North Korea
North Korean hackers stole over $2 billion in crypto this year
North Korean hackers have stolen an estimated $2 billion worth of cryptocurrency assets in 2025, marking the largest annual total on record. The figure brings the total confirmed amount stolen by these threat actors to more than $6 billion. According to the United Nations and government agencies, these funds are used to further the development […]
US targets North Korean IT worker army with new sanctions
The U.S. Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned two individuals and two companies associated with North Korean IT worker schemes that operate at the expense of American organizations. These schemes involve placing in U.S. firms skilled tech workers with stolen or fabricated identities and using so-called “laptop farms” to hide the true location of the […]
XenoRAT malware campaign hits multiple embassies in South Korea
A state-sponsored espionage campaign is targeting foreign embassies in South Korea to deploy XenoRAT malware from malicious GitHub repositories. According to Trellix researchers, the campaign has been running since March and is ongoing, having launched at least 19 spearphishing attacks against high-value targets. Although infrastructure and techniques match the pllaybook of North Korean actor Kimsuky (APT43), there are signs that better […]
North Korean Kimsuky hackers exposed in alleged data breach
The North Korean state-sponsored hackers known as Kimsuky has reportedly suffered a data breach after two hackers, who describe themselves as the opposite of Kimsuky’s values, stole the group’s data and leaked it publicly online. The two hackers, named ‘Saber’ and ‘cyb0rg,’ cited ethical reasons for their actions, saying Kimsuky is “hacking for all the wrong reasons,” claiming they’re […]
US sanctions North Korean firm, nationals behind IT worker schemes
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned three North Korean nationals and a company for supporting fraudulent IT worker schemes that generated illicit revenue for the Democratic People’s Republic of Korea (DPRK) government. The sanctioned company is named Korea Sobaeksu Trading Company, and the three North Korean individuals […]
Woman gets 8 years for aiding North Koreans infiltrate 300 US firms
Christina Marie Chapman, a 50-year-old woman from Arizona, was sentenced to 102 months in prison after pleading guilty to her involvement in a scheme that enabled North Korean IT workers to infiltrate 309 U.S. companies. Chapman was charged in May 2024, together with Ukrainian citizen Oleksandr Didenko, with aggravated identity theft, conspiracy to defraud the United States, […]
North Korean XORIndex malware hidden in 67 malicious npm packages
North Korean threat actors planted 67 malicious packages in the Node Package Manager (npm) online repository to deliver a new malware loader called XORIndex to developer systems. The packages collectively count more than 17,000 downloads and were discovered by researchers at package security platform Socket, who assess them to be part of the continued Contagious Interview operation. Socket researchers […]
Treasury sanctions North Korean over IT worker malware scheme
The U.S. Department of the Treasury sanctioned cyber actor Song Kum Hyok for his association with North Korea’s hacking group Andariel and for facilitating IT worker schemes that generated revenue for the Pyongyang regime. Considered a sub-cluster of the Lazarus group linked to North Korea’s Reconnaissance General Bureau, the Andariel state actor is focused mostly on financially-motivated […]
NimDoor crypto-theft macOS malware revives itself when killed
North Korean state-backed hackers have been using a new family of macOS malware called NimDoor in a campaign that targets web3 and cryptocurrency organizations. Researchers analyzing the payloads discovered that the attacker relied on unusual techniques and a previously unseen signal-based persistence mechanism. The attack chain, which involves contacting victims via Telegram and luring them into running […]
US disrupts North Korean IT worker “laptop farm” scheme in 16 states
The U.S. Department of Justice (DoJ) announced coordinated law enforcement actions against North Korean government’s fund raising operations using remote IT workers. North Korean workers use stolen or fake identities created with the help of AI tools to get hired by more than 100 companies in the U.S., believing they employed experts from other Asian countries […]