North Korea

North Korean “Laptop Farms” Infiltrated 70 U.S. Companies North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

North Korean “Laptop Farms” Infiltrated 70 U.S. Companies

Do Son May 8, 2026

The corporate perimeter has been breached, and the threat isn’t coming through an external firewall—it’s sitting on...

The Malware Factory: Unmasking the 108-Package North Korean Siege on npm npm Supply Chain Attack DPRK Malware Factory

npm Supply Chain Attack DPRK Malware Factory

The Malware Factory: Unmasking the 108-Package North Korean Siege on npm

Do Son April 29, 2026

Cybersecurity researchers at Panther Threat Research have released a detailed exposé on a massive, coordinated npm malware...

Beyond Gatekeeper: How Sapphire Sleet’s AppleScript Trap Hijacks macOS and Crypto Wallets Sapphire Sleet macOS TCC Bypass Malware

Sapphire Sleet macOS TCC Bypass Malware

Beyond Gatekeeper: How Sapphire Sleet’s AppleScript Trap Hijacks macOS and Crypto Wallets

Do Son April 21, 2026

In a sophisticated shift away from traditional software exploitation, the North Korean state-sponsored threat actor Sapphire Sleet...

North Korea’s UNC1069 Uses Fake Video Calls to Hijack Crypto UNC1069 Fake Meetings ClickFix Malware

UNC1069 Fake Meetings ClickFix Malware

North Korea’s UNC1069 Uses Fake Video Calls to Hijack Crypto

Do Son April 19, 2026

In a sophisticated escalation of cyber-enabled financial theft, security researchers from Validin have unmasked a sprawling campaign...

The “Laptop Farm” Fallout: Two NJ Men Sentenced for Facilitating $5M North Korean Work Scheme Laptop Farm North Korean IT Fraud

Laptop Farm North Korean IT Fraud

The “Laptop Farm” Fallout: Two NJ Men Sentenced for Facilitating $5M North Korean Work Scheme

Do Son April 17, 2026

In what federal prosecutors are calling a sophisticated strike against national security, two New Jersey residents have...

The Invisible Patch: How PolinRider Rewrites Git History to Hide North Korean Malware PolinRider Malware Git History Falsification

PolinRider Malware Git History Falsification

The Invisible Patch: How PolinRider Rewrites Git History to Hide North Korean Malware

Do Son April 17, 2026

Security researchers from the OpenSourceMalware (OSM) team have uncovered a massive and rapidly expanding threat campaign targeting...

North Korea’s “OtterCookie” Hides Inside Benign npm Wrappers Seedworm Espionage Campaign 2026 ChromElevator Stealer DLL Sideloading SIM Swapping Crypto Theft Lazarus Comebacker, Aerospace Espionage Delete PlugX Malware

Seedworm Espionage Campaign 2026 ChromElevator Stealer DLL Sideloading SIM Swapping Crypto Theft Lazarus Comebacker, Aerospace Espionage Delete PlugX Malware

North Korea’s “OtterCookie” Hides Inside Benign npm Wrappers

Do Son April 16, 2026

A new investigative report from Panther has identified a dangerous cluster of malicious packages lurking within the...

The “Graphalgo” Evolution: How North Korea Built a Fake Florida LLC to Hack Developers Graphalgo Campaign State-Sponsored Phishing

Graphalgo Campaign State-Sponsored Phishing

The “Graphalgo” Evolution: How North Korea Built a Fake Florida LLC to Hack Developers

Do Son April 15, 2026

The ReversingLabs (RL) research team has uncovered a sophisticated expansion of the “graphalgo” campaign. Originally identified in...

North Korea’s “Portfolio Model” Shatters Modern Attribution Attribution Resistance DPRK Cyber Portfolio

Attribution Resistance DPRK Cyber Portfolio

North Korea’s “Portfolio Model” Shatters Modern Attribution

Do Son April 10, 2026

North Korea’s cyber program has moved past the era of accidental growth into a period of “mature...

North Korean Hackers Pivot to AI: New npm Malware Targets Cursor, Claude, and Gemini Tokens AI Tool Targeting Contagious Interview

AI Tool Targeting Contagious Interview

North Korean Hackers Pivot to AI: New npm Malware Targets Cursor, Claude, and Gemini Tokens

Do Son April 10, 2026

In a calculated move that signals a new frontier in cyber espionage, North Korean threat actors have...

North Korean State Actors Linked to Massive $285 Million Drift Protocol Heist Drift Protocol Solana DeFi Hack

Drift Protocol Solana DeFi Hack

North Korean State Actors Linked to Massive $285 Million Drift Protocol Heist

Do Son April 8, 2026

On April 1, 2026, the decentralized finance (DeFi) world was rocked as attackers drained approximately USD 285...

