North Korean hackers stole $53 million in cryptocurrency from crypto exchange CoinEx after the hot wallet private key was leaked.
The post North Korean Hackers Steal $53 Million in Cryptocurrency From CoinEx appeared first on SecurityWeek.
FBI says North Korean hacking group Lazarus has stolen $41 million in cryptocurrency from online betting platform Stake.com.
The post FBI Blames North Korean Hackers for $41 Million Stake.com Heist appeared first on SecurityWeek.
Google again catches a North Korean APT actor targeting security researchers with zero-days and rigged software tools.
The post Rigged Software and Zero-Days: North Korean APT Caught Hacking Security Researchers appeared first on SecurityWeek.
North Korea-linked Lazarus Group exploited a ManageEngine vulnerability to compromise an internet backbone infrastructure provider.
The post North Korean APT Hacks Internet Infrastructure Provider via ManageEngine Flaw appeared first on SecurityWeek.
North Korea-linked “Kimsuky” hackers carried out “continuous malicious email attacks” on contractors working at the war simulation centre.
The post Suspected N. Korean Hackers Target S. Korea-US Drills appeared first on SecurityWeek.
A sanctioned Russian missile maker appears to have been targeted by two important North Korean hacking groups.
The post North Korean Hackers Targeted Russian Missile Developer appeared first on SecurityWeek.
North Korean hackers are targeting employees at technology firms with repository invitations and malicious NPM packages.
The post GitHub Warns of North Korean Social Engineering Attacks Targeting Tech Firm Employees appeared first on SecurityWeek.
A hacking group linked to the North Korean government has been caught using new malware with microphone wiretapping capabilities.
The post North Korean Hackers Caught Using Malware With Microphone Wiretapping Capabilities appeared first on SecurityWeek.
3CX supply chain attack appears to have been conducted by North Korean hackers with the goal of targeting cryptocurrency firms.
The post 3CX Supply Chain Attack: North Korean Hackers Likely Targeted Cryptocurrency Firms appeared first on SecurityWeek.
The United States and South Korea have issued a joint advisory on ransomware attacks on critical infrastructure that are funding North Korea’s malicious cyber activities.
North Korean government-backed threat actors have been using ransomware in attacks against critical infrastructure for years, with at least two ransomware families attributed to them, namely Maui and H0lyGh0st.
In July last year, the US government issued a warning on North Korea’s use of Maui ransomware in attacks targeting healthcare and public health sectors.
This week, the US and South Korea issued an updated advisory, warning that North Korea is relying on ransomware attacks against healthcare and other critical infrastructure organizations to fund various objectives, including malicious cyber operations.
Typically, after compromising an organization’s network, the threat actors deploy ransomware and use it to encrypt the victim’s files. The attackers then demand a ransom to be paid in cryptocurrency in exchange for a decryption key.
“The authoring agencies assess that an unspecified amount of revenue from these cryptocurrency operations supports DPRK national-level priorities and objectives, including cyber operations targeting the United States and South Korea governments,” the alert reads.
As part of the observed ransomware operations, the North Korean threat actors build infrastructure (domains, online personas and accounts) and rely on cryptocurrency services to receive ransom proceeds that are then used to procure infrastructure for other malicious activities.
The attackers attempt to hide their identity by operating with or under third-party foreign affiliate identities, use intermediaries to receive ransom payments, and use virtual private networks (VPNs) and virtual private servers (VPSs) to hide their real IP addresses.
The threat actors have been observed exploiting known vulnerabilities for initial access, including Apache Log4j and SonicWall security bugs, but also deploying malware via trojanized files in attacks targeting small and medium-size hospitals in South Korea.
Following initial access, the attackers perform reconnaissance and lateral movement, and then deploy either custom ransomware, such as Maui and H0lyGh0st, or publicly available tools, including BitLocker, Deadbolt, Hidden Tear, Jigsaw, LockBit, Ryuk, and others.
Typically, North Korean threat actors demand from their victims a ransom in Bitcoin and communicate with them via Proton Mail email accounts.
Organizations are advised to encrypt connections with all devices on the network, implement the principle of least privilege, turn off unused network protocols and services, secure the collection, transfer and storing of personally identifiable and protected healthcare information (PII and PHI), implement multi-layer network segmentation, and monitor networks for suspicious behavior.
Furthermore, organizations should keep isolated data backups, should implement a cyber incident response plan, should keep all applications and operating systems updated, enforce strong passwords and multi-factor authentication, educate employees and users on phishing, and make sure that all remote desktop protocol (RDP) and similar connections are monitored and secured.
Related: US Disrupts North Korean Hackers That Targeted Hospitals
Related: US Healthcare Organizations Warned of ‘Daixin Team’ Ransomware Attacks
Related: US Says Chinese Military Behind Vast Aerial Spy Program
The post US, South Korea: Ransomware Attacks Fund North Korea’s Cyber Operations appeared first on SecurityWeek.
