Lazarus Group
-
Lazarus Group Uses Memory-Only RemotePE Malware Against Crypto Firms
Researchers say Lazarus Group has used the RemotePE malware family against financial and cryptocurrency targets. The in-memory trojan leaves little forensic evidence and was linked to a multi-stage attack chain with several loaders.
-
KelpDAO says $290 million crypto heist tied to suspected Lazarus hackers
KelpDAO said a $290 million crypto theft likely tied to North Korea’s Lazarus Group hit its rsETH system on Saturday. The incident also prompted Aave to freeze rsETH-related activity while investigators examined the cross-chain attack.
-
Lazarus Group uses Medusa ransomware in Middle East attack
A technical report by Broadcom’s Symantec and Carbon Black Threat Hunter Team reported that the Lazarus Group used Medusa ransomware in a Middle East attack and attempted an unsuccessful strike against a U.S. healthcare organization.
-
Lazarus supply chain campaign plants malicious packages on npm and PyPI
Researchers found malicious npm and PyPI packages tied to the Lazarus Group in a recruitment themed campaign active since May 2025. One npm package exceeded 10,000 downloads before a malicious update was published.
-
Researchers expose North Korean scheme to rent engineer identities for remote jobs
Security researchers say North Korean recruiters tied to Famous Chollima have been soliciting software engineers to rent their identities, using stolen identities, deepfakes and remote access to secure jobs at Western firms and route activity through compromised machines.
-
Authorities shut down cryptocurrency mixer Cryptomixer, seize nearly $28 million in Bitcoin
European authorities shut down the cryptocurrency mixer Cryptomixer and seized nearly $28 million in Bitcoin, servers and data in an operation Europol said was part of a wider effort to disrupt money laundering tied to ransomware, fraud and other crimes.
-
ScarCruft Uses RokRAT in HanKook Phantom Campaign Targeting South Korea
Researchers have uncovered a targeted phishing campaign by North Korea-linked ScarCruft (APT37), dubbed Operation HanKook Phantom, delivering RokRAT to South Korean academics, former officials, and researchers via a manipulated LNK attack chain and PowerShell-based payloads, with exfiltration to multiple cloud services and a willingness to use decoy documents tied to high-profile statements.
-
North Korea’s Lazarus Group Shifts Tactics; Canadian City Faces Major Security Costs
North Korea’s Lazarus Group has reportedly transitioned to tactics involving the distribution of malware-laden open-source software, raising concerns over cybersecurity. Meanwhile, the city of Hamilton has incurred major costs due to a significant ransomware attack amid a slow rollout of security measures, while ethical hackers eye substantial rewards in the upcoming Pwn2Own competition. Additionally, CISA…
