#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
AI Security

North Korean hackers | Breaking Cybersecurity News | The Hacker News

Researchers Link 'Sharpshooter' Cyber Attacks to North Korean Hackers

Researchers Link 'Sharpshooter' Cyber Attacks to North Korean Hackers

Mar 04, 2019
Security researchers have finally, with "high confidence," linked a previously discovered global cyber espionage campaign targeting critical infrastructure around the world to a North Korean APT hacking group. Thanks to the new evidence collected by researchers after analyzing a command-and-control (C2) server involved in the espionage campaign and seized by law enforcement. Dubbed Operation Sharpshooter , the cyber espionage campaign targeting government, defense, nuclear, energy, and financial organizations around the world was initially uncovered in December 2018 by security researchers at McAfee. At that time, even after finding numerous technical links to the North Korean Lazarus hacking group , researchers were not able to immediately attribute the campaign due to a potential for false flags. Researchers Analysed Sharpshooter's Command Server Now, according to a press release shared with The Hacker News, a recent analysis of the seized code and command
FBI Mapping 'Joanap Malware' Victims to Disrupt the North Korean Botnet

FBI Mapping 'Joanap Malware' Victims to Disrupt the North Korean Botnet

Jan 31, 2019
The United States Department of Justice (DoJ) announced Wednesday its effort to "map and further disrupt" a botnet tied to North Korea that has infected numerous Microsoft Windows computers across the globe over the last decade. Dubbed Joanap , the botnet is believed to be part of " Hidden Cobra "—an Advanced Persistent Threat (APT) actors' group often known as Lazarus Group and Guardians of Peace and backed by the North Korean government. Hidden Cobra is the same hacking group that has been allegedly associated with the WannaCry ransomware menace in 2016, the SWIFT Banking attack in 2016, as well as Sony Motion Pictures hack in 2014. Dates back to 2009, Joanap is a remote access tool (RAT) that lands on a victim's system with the help an SMB worm called Brambul , which crawls from one computer to another by brute-forcing Windows Server Message Block (SMB) file-sharing services using a list of common passwords. Once there, Brambul downloads Jo
10,000 Victims a Day: Infostealer Garden of Low-Hanging Fruit

10,000 Victims a Day: Infostealer Garden of Low-Hanging Fruit

Jul 15, 2024Cyber Crime / Data Protection
Imagine you could gain access to any Fortune 100 company for $10 or less, or even for free. Terrifying thought, isn't it? Or exciting, depending on which side of the cybersecurity barricade you are on. Well, that's basically the state of things today. Welcome to the infostealer garden of low-hanging fruit. Over the last few years, the problem has grown bigger and bigger, and only now are we slowly learning its full destructive potential. In this article, we will describe how the entire cybercriminal ecosystem operates, the ways various threat actors exploit data originating from it, and most importantly, what you can do about it. Let's start with what infostealer malware actually is. As the name suggests, it's malware that... steals data. Depending on the specific type, the information it extracts might differ slightly, but most will try to extract the following: Cryptocurrency wallets Bank account information and saved credit card details Saved passwords from various apps Bro
Bank Servers Hacked to Trick ATMs into Spitting Out Millions in Cash

Bank Servers Hacked to Trick ATMs into Spitting Out Millions in Cash

Oct 03, 2018
The US-CERT has released a joint technical alert from the DHS, the FBI, and Treasury warning about a new ATM scheme being used by the prolific North Korean APT hacking group known as Hidden Cobra . Hidden Cobra, also known as Lazarus Group and Guardians of Peace, is believed to be backed by the North Korean government and has previously launched attacks against a number of media organizations, aerospace, financial and critical infrastructure sectors across the world. The group had also reportedly been associated with the WannaCry ransomware menace that last year shut down hospitals and big businesses worldwide, the SWIFT Banking attack in 2016, as well as the Sony Pictures hack in 2014. Now, the FBI, the Department of Homeland Security (DHS), and the Department of the Treasury have released details about a new cyber attack, dubbed " FASTCash ," that Hidden Cobra has been using since at least 2016 to cash out ATMs by compromising the bank server. FASTCash Hack
cyber security

Top 4 Security Risks of GenAI

websiteWizGenAI Security / Technology
Gain a competitive edge and unlock the top 4 major emerging risks within GenAI. This report from Gartner provides insights and recommended actions for security and product leaders.
U.S. Charges North Korean Spy Over WannaCry and Sony Pictures Hack

U.S. Charges North Korean Spy Over WannaCry and Sony Pictures Hack

Sep 06, 2018
The U.S. Department of Justice announces criminal charges against a North Korean government spy in connection with the 2017 global WannaCry ransomware attack and the 2014 Sony Pictures Entertainment hack . According to multiple government officials cited by the NY Times who are familiar with the indictment, the charges would be brought against Park Jin Hyok , who works for North Korean military intelligence agency Reconnaissance General Bureau (RGB). The November 2014 Sony Pictures Entertainment hack was done in retaliation for the studio's production of a comedic film, " The Interview ," a comedy about two journalists who are recruited by the CIA to assassinate North Korean leader Kim Jong Un. In June 2014, the Pyongyang government also denounced the film as "undisguised sponsoring of terrorism, as well as an Act of War" in a letter to U.N. Secretary-General Ban Ki-moon. The Sony Pictures hack was devastating to the company and exposed over 200
FBI issues alert over two new malware linked to Hidden Cobra hackers

FBI issues alert over two new malware linked to Hidden Cobra hackers

May 30, 2018
The US-CERT has released a joint technical alert from the DHS and the FBI, warning about two newly identified malware being used by the prolific North Korean APT hacking group known as Hidden Cobra. Hidden Cobra, often known as Lazarus Group and Guardians of Peace, is believed to be backed by the North Korean government and known to launch attacks against media organizations, aerospace, financial and critical infrastructure sectors across the world. The group was even associated with the WannaCry ransomware menace that last year shut down hospitals and businesses worldwide. It is reportedly also linked to the 2014 Sony Pictures hack , as well as the SWIFT Banking attack in 2016. Now, the Department of Homeland Security (DHS) and the FBI have uncovered two new pieces of malware that Hidden Cobra has been using since at least 2009 to target companies working in the media, aerospace, financial, and critical infrastructure sectors across the world. The malware Hidden Cobra is
Greedy North Korean Hackers Targeting Cryptocurrencies and Point-of-Sale Terminals

Greedy North Korean Hackers Targeting Cryptocurrencies and Point-of-Sale Terminals

Dec 20, 2017
The North Korean hacking group has turned greedy. Security researchers have uncovered a new widespread malware campaign targeting cryptocurrency users, believed to be originated from Lazarus Group , a state-sponsored hacking group linked to the North Korean government. Active since 2009, Lazarus Group has been attributed to many high profile attacks, including Sony Pictures Hack , $81 million heists from the Bangladesh Bank , and the latest — WannaCry . The United States has officially blamed North Korea for global WannaCry ransomware attack that infected hundreds of thousands of computers across more than 150 countries earlier this year. In separate news, security experts have blamed Lazarus group for stealing bitcoins worth millions from the South Korean exchange Youbit , forcing it to shut down and file for bankruptcy after losing 17% of its assets. Researchers from security firm Proofpoint have published a new report, revealing a connection between Lazarus Group and a
Cybersecurity
Expert Insights
Cybersecurity Resources