Tag: north korea
156 articles

Russia Weighs Intelligence Sharing with North Korea Over Satellite Tech Transfer
North Korea's recent launch of the Malligyong-1 satellite marks a significant tech milestone, but the real challenge lies ahead: developing a network of coordinated satellites to monitor the Korean Peninsula and US military hubs in the Western Pacific. A single satellite just isn't enough for effective surveillance.

North Korea Unveils Heavily Armed Frigate With Unusual Machine Gun Array
Witness the awe-inspiring display of North Korea's military might as the Kang Kon frigate unleashes a barrage of 12 strategic cruise missiles and a dizzying array of heavy machine guns. Kim Jong Un personally oversaw the impressive multi-system sea trial, showcasing the vessel's cutting-edge capabilities.

North Korea-Linked npm Packages Target Developers with Stealthy Data Theft
Malicious npm packages, linked to North Korean threat actors, are impersonating popular tools to trick developers into handing over sensitive data. These sneaky packages masquerade as legitimate polyfill tools, making them hard to spot during a quick review.

North Korea Unveils Choe Hyon-class Destroyer Amid Naval Nuclearisation Push
North Korea has just unveiled its most powerful warship yet, the Choe Hyon-class destroyer, marking a major milestone in its naval modernisation efforts. This massive 145-metre-long vessel is a game-changer for the Korean People's Army Navy.

macOS Malware Embeds Fake Errors to Evade AI Analysis
Meet macOS.Gaslight, a sneaky new malware family from a North Korean-linked threat actor that's got a clever trick up its sleeve - embedding 38 fake system messages to throw off AI analysis tools. This tiny 3.5 KB payload is packed with deception, making it a formidable foe for cybersecurity experts.

Gaslight Malware Exposes AI-Assisted Analysis Limits
Meet Gaslight, a sneaky new macOS malware that uses fake system-failure messages to trick AI-powered analysis tools into doubting themselves. Created by North Korea-aligned threat actors, this Rust-based implant is a clever and concerning threat to cybersecurity.

North Korea-linked Backdoor Exploits AI Triage Tools
When building AI triage tools, it's crucial to treat sample contents as potentially hostile input, not instructions, to prevent malicious manipulation. Experts warn that failing to do so can allow attackers to sneak hostile content into your model.

Microsoft Links North Korea to Mastra AI Supply Chain Compromise
Microsoft has uncovered a massive supply chain attack on the npm registry, where over 140 packages were compromised, and has linked the operation with high confidence to Sapphire Sleet, a notorious North Korean state actor known for targeting the financial sector. This large-scale attack highlights the growing threat of North Korean hacking groups.

ScarCruft Targets Microsoft Users with NarwhalRAT Malware
Beware of fake Microsoft account alerts! A sneaky North Korean hacking group, ScarCruft, is sending phishing emails that mimic Microsoft security notifications to trick you into downloading the NarwhalRAT malware.

Japan Pursues North Korea Talks to Secure Abductees' Return
With 869 missing persons suspected to have been abducted by North Korea, Japan's Prime Minister Sanae Takaichi is pushing to break a decades-long stalemate and bring home the victims. For families and loved ones, the wait for answers and closure has dragged on far too long.

North Korea Targets Developers with 250 Fake Job Offers in Credential Heist
In a sneaky credential heist, hackers sent over 250 fake job offers to developers at nearly 100 US organizations, disguising phishing attempts as recruitment messages. The six-week scam targeted professionals in tech, education, and finance.

North Korean Hackers Exploit Coding Lures to Steal Crypto Credentials
In a sneaky move, North Korean hackers sent over 250 emails with innocent-looking coding tasks to nearly 100 US-based organizations, tricking them into handing over cryptocurrency credentials. The clever phishing scam, tracked as UNK_DeadDrop, targeted tech, education, and finance firms, with a special focus on cryptocurrency companies.

