Hackers from North Korea Aimed at Medical and Energy Industries

The North Korean Lazarus hacking group has been identified as the perpetrator of a recent cyber espionage operation known as No Pineapple!. This designation highlights the group's malicious activities and its ability to carry out sophisticated cyberattacks. During the No Pineapple! campaign, the hackers were able to extract 100GB of data from their target without causing any harm or damage. WithSecure, formerly known as F-Secure, named the campaign No Pineapple! due to an error message present in one of the backdoors used by the Lazarus hacking group. The hackers used known vulnerabilities in unpatched Zimbra devices to infiltrate and compromise the systems of their target. The campaign ran from August to November of 2022 and targeted organizations in specific industries. On August 22nd, the Lazarus hacking group exploited two vulnerabilities in the Zimbra mail server to gain access to the network. WithSecure was able to attribute the No Pineapple! campaign to the Lazarus hacking group through various pieces of evidence, while also observing some new developments in the group's tactics and methods. The hackers used IP addresses without domain names in their new infrastructure, updated the Dtrack info-stealer malware with a new version, and updated the GREASE malware to include a new feature that allows the creation of admin accounts and bypass protection. The hackers also used tunneling tools to create reverse tunnels that connected back to their own infrastructure, allowing them to bypass the firewall and maintain persistent access to the victim's network. The attackers then extracted around 5 gigabytes of email messages from the server and stored them in a CSV file which was saved locally and then uploaded to the server that is under the control of the threat actors. On November 5th, the Lazarus hacking group had successfully stolen 100GB of data from the victim organization. An investigation conducted by WithSecure on the network logs obtained from the impacted system uncovered that one of the web shells implanted by the attackers was communicating with a North Korean IP address, which was likely a mistake on the part of the hackers.

This Cyber News was published on cybersecuritynews.com. Publication date: Sat, 04 Feb 2023 16:18:02 +0000


Cyber News related to Hackers from North Korea Aimed at Medical and Energy Industries

