north korea (22)

12390146467?profile=RESIZE_400xIt is no longer theoretical; the world's major powers are working with large language models to enhance offensive cyber operations.  Advanced persistent threats (APTs) aligned with China, Iran, North Korea, and Russia use large language models (LLMs) to enhance their operations.  New blog posts from OpenAI and Microsoft reveal that five prominent threat actors have used OpenAI software for research, fraud, and other malicious purposes.  After identifying them, OpenAI shuttered all their accounts

12389945471?profile=RESIZE_400xCybersecurity experts are warning that hospitals around the country are at risk for attacks like the one that is crippling operations at a premier Midwestern children’s hospital and that the US government is doing too little to prevent such breaches.  Hospitals in recent years have shifted their use of online technology to support everything from telehealth to medical devices to patient records.  Today, they are a favorite target for internet thieves who hold systems’ data and networks hostage f

12364606868?profile=RESIZE_400xA recent article raised the question of whether North Korea was the perpetrator of the cyber-attacks against Sony Pictures in December 2014.  Despite the difficulties typically associated with such activities, the US Federal Bureau of Investigation (FBI) quickly attributed (25 days) the attacks to North Korea, even though an enigmatic group calling itself “Guardians of Peace” took responsibility.  Nevertheless, once the FBI official blamed North Korea, no one in the government appeared to questi

12345540085?profile=RESIZE_400xNation-state cyber threat actors affiliated to North Korea have been observed using spear-phishing attacks to deliver an assortment of backdoors and tools such as AppleSeed, Meterpreter, and TinyNuke to seize control of compromised machines.  The South Korea-based cybersecurity company AhnLab attributed the activity to an advanced persistent threat group known as Kimsuky.  "A notable point about attacks that use AppleSeed is that similar methods of attack have been used for many years with no si

12330432501?profile=RESIZE_180x180Cisco's Talos security researchers report that the North Korea-linked hacking group Lazarus has been observed deploying Dlang malware in attacks against organizations in the manufacturing, agriculture, and physical security sectors.   Released in 2001, Dlang, or simply D, is a multi-paradigm system programming language built upon the idea of C++ but drawing inspiration from C#, Eiffel, Java, Python, Ruby, and other high-level languages.  Dlang is considered an uncommon programming language for m

12263649868?profile=RESIZE_400xUS officials say North Korea pulled off an elaborate plan to trick American companies into hiring thousands of skilled IT workers who later sent the money they earned back to be used for the country's weapons program.  The FBI and the Justice Department (DOJ) said they shut down 17 websites that were used by IT worker to "defraud US and foreign businesses, evade sanctions and fund the development of the Democratic People’s Republic of Korea government’s weapons program."  They also seized $1.5 m

12217947066?profile=RESIZE_400xNorth Korea has some decent cyber operations aimed against its foes but can’t seem to figure out rocket propulsion.  North Korea’s attempt to send a military spy satellite into orbit has failed for a second time.  A North Korean representative reported that the launch took place in the early hours of 24 August 2023, the first day of a week-long launch window, but failed because of a problem with the rocket's third stage carrying the satellite.  North Korea will try again in October 2023.  “The f

12214542095?profile=RESIZE_400xNorth Korean threat actors have caught Sentinel Lab's attention over the past year, providing us with fruitful insight into a variety of campaigns, such as new reconnaissance tools, (multiple) new supply chain intrusions, elusive multi-platform targeting, and new sly social engineering tactics.  To add to that list, analysts looked at an intrusion into what might be considered a highly desirable strategic espionage mission, supporting North Korea’s contentious missile program.[1]

The Target Orga

12167769290?profile=RESIZE_400xIn recent news, the cloud-based IT management service JumpCloud publicly shared details gathered from the investigation into an intrusion on their network. Alongside the updated details, the organization shared a list of associated indicators of compromise (IOCs), noting attribution to an unnamed “sophisticated nation-state sponsored threat actor.”  Reviewing the newly released indicators of compromise, we associate the cluster of threat activity to a North Korean state sponsored APT.[1]  The IO

11303748863?profile=RESIZE_400xUS and South Korean intelligence agencies have issued a new alert warning of North Korean cyber actors' use of social engineering tactics to strike think tanks, academia, and news media sectors.  The "sustained information gathering efforts" have been attributed to a state-sponsored cluster called Kimsuky, which is also known by the names APT43, ARCHIPELAGO, Black Banshee, Emerald Sleet (previously Thallium), Nickel Kimball, and Velvet Chollima.  Active guys…..  "North Korea relies heavily on in

11025972064?profile=RESIZE_400xIn the era of cyber wars, AI, and drones, wars are still being fought with 20th-century weapons that require massive amounts of ammunition.  Russia is sending a delegation to North Korea to offer food in exchange for weapons, US national security spokesman.  He said any arms deal between North Korea and Russia would violate UN Security Council resolutions.  The US has previously accused North Korea of supplying arms to the Russian military in Ukraine and the Wagner group of Russian mercenaries.