Kimsuky Expands Malware Arsenal with HTTPSpy, HelloDoor
Kimsuky, a notorious North Korean hacking group, has upgraded its malware arsenal with HTTPSpy and HelloDoor, using clever tactics like fake installation pages and a spoofed Webex meeting to infiltrate targets. The group's latest attacks involve highly tailored social engineering and real-time infection verification to maximize success.

South Korea Advances Nuclear-Powered Submarine Program
South Korea is taking a giant leap in its naval capabilities with the Jang Bogo N Project, a new class of nuclear-powered submarines that will boast functionally unlimited range, higher mobility, and lightning-fast transit times. These game-changing vessels will play a crucial role in defending against threats from North Korea's submarines and more.

Lazarus Group Deploys Memory-Only RAT in Financial Sector Attacks
The notorious Lazarus Group has unleashed a sneaky new attack tool, a memory-only Remote Access Trojan (RAT), targeting the financial sector with cunning precision. This stealthy malware, known as RemotePE, is just the latest weapon in the group's arsenal, and it's being used to infiltrate and manipulate its victims.

South Korea's Nuclear Submarine Push Tests Non-nuclear Deterrence Credibility
South Korea is on the brink of unveiling a bold plan for a nuclear-powered submarine program, a move that could send shockwaves through the non-proliferation community and put its allies and rivals on high alert. The push comes as North Korea ramps up its sea-based nuclear capabilities, with suspicions of Russian support adding to the urgency.

Banking Trojan Targets Crypto Firms with Sophisticated Attacks
A new banking Trojan, dubbed TCLBanker, is wreaking havoc on crypto and finance platforms, allowing hackers to remotely control infected systems and steal sensitive info. This sophisticated attack, linked to North Korea's notorious Lazarus Group, has already led to the largest crypto platform hack of 2026.

US Crackdown Targets 'Laptop Farms' Aiding North Korea's Illicit IT Schemes
The US has cracked down on "laptop farms" helping North Korea's illicit IT schemes, sentencing two US nationals to 18 months in prison for enabling North Korean IT workers to remotely work at nearly 70 American companies. This move is part of a federal initiative to shut down North Korea's revenue generation schemes.

ScarCruft APT Exploits Yanbian Gaming Platform for Intelligence Gathering
Meet ScarCruft, a notorious North Korea-aligned espionage group that's been caught exploiting a popular gaming platform in China to gather intel on its users. The group trojanized a site serving traditional Yanbian-themed games, compromising both Windows and Android software.

ScarCruft Expands Malware Arsenal with Multi-Platform BirdCall Backdoor
ScarCruft hackers have launched a sneaky attack on a popular video game platform, infecting both Windows and Android users with a new backdoor called BirdCall. The multi-platform threat has been targeting ethnic Koreans in China since late 2024, allowing hackers to gain unauthorized access.

ScarCruft hackers deploy BirdCall malware via gaming platform.
North Korean hackers APT37, also known as ScarCruft, have cleverly expanded their BirdCall malware to target Android devices, adapting their Windows backdoor to spy on mobile users. They even used a popular gaming platform to sneak the malware onto unsuspecting devices.

North Korea Exploits Fake Meetings to Fuel Crypto Heists
North Korea is using fake video meetings to trick people into crypto scams, fueling a growing concern in the world of cryptocurrency. This clever tactic is just one of the many evolving methods threat actors are using to steal money.

North Korea Targets Developers with AI-Generated npm Malware
Security researchers have uncovered a sneaky malware campaign targeting developers, involving a malicious npm package called @validate-sdk/v2 that's designed to steal sensitive secrets, including crypto-wallet credentials. This tainted package, linked to a North Korean threat actor, was cleverly disguised as a utility SDK for legitimate tasks like hashing and validation.

AI-Assisted Code Targets Crypto Wallets via Malicious npm Dependency
Researchers have uncovered a sneaky malicious npm campaign, dubbed PromptMink, linked to North Korean hackers Famous Chollima, which targets crypto developers with fake utility packages that secretly steal sensitive info and funds. The campaign's clever tactics even involve an AI-assisted code commit to fly under the radar.