North Korea
Americans sentenced for running ‘laptop farms’ for North Korea
Two U.S. nationals were sentenced to 18 months in prison each for operating so-called laptop farms that helped North Korean IT workers fraudulently obtain remote employment at nearly 70 American companies. Matthew Isaac Knoot and Erick Ntekereze Prince are the seventh and eighth U.S.-based “laptop farmers” sent to prison since the start of the year […]
ScarCruft hackers push BirdCall Android malware via game platform
The North Korean hacker group APT37 has been delivering an Android version of a backdoor called BirdCall in a supply-chain attack through a video game platform. While BirdCall is a known backdoor for Windows systems, APT37, also known as ScarCruft and Ricochet Chollima, has developed a variant for Android that doubles as spyware. According to […]
KelpDAO suffers $290 million heist tied to Lazarus hackers
State-sponsored North Korean hackers are likely behind the $290 million crypto-heist that impacted the KelpDAO DeFi project on Saturday. The attack reportedly also impacted the lending protocols Compound, Euler, and Aave, with the latter announcing a freeze and blocking new deposits or borrowing using rsETH as collateral. KelpDAO is a decentralized finance (DeFi) project built around liquid […]
US nationals behind DPRK IT worker ‘laptop farm’ sent to prison
Two U.S. nationals have been sent to prison for helping North Korean remote information technology (IT) workers to pose as U.S. residents and get hired by over 100 companies across the country, including many Fortune 500 firms. 42-year-old Kejia Wang and 39-year-old Zhenxing Wang were charged in June 2025 following a coordinated law enforcement action against the […]
Drift $280M crypto theft linked to 6-month in-person operation
The Drift Protocol says that the $280+ million hack it suffered last week was the result of a long-term, carefully planned operation that included building “a functioning operational presence inside the Drift ecosystem.” On April 1st, the Solana-based trading platform detected unusual activity that was followed by confirmation that funds had been lost in a sophisticated attack […]
Axios npm hack used fake Teams error fix to hijack maintainer account
The maintainers of the popular Axios HTTP client have published a detailed post-mortem describing how one of its developers was targeted by a social engineering campaign linked to North Korean hackers. This follows the threat actors compromising a maintainer account to publish two malicious versions of Axios (1.14.1 and 0.30.4) to the npm package registry, triggering a […]
Microsoft: Hackers abusing AI at every stage of cyberattacks
Microsoft says threat actors are increasingly using artificial intelligence in their operations to accelerate attacks, scale malicious activity, and lower technical barriers across all aspects of a cyberattack. According to a new Microsoft Threat Intelligence report, attackers are using generative AI tools for a wide range of tasks, including reconnaissance, phishing, infrastructure development, malware creation, […]
APT37 hackers use new malware to breach air-gapped networks
North Korean hackers are deploying newly uncovered tools to move data between internet-connected and air-gapped systems, spread via removable drives, and conduct covert surveillance. The malicious campaign has been named Ruby Jumper and is attributed to the state-backed group APT37, also known as ScarCruft, Ricochet Chollima, and InkySquid. Air-gapped computers are disconnected from external networks, especially […]
ShinyHunters extortion gang claims Odido breach affecting millions
The ShinyHunters extortion gang has claimed responsibility for breaching Dutch telecommunications provider Odido and stealing millions of user records from its compromised systems. Odido is one of the largest telecommunications companies in the Netherlands and offers mobile, broadband, and television services to millions of customers nationwide. The company disclosed the breach on February 12, revealing that attackers […]
North Korean Lazarus group linked to Medusa ransomware attacks
North Korean state-backed hackers associated with the Lazarus threat group are targeting U.S. healthcare organizations in extortion attacks using the Medusa ransomware. The Medusa ransomware-as-a-service (RaaS) operation emerged in January 2021, and by February 2025, it impacted over 300 organizations in various critical infrastructure sectors. Since then, the gang claimed at least another 80 victims. North Korean threat […]