#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Korean Hackers | Breaking Cybersecurity News | The Hacker News

STARK#MULE Targets Koreans with U.S. Military-themed Document Lures

STARK#MULE Targets Koreans with U.S. Military-themed Document Lures

Jul 28, 2023 Cyber Attack / Malware
An ongoing cyber attack campaign has set its sights on Korean-speaking individuals by employing U.S. Military-themed document lures to trick them into running malware on compromised systems. Cybersecurity firm Securonix is tracking the activity under the name STARK#MULE . The scale of the attacks is currently not known, and it's not clear if any of these attack attempts turned out to be successful. "Based on the source and likely targets, these types of attacks are on par with past attacks stemming from typical North Korean groups such as APT37 as South Korea has historically been a primary target of the group, especially its government officials," security researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov said in a report shared with The Hacker News. APT37, also known by the names Nickel Foxcroft, Reaper, Ricochet Chollima, and ScarCruft, is a  North Korean nation-state actor  that's known to exclusively focus on targets in its southern counterpart, specific
PseudoManuscrypt Malware Spreading the Same Way as CryptBot Targets Koreans

PseudoManuscrypt Malware Spreading the Same Way as CryptBot Targets Koreans

Feb 18, 2022
Numerous Windows machines located in South Korea have been targeted by a botnet tracked as PseudoManuscrypt since at least May 2021 by employing the same delivery tactics of another malware called CryptBot . "PseudoManuscrypt is disguised as an installer that is similar to a form of  CryptBot , and is being distributed," South Korean cybersecurity company AhnLab Security Emergency Response Center (ASEC)  said  in a report published today. "Not only is its file form similar to CryptBot, but it is also distributed via malicious sites exposed on the top search page when users search commercial software-related illegal programs such as Crack and Keygen," it added. According to ASEC, around 30 computers in the country are being consistently infected on a daily basis on average. PseudoManuscrypt was first documented by Russian cybersecurity firm Kaspersky in December 2021, when it  disclosed  details of a "mass-scale spyware attack campaign" infecting mo
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
DDoS IRC Bot Malware Spreading Through Korean WebHard Platforms

DDoS IRC Bot Malware Spreading Through Korean WebHard Platforms

Jan 19, 2022
An IRC  (Internet Relay Chat) bot strain programmed in GoLang is being used to launch distributed denial-of-service (DDoS) attacks targeting users in Korea. "The malware is being distributed under the guise of adult games," researchers from AhnLab's Security Emergency-response Center (ASEC)  said  in a new report published on Wednesday. "Additionally, the DDoS malware was installed via downloader and  UDP RAT  was used." The attack works by uploading the malware-laced games to webhards — which refers to a web hard drive or a remote file hosting service — in the form of compressed ZIP archives that, when opened, includes an executable ("Game_Open.exe") that's orchestrated to run a malware payload aside from launching the actual game. This payload, a GoLang-based downloader, establishes connections with a remote command-and-control (C&C) server to retrieve additional malware, including an IRC bot that can perform DDoS attacks. "It is
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Cybersecurity Resources