Advertisement
North Korea Dominates Crypto Heists: 76% of Stolen Funds by 2026
North Korean threat actors are projected to be responsible for 76% of all cryptocurrency stolen by 2026, utilizing sophisticated methods for large-scale heists.
Sapphire Sleet's ClickFix: North Korea Targets macOS Users
North Korea-backed Sapphire Sleet is deploying ClickFix malware via fake job offers and phony Zoom updates to steal macOS user credentials and data. Learn how to detect
UNC1069 Social Engineering Leads to Axios npm Supply Chain Compromise
Runtime Rebel details how North Korean threat actor UNC1069 leveraged targeted social engineering against an Axios npm package maintainer, leading to a critical supply
Stardust Chollima Compromises Axios npm Package
Technical analysis of the Stardust Chollima supply chain attack targeting the Axios npm package to exfiltrate developer credentials and data.
Axios NPM Supply Chain Attack Bypasses GitHub Actions CI/CD
A sophisticated supply chain attack targeted the Axios NPM package, leveraging a compromised token to bypass GitHub Actions CI/CD and deploy malicious versions.
UNC1069 Leverages Axios NPM Supply Chain to Deploy WAVESHAPER.V2
North Korea-nexus UNC1069 compromised widely used Axios NPM package (v1.14.1, 0.30.4) by injecting plain-crypto-js to deploy WAVESHAPER.V2 backdoor across multiple OS.
Bitrefill Attributes Cyberattack to North Korean Lazarus Group
Bitrefill identifies North Korean Lazarus Group as the perpetrator of a recent cyberattack, underscoring the persistent threat to crypto-focused businesses.
APT37 Deploys SHROUDEDVUE Malware to Target Air-Gapped Networks
North Korean threat actor APT37 utilizes new malware families like SHROUDEDVUE and WASHSYNC to infiltrate air-gapped systems via removable USB drives.
ScarCruft Ruby Jumper Campaign Targets Air-Gapped Networks
North Korean threat actor ScarCruft (APT37) deploys Ruby Jumper campaign using Zoho WorkDrive for C2 and USB malware to target air-gapped environments.
Fake Recruiters Deploy Malware via Malicious Coding Challenges
North Korean threat actors are targeting software developers with fake job offers and malicious coding tests to deploy malware on developer workstations.
Next.js Supply Chain Attacks: North Korean Actors Target Developers
North Korean state-sponsored actors leverage malicious Next.js repositories and fake job interviews to compromise developers' systems for persistent access and espionage.
Lazarus Group Shifts to Medusa Ransomware & Multi-Tool Attacks
North Korea's Lazarus Group now employs Medusa ransomware, Comebacker backdoor, Blindingcan RAT, and Infohook info stealer in recent attacks, signaling an evolving