The 1,700-Package Blitz: North Korea’s “Contagious Interview” Infiltrates Every Major Dev Registry Contagious Interview Malicious Packages

Contagious Interview Malicious Packages

The 1,700-Package Blitz: North Korea’s “Contagious Interview” Infiltrates Every Major Dev Registry

Do Son April 8, 2026

Researchers at Socket have identified a massive new cluster of malicious packages linked to North Korea’s notorious...

Takedown-Proof: Inside the Ethereum-Powered “EtherRAT” and North Korea’s New Blockchain Backdoor EtherRAT EtherHiding

EtherRAT EtherHiding

Takedown-Proof: Inside the Ethereum-Powered “EtherRAT” and North Korea’s New Blockchain Backdoor

Do Son April 1, 2026

In a sophisticated blend of social engineering and decentralized technology, eSentire’s Threat Response Unit (TRU) recently detected...

183 Million Targets: Inside the North Korean Supply Chain Strike on Axios and the WAVESHAPER Backdoor axios Supply Chain Attack WAVESHAPER.V2 SnappyBee Malware Salt Typhoon Stately Taurus ScoringMathTea RAT, Lazarus Reflective DLL

axios Supply Chain Attack WAVESHAPER.V2 SnappyBee Malware Salt Typhoon Stately Taurus ScoringMathTea RAT, Lazarus Reflective DLL

183 Million Targets: Inside the North Korean Supply Chain Strike on Axios and the WAVESHAPER Backdoor

Do Son April 1, 2026

The Google Threat Intelligence Group (GTIG) has issued an urgent warning regarding a sophisticated software supply chain...

Infiltrating the Infiltrators: Inside the Florida “Laptop Farm” and the DPRK’s Failed Strike on a Cyber Firm Conceptual network diagram of DPRK scam

Conceptual network diagram of DPRK scam

Infiltrating the Infiltrators: Inside the Florida “Laptop Farm” and the DPRK’s Failed Strike on a Cyber Firm

Do Son March 30, 2026

In an attempt to infiltrate the cybersecurity industry itself, a suspected North Korean (DPRK) IT worker recently...

The Contagious Interview: How NICKEL ALLEY Turns Your “Dream Job” into a North Korean Crypto Nightmare NICKEL ALLEY Contagious Interview

NICKEL ALLEY Contagious Interview

The Contagious Interview: How NICKEL ALLEY Turns Your “Dream Job” into a North Korean Crypto Nightmare

Do Son March 27, 2026

In a digital era where remote work and freelance gigs are the norm, a sophisticated threat group...

The $800M Inside Job: OFAC Sanctions North Korean IT Network Defrauding U.S. Businesses NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

The $800M Inside Job: OFAC Sanctions North Korean IT Network Defrauding U.S. Businesses

Do Son March 16, 2026

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has issued a major sanctions...

Dream Job or Nightmare? Lazarus Group Hunts Crypto Devs with “Graphalgo” Malware TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

Dream Job or Nightmare? Lazarus Group Hunts Crypto Devs with “Graphalgo” Malware

Do Son February 13, 2026

The notorious North Korean hacking syndicate, Lazarus Group, has launched a new, highly sophisticated branch of its...

Hydra Tactics: North Korea’s LABYRINTH CHOLLIMA Splits to Hunt Crypto & Secrets Iranian Hacktivists Operation Epic Fury Cyber New Generation Warfare Russian Hybrid Escalation Plex data breach Water Systems Cybersecurity - Threat Actor Naming Standard

Iranian Hacktivists Operation Epic Fury Cyber New Generation Warfare Russian Hybrid Escalation Plex data breach Water Systems Cybersecurity - Threat Actor Naming Standard

Hydra Tactics: North Korea’s LABYRINTH CHOLLIMA Splits to Hunt Crypto & Secrets

Do Son February 3, 2026

One of North Korea’s most aggressive cyber units has undergone a major strategic evolution, splitting into three...

“Contagious” Code: North Korean Hackers Infiltrate Developer Workflows via Visual Studio Code BlueNoroff macOS Attack GhostCall Campaign Carding Underground Bulletproof Hosting DPRK Contagious Interview, npm Flood Stonefly group -HiatusRAT Actors

BlueNoroff macOS Attack GhostCall Campaign Carding Underground Bulletproof Hosting DPRK Contagious Interview, npm Flood Stonefly group -HiatusRAT Actors

“Contagious” Code: North Korean Hackers Infiltrate Developer Workflows via Visual Studio Code

Do Son January 21, 2026

The “Contagious Interview” campaign, a sophisticated cyber-espionage operation attributed to North Korean (DPRK) threat actors, has evolved...