Lazarus Group Archives • Daily CyberSecurity

PHANTOMPULSE Malware Analysis: Advanced Cryptographic Implants Exploiting Blockchain Networks

PHANTOMPULSE malware analysis blockchain C2 channel

PHANTOMPULSE Malware Analysis: Advanced Cryptographic Implants Exploiting Blockchain Networks

Do Son June 6, 2026

Unveiling a Highly Sophisticated Process Injection Framework Security researchers recently uncovered a highly intricate software implant targeting...

Advanced Lazarus Memory-Only Toolset Deeply Analyzed by Fox-IT

Do Son May 29, 2026

Security researchers recently uncovered a highly sophisticated cyber espionage campaign targeting international financial entities. Specifically, Fox-IT analyzed...

Inside BlueNoroff’s “Self-Reinforcing” Deepfake Meeting Trap BlueNoroff Deepfakes Crypto Deepfake Phishing

Inside BlueNoroff’s “Self-Reinforcing” Deepfake Meeting Trap

Do Son April 28, 2026

Cybersecurity researchers at Arctic Wolf have uncovered a sophisticated, globally distributed campaign by the North Korean state-sponsored...

Beyond Gatekeeper: How Sapphire Sleet’s AppleScript Trap Hijacks macOS and Crypto Wallets Sapphire Sleet macOS TCC Bypass Malware

Beyond Gatekeeper: How Sapphire Sleet’s AppleScript Trap Hijacks macOS and Crypto Wallets

Do Son April 21, 2026

In a sophisticated shift away from traditional software exploitation, the North Korean state-sponsored threat actor Sapphire Sleet...

North Korea’s UNC1069 Uses Fake Video Calls to Hijack Crypto UNC1069 Fake Meetings ClickFix Malware

North Korea’s UNC1069 Uses Fake Video Calls to Hijack Crypto

Do Son April 19, 2026

In a sophisticated escalation of cyber-enabled financial theft, security researchers from Validin have unmasked a sprawling campaign...

The Invisible Patch: How PolinRider Rewrites Git History to Hide North Korean Malware PolinRider Malware Git History Falsification

The Invisible Patch: How PolinRider Rewrites Git History to Hide North Korean Malware

Do Son April 17, 2026

Security researchers from the OpenSourceMalware (OSM) team have uncovered a massive and rapidly expanding threat campaign targeting...

North Korea’s “Portfolio Model” Shatters Modern Attribution Attribution Resistance DPRK Cyber Portfolio

North Korea’s “Portfolio Model” Shatters Modern Attribution

Do Son April 10, 2026

North Korea’s cyber program has moved past the era of accidental growth into a period of “mature...

North Korean “StegaBin” Campaign Targets Developers with Steganographic Malware North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

North Korean “StegaBin” Campaign Targets Developers with Steganographic Malware

Do Son March 3, 2026

Cybersecurity researchers at Socket have uncovered a sophisticated multi-stage malware operation, dubbed “StegaBin,” specifically designed to harvest...

Dohdoor: New Stealth Backdoor Targets US Healthcare and Education Dohdoor Backdoor UAT-10027

Dohdoor: New Stealth Backdoor Targets US Healthcare and Education

Do Son March 2, 2026

A sophisticated cyber espionage campaign has been quietly infiltrating the United States education and healthcare sectors for...

North Korea’s Lazarus Group Deploys Medusa Ransomware Against U.S. Healthcare SonicWall Reconnaissance Akira Ransomware residential proxy malware TraderTraitor BreachForums Honeypot, French Interior Ministry Leak

SonicWall Reconnaissance Akira Ransomware residential proxy malware TraderTraitor BreachForums Honeypot, French Interior Ministry Leak

North Korea’s Lazarus Group Deploys Medusa Ransomware Against U.S. Healthcare

Do Son February 26, 2026

A disturbing shift in nation-state cyber tactics has been uncovered as North Korean state-backed attackers integrate Medusa...

Dream Job or Nightmare? Lazarus Group Hunts Crypto Devs with “Graphalgo” Malware TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

Dream Job or Nightmare? Lazarus Group Hunts Crypto Devs with “Graphalgo” Malware

Do Son February 13, 2026

The notorious North Korean hacking syndicate, Lazarus Group, has launched a new, highly sophisticated branch of its...

“Can You Hear Me?” BlueNoroff Hackers Use Fake Audio Glitch to Breach macOS BlueNoroff macOS Attack GhostCall Campaign Carding Underground Bulletproof Hosting DPRK Contagious Interview, npm Flood Stonefly group -HiatusRAT Actors

BlueNoroff macOS Attack GhostCall Campaign Carding Underground Bulletproof Hosting DPRK Contagious Interview, npm Flood Stonefly group -HiatusRAT Actors

“Can You Hear Me?” BlueNoroff Hackers Use Fake Audio Glitch to Breach macOS

Do Son February 5, 2026

A routine business call turned into a nightmare for one macOS user after North Korean state-sponsored hackers...

