Topic: north korean hackers
-
APT37 Hackers Use Google Find Hub to Wipe Android Data
North Korean hackers are using Google's Find Hub service to remotely wipe Android devices and track locations, primarily targeting South Koreans through KakaoTalk messages and linked to known threat groups like APT37 and Kimsuky. The attack begins with spear-phishing messages impersonating author...
Read More » -
North Korean Hackers Weaponize Threat Intel for Phishing
North Korea-aligned hackers weaponized cyber threat intelligence platforms to enhance phishing operations, turning defensive tools into offensive weapons. The group Contagious Interview persistently targeted job seekers, especially in cryptocurrency, using fake recruitment sites and malware to ga...
Read More » -
NimDoor macOS Malware Persists After Termination
North Korean hackers are using sophisticated macOS malware called NimDoor to target cryptocurrency and web3 organizations, employing social engineering and modular payloads to evade detection. The malware, built with C++ and Nim, features unique persistence techniques like self-repair after termi...
Read More » -
North Korean Hackers Lead 2025 Crypto Theft Surge
North Korean state-sponsored hackers stole over $2 billion in cryptocurrency in 2025, a 51% increase, by pivoting to fewer, more sophisticated attacks on high-value targets. Their evolved tactics include sophisticated social engineering, posing as recruiters or investors to compromise employees a...
Read More » -
North Korean Lazarus Group Unleashes Medusa Ransomware
North Korean state-sponsored hackers, specifically the Lazarus Group, are conducting a new wave of Medusa ransomware attacks targeting the U.S. healthcare sector to demand significant ransoms. The attacks employ a sophisticated toolkit of malware for network intrusion and data theft, with the exa...
Read More » -
North Korean Hackers Target React2Shell Flaw in EtherRAT Malware
A sophisticated malware implant called EtherRAT exploits the critical React2Shell vulnerability, using Ethereum smart contracts for command-and-control and establishing five persistence mechanisms on Linux systems, with links to North Korean threat actors. The React2Shell vulnerability is a sever...
Read More » -
Nation-State Hackers Use "Bulletproof" Blockchains to Spread Malware
State-sponsored hackers, including a North Korean group, are now hiding malware within public cryptocurrency blockchains, creating a resilient and nearly untouchable hosting platform. This technique, called "EtherHiding," embeds malicious code in smart contracts on blockchains like Ethereum, leve...
Read More » -
Tornado Cash Creator on Trial for Crypto Anonymity Tool
The trial of Tornado Cash co-creator Roman Storm has ignited debate over privacy, free speech, and legal limits in crypto, with charges potentially leading to 45 years in prison. Tornado Cash, a privacy tool for obscuring crypto transactions, is accused of facilitating $1 billion in illicit activ...
Read More » -
RondoDox Botnet Breaches Next.js Servers via React2Shell Flaw
The RondoDox botnet is actively exploiting the critical React2Shell vulnerability (CVE-2025-55182) to compromise Next.js servers, deploying malware and cryptocurrency miners. This campaign is part of the botnet's evolving, aggressive strategy, which also includes large-scale exploitation of vulne...
Read More »