Replied in thread
@w7voa In #NorthKorea you can't even switch it off, only turn it's volume down a bit...
Recent searches
Search options
#northkorea
23 posts21 participants10 posts today
From Contagious to ClickFake Interview: Lazarus leveraging the ClickFix tactic
Lazarus, a North Korean state-sponsored threat actor, has launched a new campaign called ClickFake Interview targeting cryptocurrency job seekers. This campaign, an evolution of the previously documented Contagious Interview, uses fake job interview websites to deploy the GolangGhost backdoor on Windows and macOS systems. The infection chain leverages the ClickFix tactic, downloading and executing malicious payloads during the interview process. The campaign primarily targets centralized finance (CeFi) entities, aligning with Lazarus' focus on cryptocurrency-related targets. Notable changes include targeting non-technical roles and using ReactJS-based websites for the fake interviews. The malware provides remote control and data theft capabilities, including browser information exfiltration.
Pulse ID: 67ebff51da5765b1e4d9509e
Pulse Link: https://otx.alienvault.com/pulse/67ebff51da5765b1e4d9509e
Pulse Author: AlienVault
Created: 2025-04-01 14:59:29
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
Global Broadcast З днем ідіота
На наш email прийшло вітання з днем дурня. Чомусь це здалося дивним, коли розумні люди поздоровляють один одного з таким святом. Нас же не вітають з днем астронома, або з днем невролога. Поздоровляють тільки людей, причетних до цієї науки або діяльності. Було б зрозумілим, якби ми всі разом, хто страждає від ідіотів, вітали б з цим #fico, #orban, #huylo, #trump й інших мешканців #NorthKorea, #laptyekanda, #iran, #usa, #china, які навибирали собі (і нам на голову) дурнів в "царі"
Putting the Screws on the Partnership Between #NorthKorea and #Russia https://warontherocks.com/2025/04/putting-the-screws-on-the-partnership-between-north-korea-and-russia/
War on the Rocks · Putting the Screws on the Partnership Between North Korea and Russia - War on the RocksAs the war between Ukraine and Russia has raged on, cooperation has grown between Moscow and Pyongyang. Following the Russo-North Korean summit in
The North Koreans and Russians have been busy, Insiders abound, and attacker tradecraft continues to evolve!
Catch all this and more in our latest wrap-up of the day's news:
https://opalsec.io/daily-news-update-monday-april-1-2025-australia-melbourne/
There are a few noteworthy stories to get across - here's the TL;DR to get you up to speed:
North Korean Infiltration: This is way bigger than many think. DPRK nationals are landing jobs inside global companies, gaining privileged access ("keys to the kingdom" level!). DTEX reports active investigations in 7% of their Fortune Global 2000 clients, and CrowdStrike notes nearly 40% of their NK-related IR cases involved insiders. They move fast post-hire, pivoting to supply chains and installing RATs disguised as onboarding. Watch out for highly anomalous login behaviour (like days-long sessions!). Rigorous remote hiring checks (camera on, resume checks, comms style) are crucial.
ClickFix Tactics by Lazarus: The infamous North Korean group is evolving its 'Contagious Interview' campaign (now dubbed 'ClickFake' by Sekoia). They're targeting crypto job seekers (shifting focus to non-tech roles too!) with fake website/document errors ('ClickFix'). These prompt users to run PowerShell/curl commands, dropping the 'GolangGhost' backdoor. Watch out for lures impersonating giants like Coinbase or Kraken. Sekoia has shared YARA rules – definitely worth checking out.
WordPress MU-Plugin Abuse: Bad actors are getting stealthy by hiding malicious code in WordPress "Must-Use Plugins" (wp-content/mu-plugins/). These execute automatically on every page load without activation, making them hard to spot. Sucuri is seeing redirects to fake browser updates, webshell backdoors fetching code from GitHub, and JS hijackers replacing content or links. Keep those instances patched, clean up unused plugins/themes, and lock down admin accounts (MFA!).
