andariel
-
A recent analysis from Hybrid Analysis, led by security researcher Vlad Pasca, reveals a newly identified keylogger malware attributed to the North Korean APT group Andariel. Known for their targeted cyber-espionage and financial campaigns, Andariel (also referred to as APT45 or Silent Chollima) has deployed this keylogger in attacks against U.S. organizations, aiming to harvest…
-
One of North Korea’s most prominent state-sponsored threat groups has pivoted to using Play ransomware in recent attacks, signifying the first time the group has partnered up with an underground ransomware network. Worryingly, it sets the stage for future high-impact attacks, researchers surmise.
-
Oct 02, 2024Ravie LakshmananCyber Threat / Malware
-
A Kansas City grand jury has indicated a North Korean hacker for participating in a cyberattack campaign that targeted the U.S. Air Force, NASA and other organizations.
-
On July 25th, 2024, The Cybersecurity and Infrastructure Security Agency (CISA) released a joint advisory on a state-sponsored North Korean APT group, Andariel [1]. Andariel, also known as Onyx Sleet, is associated with the RGB 3rd Bureau of North Korea and they have previously conducted destructive attacks but have now shifted towards engaging in specialized…
-
North Korean state-sponsored hacking group Andariel — also known as APT45, Silent Chollima, Onyx Sleet, Dark Seoul, and Stonefly/Clasiopa — had its member Rim Jong Hyok charged and subjected to up to $10 million in bounties for any information leading to his arrest by the U.S. for his involvement in Maui ransomware attacks against U.S. critical infrastructure…
-
Despite being initially involved in cyberespionage campaigns targeted at exfiltrating sensitive nuclear weapons and artillery information upon its emergence 15 years ago, North Korean advanced persistent threat operation Andariel, also known as APT45, has since expanded its operations with global financially motivated ransomware intrusions, reports The Record, a news site by cybersecurity firm Recorded Future.
-
Cybersecurity advisory warns of espionage by DPRK’s Andariel group targeting global critical sectors
·
Global security agencies issued a cybersecurity advisory on Thursday, highlighting cyber espionage activities linked to the Democratic People’s Republic of Korea (DPRK)’s Reconnaissance General Bureau (RGB) 3rd Bureau, located in Pyongyang and Sinuiju. The bureau encompasses a state-sponsored cyber group known as Andariel, Onyx Sleet (formerly PLUTONIUM), DarkSeoul, Silent Chollima, and Stonefly/Clasiopa. The group primarily…
-
A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.
-
AhnLab SEcurity intelligence Center (ASEC) is responding to recently discovered cases that are using the SmallTiger malware to attack South Korean businesses. The method of initial access has not yet been identified, but the threat actor distributed SmallTiger into the companies’ systems during the lateral movement phase. South Korean defense contractors, automobile part manufacturers, and…
-
Jun 03, 2024NewsroomMalware / Cyber Attack The North Korea-linked threat actor known as Andariel has been observed using a new Golang-based backdoor called Dora RAT in its attacks targeting educational institutes, manufacturing firms, and construction businesses in South Korea.
-
Researchers have uncovered new attacks by a North Korean advanced persistent threat actor – Andariel APT group – targeting Korean corporations and other organizations. The victims include educational institutions and companies in the manufacturing and construction sectors.
-
AhnLab SEcurity intelligence Center (ASEC) has recently discovered Andariel APT attack cases against Korean corporations and institutes. Targeted organizations included educational institutes and manufacturing and construction businesses in Korea. Keylogger, Infostealer, and proxy tools on top of the backdoor were utilized for the attacks. The threat actor probably used these malware strains to control and…
-
The Andariel threat group has been discovered to be using MeshAgent when attacking Korean companies.
-
AhnLab SEcurity intelligence Center (ASEC) recently discovered the Andariel group’s continuous attacks on Korean companies. It is notable that installations of MeshAgent were found in some cases. Threat actors often exploit MeshAgent along with other similar remote management tools because it offers diverse remote control features.
-
The Andariel threat group was observed conducting persistent attacks against domestic businesses, specifically installing MeshAgent for remote screen control while conducting the attack.
-
While monitoring recent attacks by the Andariel threat group, AhnLab Security Emergency response Center (ASEC) has discovered the attack case in which the group is assumed to be exploiting Apache ActiveMQ remote code execution vulnerability (CVE-2023-46604) to install malware.
-
Sep 05, 2023THNCyber Attack / Malware The North Korean threat actor known as Andariel has been observed employing an arsenal of malicious tools in its cyber assaults against corporations and organizations in the southern counterpart.