North Korea Archives

Students participate in a commemorative march near the Arch of Triumph in Pyongyang on April 25, 2025, to mark the 93rd anniversary of the Korean People’s Revolutionary Army. (Photo by KIM Won Jin / AFP)

North Korea’s ‘state-run syndicate’ looks at cyber operations as a survival mechanism

A new report from DTEX Systems is the deepest look at how North Korea’s remote IT workforce schemes are the tip of the iceberg when it comes…

May 15, 2025 By Greg Otto

North Korean operatives have infiltrated hundreds of Fortune 500 companies

Security leaders at Mandiant and Google Cloud say nearly every major company has hired or received applications from North Korean nationals working on behalf of the country’s…

Apr 30, 2025 By Matt Kapko

Cybersecurity vendors are themselves under attack by hackers, SentinelOne says

“It’s practically taboo” for cyber firms to talk about being targeted, but SentinelLabs said in a new report that it has observed multiple threats.

Apr 28, 2025 By Tim Starks

AI can help defenders stop nation-state threat actors at machine speed

Cyber defenders say AI technologies are quickly evolving to help stop sophisticated threat groups, including Chinese adversaries, from embedding themselves inside target organizations.

Apr 23, 2025 By Cynthia Brumfield

The money earned by remote North Korean IT workers is funding the North Korean weapons programs. (Getty Images)

The North Korea worker problem is bigger than you think

The yearslong scheme goes much deeper than contract work, extending to roles beyond traditional IT and sometimes granting the insider threat “keys to the kingdom,” DTEX President…

Mar 31, 2025 By Matt Kapko

Nation-state groups hit hundreds of organizations with Microsoft Windows zero-day

Trend Micro researchers discovered and reported the eight-year-old defect to Microsoft six months ago. The company hasn’t made any commitments to patch or remediate the issue.

Mar 20, 2025 By Matt Kapko

In this picture taken near the truce village of Panmunjom inside the demilitarized zone (DMZ) separating the two Koreas, a bird flies near a North Korean flag fluttering in the wind at the propaganda village of Gijungdong in North Korea on October 4, 2022. (Photo by ANTHONY WALLACE/AFP via Getty Images)

Lazarus Group deceives developers with 6 new malicious npm packages

Socket researchers said the malware-ridden packages were collectively downloaded over 330 times. GitHub removed all of the malicious packages Wednesday.

Mar 12, 2025 By Matt Kapko

Crypto analysts stunned by Lazarus Group’s capabilities in $1.46B Bybit theft

The amount stolen last week surpasses what the group was able to steal in all of 2024.

Feb 25, 2025 By Matt Kapko

Flags of Russia, North Korea, China and Iran together on textured wall; iStock/Getty Images Plus, Ruma Aktar

U.S. adversaries increasingly turning to cybercriminals and their malware for help

A Google Threat Intelligence Group report notes that Russia in particular has been doing this since the Ukraine war began.

Feb 11, 2025 By Tim Starks

Safe Mode

Google’s John Hultquist on how APTs are using generative AI

John Hultquist, Chief Analyst for Google Threat Intelligence Group

Feb 6, 2025 By CyberScoop Staff