 7.8), which can permit an attacker to gain SYSTEM privileges. It was resolved by Microsoft earlier this month as part]]> 2024-02-29T16:49:00+00:00 https://thehackernews.com/2024/02/lazarus-hackers-exploited-windows.html www.secnews.physaphae.fr/article.php?IdArticle=8456930 False Vulnerability,Threat APT 38 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The notorious North Korean state-backed hacking group Lazarus uploaded four packages to the Python Package Index (PyPI) repository with the goal of infecting developer systems with malware. The packages, now taken down, are pycryptoenv, pycryptoconf, quasarlib, and swapmempool. They have been collectively downloaded 3,269 times, with pycryptoconf accounting for the most]]> 2024-02-29T13:47:00+00:00 https://thehackernews.com/2024/02/lazarus-exploits-typos-to-sneak-pypi.html www.secnews.physaphae.fr/article.php?IdArticle=8456854 False Malware APT 38 4.0000000000000000 SecurityWeek - Security News Le groupe nord-coréen Lazarus a exploité le conducteur Applocker Zero-Day CVE-2024-21338 pour l'escalade des privilèges dans les attaques impliquant Fudmodule Rootkit.

---

>North Korean group Lazarus exploited AppLocker driver zero-day CVE-2024-21338 for privilege escalation in attacks involving FudModule rootkit. ]]> 2024-02-29T10:28:36+00:00 https://www.securityweek.com/windows-zero-day-exploited-by-north-korean-hackers-in-rootkit-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8456926 False Vulnerability,Threat APT 38 3.0000000000000000 Bleeping Computer - Magazine Américain Japan\'s Computer Security Incident Response Team (JPCERT/CC) is warning that the notorious North Korean hacking group Lazarus has uploaded four malicious PyPI packages to infect developers with malware. [...]]]> 2024-02-28T10:04:50+00:00 https://www.bleepingcomputer.com/news/security/japan-warns-of-malicious-pypi-packages-created-by-north-korean-hackers/ www.secnews.physaphae.fr/article.php?IdArticle=8456467 False Malware APT 38 2.0000000000000000 AhnLab - Korean Security Firm à travers le groupe & # 8220; Lazarus utilise la technique de chargement latéral DLL & # 8221;[1] Article de blog, Ahnlab Security Intelligence Center (ASEC) a précédemment couvert comment le groupe Lazare a utilisé la technique d'attaque de chargement de chargement DLL en utilisant des applications légitimes au stade d'accès initial pour atteindre la prochaine étape de leur processus d'attaque.Ce billet de blog couvrira les variantes de DLL ajoutées et leur routine de vérification pour les cibles.Le groupe Lazare est un groupe approprié qui cible les entreprises sud-coréennes, les institutions, les groupes de réflexion et autres.Sur ...

---

Through the “Lazarus Group Uses the DLL Side-Loading Technique” [1] blog post, AhnLab SEcurity intelligence Center(ASEC) has previously covered how the Lazarus group used the DLL side-loading attack technique using legitimate applications in the initial access stage to achieve the next stage of their attack process. This blog post will cover the added DLL variants and their verification routine for the targets. The Lazarus group is an APT group that targets South Korean companies, institutions, think tanks, and others. On... ]]> 2024-01-23T00:40:00+00:00 https://asec.ahnlab.com/en/60792/ www.secnews.physaphae.fr/article.php?IdArticle=8441897 False None APT 38 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Description Cisco Talos has discovered a new campaign conducted by the Lazarus Group, called "Operation Blacksmith," which employs at least three new DLang-based malware families, two of which are remote access trojans (RATs), where one of these uses Telegram bots and channels as a medium of command and control (C2) communications. The RATs are named "NineRAT" and "DLRAT," and the downloader is called "BottomLoader." The campaign consists of continued opportunistic targeting of enterprises globally that publicly host and expose their vulnerable infrastructure to n-day vulnerability exploitation such as CVE-2021-44228 (Log4j). Lazarus has targeted manufacturing, agricultural, and physical security companies. The malware is written in DLang, indicating a definitive shift in TTPs from APT groups falling under the Lazarus umbrella with the increased adoption of malware being authored using non-traditional frameworks such as the Qt framework, including MagicRAT and QuiteRAT. #### Reference URL(s) 1. https://blog.talosintelligence.com/lazarus_new_rats_dlang_and_telegram/ #### Publication Date December 11, 2023 #### Author(s) Jungsoo An ]]> 2023-12-13T19:34:57+00:00 https://community.riskiq.com/article/04580784 www.secnews.physaphae.fr/article.php?IdArticle=8422247 False Malware,Vulnerability APT 38 3.0000000000000000 The Register - Site journalistique Anglais Sure, they do crimes. But the plausible deniability governments adore means they deserve a different label Cybercrime gangs like the notorious Lazarus group and spyware vendors like Israel\'s NSO should be considered cyber mercenaries – and become the subject of a concerted international response – according to a Monday report from Delhi-based think tank Observer Research Foundation (ORF).…]]> 2023-12-13T06:05:28+00:00 https://go.theregister.com/feed/www.theregister.com/2023/12/13/cyber_mercenary_orf_report/ www.secnews.physaphae.fr/article.php?IdArticle=8421881 False None APT 38 2.0000000000000000 Silicon - Site de News Francais 2023-12-12T10:21:10+00:00 https://www.silicon.fr/log4j-menace-persiste-474135.html www.secnews.physaphae.fr/article.php?IdArticle=8421459 False None APT 38 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Cisco Talos discovered a new campaign conducted by the Lazarus Group that it has codenamed \'Operation Blacksmith,\' employing... ]]> 2023-12-12T09:32:48+00:00 https://industrialcyber.co/threats-attacks/cisco-reveals-operation-blacksmith-as-lazarus-targets-organizations-with-new-telegram-based-malware-in-dlang/ www.secnews.physaphae.fr/article.php?IdArticle=8421437 False Malware APT 38 3.0000000000000000 Recorded Future - FLux Recorded Future Les pirates connectés à Groupe de Lazarus de la Corée du Nord ont exploité le Vulnérabilité LOG4J Dans une campagne d'attaques ciblant les entreprises dans les secteurs de la fabrication, de l'agriculture et de la sécurité physique.Connu sous le nom de «Faire du forgeron de l'opération», la campagne a vu les pirates de Lazarus utiliser au moins trois nouvelles familles de logiciels malveillants, selon des chercheurs de Cisco Talos qui ont nommé l'un des

---

Hackers connected to North Korea\'s Lazarus Group have been exploiting the Log4j vulnerability in a campaign of attacks targeting companies in the manufacturing, agriculture and physical security sectors. Known as “Operation Blacksmith,” the campaign saw Lazarus hackers use at least three new malware families, according to researchers at Cisco Talos who named one of the]]> 2023-12-11T20:30:00+00:00 https://therecord.media/north-korean-hackers-using-log www.secnews.physaphae.fr/article.php?IdArticle=8421198 False Malware,Vulnerability APT 38 2.0000000000000000