Check out what else happened in the past 24 hours, and subscribe to get each edition straight to your inbox:
https://opalsec.io/daily-news-update-monday-april-1-2025-australia-melbourne/#/portal/signup
Opalsec · Daily News Update: Monday, April 1, 2025 (Australia/Melbourne)DPRK actors actively infiltrate global businesses, gaining privileged access and pivoting to 3rd parties. Lazarus adopts "ClickFix" tactics, luring job seekers and targeting non-technical roles. Attackers abuse malicious WordPress mu-plugins, a stealthy technique to inject code into every page.
While the infamous Lazarus Group is the best-known North Korean state-sponsored hacking group, it is not the only threat actor operating from the country
#Lazarus #NorthKorea #cybersecurity #cybercrime #cyberattack
https://cnews.link/north-korea-home-to-multiple-threat-actors-1/
President Donald Trump said he plans to reach out to North Korea “at some point” and reiterated that he has a “very good relationship” with leader Kim Jong Un.
Former US President Trump claims ongoing communication with North Korean leader Kim Jong-un, potentially impacting diplomatic relations
#YonhapInfomax #Trump #KimJongUn #NorthKorea #Diplomacy #USForeignPolicy #Economics #FinancialMarkets #Banking #Securities #Bonds #StockMarket
https://en.infomaxai.com/news/articleView.html?idxno=56478
Yonhap Infomax · Trump - 'I'm Communicating with North Korea's Kim Jong-un'
More from 
Yonhap Infomax News
Replied in thread
@eunews Notice the States of Evil are now: #russia #northkorea #iran #usa
#News #USA is as a danger as #Russia #NorthKorea and other dictatorships
#Period!
He knew what this meant, too, and meant it full well; his parents were missionaries.
Which #Countries does #KingPu rule over? #Russia #Belarus #Chechniya #NorthKorea #USA
(cyfirma.com) Konni RAT Analysis: Multi-Stage Attack Process and Evasion Techniques https://www.cyfirma.com/research/analysis-of-konni-rat-stealth-persistence-and-anti-analysis-techniques/
Executive Summary:
This report provides a comprehensive analysis of Konni RAT, a sophisticated remote access Trojan linked to North Korean cyber espionage group APT37. The malware employs a multi-stage attack process involving batch files, PowerShell scripts, and VBScript to exfiltrate sensitive data and maintain persistence. The attack begins with a zip archive containing a malicious LNK file disguised as a document. The malware exploits Windows Explorer limitations to hide malicious commands and uses obfuscation techniques to evade detection. Key capabilities include data exfiltration from user directories, system information gathering, persistence through registry modifications, and communication with command-and-control servers. The report includes detailed technical analysis of the attack stages, from initial infection to data exfiltration, along with indicators of compromise and YARA detection rules.
Тут вісь зла назвали світовою авторитарною революцією. Подивіться, може захочете приєднатися і допомогти. Ми не приєднуємося просто тому, що ніколи не приєднуємося до жодних "колгоспів", як би вони не називалися #laptyekanda #iran #china #northkorea https://tinyurl.com/resurgamhub
North Korea sent around 3,000 additional troops to Russia in January and February in continued support for Russian President Vladimir Putin’s war on Ukraine, South Korea’s military said Thursday in its latest assessment.
AP News · North Korea sent 3,000 more troops to Russia, according to South's assessment
North Korea sent 3,000 more troops to Russia to offset Ukraine war losses, South Korea says
The Kyiv Independent · North Korea sent 3,000 more troops to Russia to offset Ukraine war losses, South Korea says
Inside Kimsuky’s Latest Cyberattack: Analyzing Malicious Scripts and Payloads
Kimsuky, also known as “Black Banshee,” a North Korean APT group active at least from 2012, is believed to be state-sponsored. Their cyber espionage targets countries like South Korea, Japan, and the U.S. Their tactics include phishing, malware infections (RATs, backdoors, wiper malware), supply chain attacks, lateral movement within networks and data exfiltration.
Pulse ID: 67e5c75c2569365ec3ecae21
Pulse Link: https://otx.alienvault.com/pulse/67e5c75c2569365ec3ecae21
Pulse Author: AlienVault
Created: 2025-03-27 21:47:08
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.