Kimsuky APT Runs Four Simultaneous Spear-Phishing Campaigns Targeting Recruiters, Crypto Users, and Defense Officials
North Korea's Kimsuky threat group has been operating four parallel spear-phishing campaigns targeting corporate recruiters, cryptocurrency developers, defense sector officials, and graduate school staff. The campaigns use LNK...
Lazarus Group Targets macOS Users With Sophisticated “Mach-O Man” Four-Stage Malware Kit
North Korea's Lazarus Group has deployed a new modular macOS malware kit called "Mach-O Man" targeting fintech executives and crypto developers. The attack uses ClickFix social engineering to...
BlueNoroff Deploys AI Deepfake Zoom Lures and Fileless PowerShell to Drain Crypto Wallets Across 20+ Countries
North Korea's BlueNoroff subgroup has launched a sophisticated global campaign targeting cryptocurrency and Web3 executives, using AI-generated deepfake Zoom meetings, ClickFix clipboard injection, and fileless PowerShell implants that...
North Korean IT Worker Scheme: How DPRK Operatives Infiltrate Companies to Fund Weapons Programs
A Team Cymru investigation has exposed the technical infrastructure behind North Korea's long-running fake IT worker scheme, revealing how state-sponsored operatives use stolen identities, commercial VPNs, and U.S.-based...