10913167469?profile=RESIZE_400xSometimes, good intentioned research can actually benefit adversaries.  Recently when a US-based foreign affairs analyst, received an email from the Director of the “38 North think-tank” to commission an article, it seemed to be business as usual.  The sender was actually a suspected North Korean spy seeking information, according to those involved and three cybersecurity researchers.

Instead of infecting his computer and stealing sensitive data, as hackers typically do, the sender appeared to b

10754604654?profile=RESIZE_400xIn light of all of the Russian ransomware attacks on organizations worldwide, a dose of Schadenfreude is a welcome sign.  For our non-German readers: “Schadenfreude is the experience of pleasure, joy, or self-satisfaction that comes from learning of or witnessing the troubles, failures, or humiliation of another (especially an adversary). It is a borrowed word from German, with no direct translation, that originated in the 18th century.”

An unknown threat actor has been targeting Russian entitie

10661601053?profile=RESIZE_400xThe US Justice Department announced on 19 July 2022 through a complaint filed in the US District of Kansas to forfeit cryptocurrency paid as ransom to North Korean hackers or otherwise used to launder such ransom payments.  In May 2022, the Federal Bureau of Investigation (FBI) filed a sealed seizure warrant for the funds worth approximately half a million dollars.  The seized funds include ransoms paid by health care providers in Kansas and Colorado.  “Thanks to rapid reporting and cooperation

10246398860?profile=RESIZE_400xProofpoint released a new report this week about fake job emails being sent by threat actors, noting that they are seeing nearly 4,000 similar phishing emails each day.  Bad actors are using the promise of easy money to steal personal data or trick victims into committing money laundering.  “These types of threats can cause people to lose their life savings or be tricked into participating in a criminal operation unknowingly,” said Proofpoint.  “They are very concerning for universities especial

10081515890?profile=RESIZE_400xIt is estimated that North Korea (KP) is continuing to steal hundreds of millions of dollars from financial institutions and cryptocurrency firms and exchanges.  This stolen currency is an important source of funding for its nuclear and missile programs, UN experts said in a report quoting cyber specialists.  The panel of experts said that according to an unnamed government, North Korean “cyber-actors stole more than $50 million between 2020 and mid-2021 from at least three cryptocurrency exchan

8941840492?profile=RESIZE_400xRecently a trusted cyber professional of Red Sky Alliance, with close to 40 years in the business said, “As cyber technology grew in the last thirty plus years, our international community sacrificed security for convenience.”  So true. 

Now we ask: if a Russian cyber-criminal group[1] or the North Korean military hacks[2] your company, places ransomware on your network because of corporate carelessness and then demands millions to unlock your valuable data - at that point - does it really matte

8872293089?profile=RESIZE_400xChina, Russia, North Korea, and Iran continue to pose significant cybersecurity threats to the US, because each is capable of launching disruptive attacks, according to a report published 13 April 2021 by the Office of the Director of National Intelligence.

Threats include disinformation campaigns that target elections and try to undermine democratic institutions as well as aggressive hacking campaigns, such as the SolarWinds supply chain attack, according to the report. In many cases, criminal

8157700677?profile=RESIZE_400xA cyberespionage campaign aimed at aerospace and defense sectors to install data gathering implants on victims' machines for purposes of surveillance and data exfiltration may have been more sophisticated than previously thought.  The use of job of employment ads and postings have the recent bait for unsuspecting victims.

The attacks, which targeted IP-addresses belonging to internet service providers (ISPs) in Australia, Israel, Russia, and defense contractors based in Russia and India, involve

8011615880?profile=RESIZE_400xOur friends from the US Department of Homeland Security have provided an open source Threat Assessment for October 2020 - which is Cyber Security Awareness Month.  The following is the Cyber Threat Assessment Section. 

Cyber threats to the Homeland from both nation-states and non-state actors will remain acute. U.S. critical infrastructure faces advanced threats of disruptive or destructive cyber-attacks. Federal, state, local, tribal and territorial governments, as well as the private sector, w