Shadows of the North: Unmasking the Sprawling Cyber Infrastructure of the DPRK DPRK Cyber Ecosystem, Unified Hacking Infrastructure

Shadows of the North: Unmasking the Sprawling Cyber Infrastructure of the DPRK

Do Son December 22, 2025

A new collaborative investigation has exposed the intricate and overlapping infrastructure powering North Korea’s most notorious cyber...

110 Milliseconds of Truth: How Amazon Used “Lag” to Catch a North Korean Spy Amazon Redshift JDBC Driver RCE CVE-2026-8178 AWS Bahrain fire 2026 AWS UAE data center fire Amazon North Korean hacker keystroke latency, Arizona laptop farm infiltration

Amazon Redshift JDBC Driver RCE CVE-2026-8178 AWS Bahrain fire 2026 AWS UAE data center fire Amazon North Korean hacker keystroke latency, Arizona laptop farm infiltration

110 Milliseconds of Truth: How Amazon Used “Lag” to Catch a North Korean Spy

Do Son December 20, 2025

E-commerce and technology giant Amazon has recently disclosed its proactive efforts to counter North Korean hacking operations,...

Lazarus Group’s New ScoringMathTea RAT Uses Reflective Plugin Loader and Custom Polyalphabetic Crypto for Espionage axios Supply Chain Attack WAVESHAPER.V2 SnappyBee Malware Salt Typhoon Stately Taurus ScoringMathTea RAT, Lazarus Reflective DLL

axios Supply Chain Attack WAVESHAPER.V2 SnappyBee Malware Salt Typhoon Stately Taurus ScoringMathTea RAT, Lazarus Reflective DLL

Lazarus Group’s New ScoringMathTea RAT Uses Reflective Plugin Loader and Custom Polyalphabetic Crypto for Espionage

Do Son November 20, 2025

A new technical deep-dive by malware researcher 0x0d4y reveals the inner workings of ScoringMathTea, a sophisticated remote...

DOJ Seizes $15M in Crypto from APT38, Unveils Guilty Pleas in North Korean IT Worker Fraud Scheme DPRK IT Workers, APT38 Crypto Forfeiture

DOJ Seizes $15M in Crypto from APT38, Unveils Guilty Pleas in North Korean IT Worker Fraud Scheme

Do Son November 18, 2025

In a sweeping multinational enforcement action, the U.S. Department of Justice (DOJ) has announced five guilty pleas...

Australia Joins US, Slaps Sanctions on North Korean Cybercriminals for Funding WMD Programs North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

Australia Joins US, Slaps Sanctions on North Korean Cybercriminals for Funding WMD Programs

Do Son November 11, 2025

The Australian Government has announced financial sanctions and travel bans on four entities and one individual involved...

Lazarus Group Attacks Aerospace/Defense with New ChaCha20-Encrypted Comebacker Backdoor Seedworm Espionage Campaign 2026 ChromElevator Stealer DLL Sideloading SIM Swapping Crypto Theft Lazarus Comebacker, Aerospace Espionage Delete PlugX Malware

Seedworm Espionage Campaign 2026 ChromElevator Stealer DLL Sideloading SIM Swapping Crypto Theft Lazarus Comebacker, Aerospace Espionage Delete PlugX Malware

Lazarus Group Attacks Aerospace/Defense with New ChaCha20-Encrypted Comebacker Backdoor

Do Son November 11, 2025

Cybersecurity researchers at ENKI have identified a new variant of the Comebacker backdoor, attributed to the North...

North Korean APTs Upgrade Arsenal: Kimsuky Uses Stealthy HttpTroy, Lazarus Deploys New BLINDINGCAN RAT Kimsuky HttpTroy, Lazarus BLINDINGCAN RAT

Kimsuky HttpTroy, Lazarus BLINDINGCAN RAT

North Korean APTs Upgrade Arsenal: Kimsuky Uses Stealthy HttpTroy, Lazarus Deploys New BLINDINGCAN RAT

Do Son November 3, 2025

Researchers at Gen Threat Labs have identified two new toolsets in active use by North Korean state-sponsored...

Lazarus Group Attacks with DreamLoader Malware, Leveraging DLL Sideloading and Microsoft Graph API for Stealth C2 North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

Lazarus Group Attacks with DreamLoader Malware, Leveraging DLL Sideloading and Microsoft Graph API for Stealth C2

Do Son October 28, 2025

Security researchers at Lab52 have uncovered a new campaign by the Lazarus Group, in which threat actors...

Critical Alert 1 Active Exploit Detected Today