#DPRK
macOS.Gaslight: North Korea-Linked Rust Backdoor Exfiltrates Data via Telegram and Poisons AI Analysis Tools
A Rust-written macOS backdoor attributed to North Korean threat actors steals browser credentials, keychain files, and terminal history, exfiltrating everything via Telegram. The malware also embeds 38 prompt...
Kimsuky APT Runs Four Simultaneous Spear-Phishing Campaigns Targeting Recruiters, Crypto Users, and Defense Officials
North Korea's Kimsuky threat group has been operating four parallel spear-phishing campaigns targeting corporate recruiters, cryptocurrency developers, defense sector officials, and graduate school staff. The campaigns use LNK...
North Korean IT Worker Scheme: How DPRK Operatives Infiltrate Companies to Fund Weapons Programs
A Team Cymru investigation has exposed the technical infrastructure behind North Korea's long-running fake IT worker scheme, revealing how state-sponsored operatives use stolen identities, commercial VPNs, and U.S.-based...