Renewable Energy Technology: Powering the Future - Engage in the discussion on how renewable energy technology is set to revolutionize our world and reshape the energy landscape for future generations. From rooftop solar panels to large solar farms, this renewable technology is leading us towards ...
6 months ago Securityzap.com
Investing in Africa's Clean Energy Transition - Among our vision, we see the transition to clean energy not just as a necessity, but as a catalyst for inclusive growth and digital innovation. Africa's energy landscape is confronting a critical shortfall, with roughly 600 million people in ...
9 months ago Feedpress.me
Experts from the United Nations Report North Korean Hackers Have Taken a Large Amount of Digital Assets - Last year, North Korean hackers working for the government stole a record-breaking amount of virtual assets estimated to be worth between $630 million and more than $1 billion, according to a new report from U.N. experts. The panel of experts said ...
1 year ago Securityweek.com
North Korea's state hackers stole $3 billion in crypto since 2017 - North Korean-backed state hackers have stolen an estimated $3 billion in a long string of hacks targeting the cryptocurrency industry over the last six years since January 2017. Kimsuky, Lazarus Group, Andariel, and other North Korean hacking groups ...
10 months ago Bleepingcomputer.com
North Korean Hackers Utilizing Credential Stuffing to Launch Cyberattacks - In an alarming new report, researchers found that North Korean-linked hackers have been using stolen passwords during cyberattacks to gain access to various government, military and financial networks. According to security experts, the creative ...
1 year ago Thehackernews.com
North Korean Hackers Behind Major Cyberattacks, Confirmed by FBI - The FBI released a statement confirming that North Korea was behind a series of major cyberattacks in the past year. It is the first time that the FBI has attributed such activity to North Korea. The attacks included intrusions into networks, ...
1 year ago Thehackernews.com
State-Sponsored APT Groups Use Ransomware Tactics for Intelligence Gathering and Sabotage - State-sponsored threat groups are increasingly using ransomware-like tactics to hide more insidious activities. Russian APT group Sandworm has used ransomware programs to destroy data multiple times in the past six months, while North Korea's Lazarus ...
1 year ago Csoonline.com
North Korean Hackers Use Fake Job Offers & Salary Bumps as Lure for Crypto Theft - Recent investigations have uncovered a massive operation carried out by North Korean hackers looking to steal cryptocurrency through fake job offers and salary bumps. According to recent reports, hackers have been able to trace the malicious ...
1 year ago Therecord.media
US, Japan and South Korea Unite to Counter North Korean Cyber Activiti - The US, Japan and South Korea have established a high-level consultative body designed to counter North Korea's cyber activities. A key purpose of the new group is to prevent cyber-attacks and crypto heists used to fund North Korea's weapons ...
10 months ago Infosecurity-magazine.com
Seoul Police Reveals: North Korean Hackers Stole South Korean Anti-Aircraft Data - South Korea: Seoul police have charged Andariel, a North Korea-based hacker group for stealing critical defense secrets from South Korea's defense companies. Allegedly, the laundering ransomware is redirected to North Korea. One of the 1.2 terabytes ...
10 months ago Cysecurity.news
Woman Accused of Helping North Korean IT Workers Infiltrate Hundreds of US Firms - The US government has announced charges, seizures, arrests and rewards as part of an effort to disrupt a scheme in which North Korean IT workers infiltrated hundreds of companies and earned millions of dollars for North Korea. According to the ...
4 months ago Securityweek.com
U.S DOE Announces $70 Million Funding for Improving - Funding that will support research into tech Today, the U.S. Department of Energy announced funding of up to $70 million to support research into technologies intended to reduce risks and increase resilience to energy delivery infrastructure from a ...
9 months ago Cysecurity.news
US govt sanctions North Korea's Kimsuky hacking group - The Treasury Department's Office of Foreign Assets Control has sanctioned the North Korean-backed Kimsuky hacking group for stealing intelligence in support of the country's strategic goals. OFAC has also sanctioned eight North Korean agents for ...
10 months ago Bleepingcomputer.com
North Korean Hackers Attacked Indian Medical and Energy Companies - The North Korean military's notorious hacking arm, known as the Lazarus Group, has been accused of targeting public and private sector research organizations, an Indian medical research company, and other businesses in the energy sector. Security ...
1 year ago Therecord.media
Smart Thermostats: Savings and Comfort at Your Fingertips - Smart thermostats offer a modern approach to home temperature control that can provide significant energy savings and enhanced comfort. Smart thermostats offer cost effectiveness, improved indoor air quality, enhanced comfort and convenience, and ...
9 months ago Securityzap.com
North Korea APT Slapped With Cyber Sanctions After Satellite Launch - The US Department of the Treasury Office of Foreign Assets Control has announced it has sanctioned cyberespionage group Kimsuky for collecting intelligence on behalf of the Democratic People's Republic of Korea. The OFAC said the sanctions are ...
10 months ago Darkreading.com
North Korea-linked APT Kimsuky targeted German defense firm Diehl Defence - North Korea-linked APT group Kimsuky has been linked to a cyberattack on Diehl Defence, a defense firm specializing in the production of advanced military systems. “Researchers from Mandiant, a Google subsidiary, uncovered and analyzed a ...
1 week ago Securityaffairs.com
FBI Charges North Korean Hackers Over $100 Million Stolen in Crypto Hack - The FBI has recently charged a North Korean hacker in connection with the Harmony crypto hack from which the hacker allegedly stole over $100 million. The hacker, Jon Chang Hyok, is a member of the North Korean military intelligence agency, the ...
1 year ago Bleepingcomputer.com
Energy-Efficient Home Automation: Saving the Planet and Your Wallet - Home automation solutions offer an array of benefits, from improved convenience to decreased energy bills. This article will explore the types of home automation systems available, as well as their cost and potential for energy efficiency. The ...
10 months ago Securityzap.com
North Korean Hackers Stole $600m in Crypto in 2023 - North Korean hackers stole at least $600m in cryptocurrency in 2023, around a third of the total value of such heists, according to blockchain intelligence firm TRM. Despite the eye-watering sum, this figure represents a 30% reduction on ...
9 months ago Infosecurity-magazine.com
Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks - Microsoft has identified a new North Korean threat actor, now tracked as Moonstone Sleet, that uses both a combination of many tried-and-true techniques used by other North Korean threat actors and unique attack methodologies to target companies for ...
4 months ago Microsoft.com
Hackers from North Korea Aimed at Medical and Energy Industries - The North Korean Lazarus hacking group has been identified as the perpetrator of a recent cyber espionage operation known as No Pineapple!. This designation highlights the group's malicious activities and its ability to carry out sophisticated ...
1 year ago Cybersecuritynews.com
Understanding Medical Device Regulation Technology - With healthcare facilities constantly evolving, the medical device industry is becoming increasingly more regulated. As the need for the efficient and safe use of medical technology increases, so too does the adoption of medical device regulation ...
1 year ago Hackread.com
UK, ROK sound alarm over North Korean supply chain attacks The Register - The national cybersecurity organizations of the UK and the Republic of Korea have issued a joint advisory warning of an increased volume and sophistication of North Korean software supply chain attacks. "In an increasingly digital and interconnected ...
10 months ago Theregister.com
How 'Big 4' Nations' Cyber Capabilities Threaten the West - COMMENTARY. There are four nations deemed by the US and UK governments to pose the greatest threat to the West. Russia's cyber-threat activities are primarily focused on offensive cyber operations, China's are focused on cyber espionage, Iran's on ...
8 months ago Darkreading.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)