Tag: Lazarus Group
-
Two Strikes, Half a Billion: How North Korean Hackers Seized 76% of All Stolen Crypto in Just 120 Days
North Korean cyber-operatives have once again demonstrated how a handful of precision strikes can fundamentally reshape annual cryptocurrency crime statistics. According to data from TRM Labs, between January and April 2026, groups affiliated with the Democratic People’s Republic of Korea (DPRK) accounted for 76% of all losses sustained via crypto-industry breaches, despite these losses originating…
-
The $1.5M Purrlend Heist: Cross-Chain Chaos Signals a Brutal $800M Month for DeFi Security
The cryptocurrency landscape has received yet another ominous signal as adversaries successfully breached yet another DeFi platform, leaving users to await an investigation only after the capital had already been exfiltrated from the protocol. This latest incursion targeted Purrlend, a decentralized lending service operating across the MegaETH and HyperEVM networks. Purrlend disclosed that it had…
-
Disposable Code: Inside North Korea’s “Burn-on-Detection” Malware Assembly Line
North Korea has long since transmuted its malicious software development into a sophisticated assembly line, where each instrument is characterized by a brief operational lifespan yet remains meticulously calibrated for a singular objective. This strategic paradigm enables Pyongyang to orchestrate concurrent campaigns of cyber espionage, financial exfiltration, and disruptive incursions without conflating their respective access…
-
Encrypted Deception: Cisco Talos Unmasks “Dohdoor” and the Stealthy UAT-10027 Campaign Targeting Healthcare
Since the twilight of 2025, Cisco Talos has been vigilantly tracking a malicious campaign directed against educational and healthcare institutions within the United States. Researchers attribute this coordinated activity to the threat actor UAT-10027 and have delineated a novel backdoor christened “Dohdoor.” Its defining characteristic is its reliance on DNS over HTTPS (DoH) for command…
-
The High-Stakes Heist: How BlueNoroff AI-Driven Attacks Are Draining Web3
The BlueNoroff threat collective has long since transmuted cybercrime into a sophisticated enterprise where tens of millions of dollars, cryptocurrency reserves, and entire financial ecosystems serve as the high-stakes prizes. A comprehensive dossier by Picus Security meticulously charts the group’s trajectory; having originated with audacious assaults on traditional banking institutions, BlueNoroff has incrementally evolved into…
-
The $2 Billion Heist: North Korea Smashes Crypto Theft Records in 2025
In 2025, hackers linked to North Korea stole a record-breaking two billion dollars in cryptocurrency—51% more than the previous year. Notably, the number of attacks declined even as the damage escalated. According to Chainalysis, the cumulative “take” of North Korean hackers since the onset of their operations has surpassed $6.75 billion, accounting for more than…
-
Shared Shadows: Hunt.io Uncovers the Unified Staging Grounds of Lazarus and Kimsuky
Groups operating in the interests of the DPRK continue to aggressively expand their infrastructure for cyber espionage, financial attacks, and long-term persistence within compromised systems. This is evidenced by the findings of a joint investigation conducted by Hunt.io and the Acronis Threat Research Unit, which uncovered close links between the infrastructures of the Lazarus and…
-
Lazarus Exposed: Real-Time Sting Tracks North Korean Hackers Recruiting Remote Employees
A joint investigation by BCA LTD, NorthScan, and ANY.RUN has revealed, in real time, one of North Korea’s most covert cyber-operations. The team managed, under the guise of an ordinary hiring process, to track how operators of Lazarus Group — specifically its Famous Chollima subunit — are embedded into companies worldwide as remote IT employees…
-
Lazarus Group Stole $1.4B in Crypto; Will Use AI & Deepfakes for 2026 Attacks
North Korea’s Lazarus hacking collective is intensifying its targeted phishing campaigns against cryptocurrency platforms and individual investors, amassing hundreds of millions of dollars in illicit gains. According to a report by AhnLab, the group is expected to adopt even more sophisticated spear-phishing tactics in 2026, increasingly leveraging AI, deepfakes, and advanced evasion techniques to bypass…
-
AI Deception: BlueNoroff APT Uses Fake Zoom Calls to Hack Web3 Executives
The BlueNoroff group — long linked to Lazarus — has begun incorporating generative AI into operations targeting executives and developers of blockchain projects, Kaspersky GReAT researchers reported at the Security Analyst Summit 2025 in Thailand. Since April 2025 they have observed two active campaigns, GhostCall and GhostHire, aimed at cryptocurrency and Web3 organisations across India,…
-
Operation DreamJob: Lazarus Targets European Drone Makers with Malware Lures
The Lazarus hacking group has resurfaced—this time targeting European defence firms engaged in unmanned aerial systems development. ESET traces the activity to the DreamJob campaign, attributed to North Korea, which habitually employs bogus job offers to infect targets with malware. On this occasion three companies in Central and Southeastern Europe were compromised, including a supplier…
-
Lazarus Group’s New Target: How North Korean Hackers Stole $14M from WOO X
On July 24, 2025, the cryptocurrency platform WOO X suffered a sophisticated targeted attack in which $14 million was siphoned from nine user accounts. All evidence points to the operation being orchestrated by the North Korean hacking collective UNC4899 (also known as Lazarus Group, TraderTraitor, or Jade Sleet), operating under the auspices of the DPRK’s…
-
Inside the War on Crypto: Coinbase CEO Details Fight Against North Korean Hackers
With each passing year, the number of cryptocurrency-related attacks orchestrated by North Korean groups continues to grow. Their methods are becoming increasingly sophisticated—ranging from large-scale breaches to infiltrating companies through planted employees. Coinbase CEO Brian Armstrong highlighted this trend, stressing that the company has been forced to adopt ever-stricter measures to safeguard its systems. The…
-
North Korea’s Digital Heist: The £17M Crypto Theft That Brought Down an Exchange
The United Kingdom has formally accused North Korea of stealing £17 million ($22.8 million) in cryptocurrency from Lykke, a London-registered exchange. The breach forced the platform to suspend operations, cease activity altogether, and ultimately undergo court-ordered liquidation. According to the UK Office of Financial Sanctions Implementation (OFSI), the attack targeted both the Bitcoin and Ethereum…
-
Lazarus Group’s Covert Supply Chain Attack: North Korean APT Poisons Open Source to Steal Developer Secrets
In the first half of 2025, Sonatype uncovered a large-scale, ongoing assault on the open-source software ecosystem, orchestrated by the North Korean threat actor known as Lazarus. Sonatype’s automated malware detection systems were the first to identify this campaign, which involved adversaries disguising malicious libraries as popular developer tools. These components were not designed for…
-
CoinsPaid Hit by Second Major Cyberattack in Six Months: $7.5 Million Compromised
The cryptocurrency payment gateway CoinsPaid has encountered its second cyberattack in the last six months. According to the Web3 security firm Cyvers, unauthorized transactions amounting to approximately 7.5 million dollars were detected. On January 6th, Cyvers’ artificial intelligence system identified a series of suspicious activities involving the withdrawal of digital assets totaling 6.1 million dollars,…