Kimsuky and Lazarus Hacker Groups Unveil New Tools

The notorious North Korean hacker groups Kimsuky and Lazarus have recently unveiled new cyber tools, escalating their threat capabilities in the global cybersecurity landscape. These groups, known for their sophisticated cyber espionage and financially motivated attacks, continue to evolve their tactics, techniques, and procedures (TTPs) to bypass security defenses. Kimsuky, primarily targeting South Korean entities, has introduced advanced malware variants designed for stealthy data exfiltration and persistent access. Meanwhile, Lazarus, infamous for high-profile attacks including ransomware and cryptocurrency theft, has expanded its arsenal with new modular malware that enhances operational flexibility and evasion. This development underscores the persistent cyber threat posed by state-sponsored actors leveraging cutting-edge technology to achieve geopolitical and financial objectives. Organizations worldwide must bolster their defenses by adopting proactive threat intelligence, continuous monitoring, and robust incident response strategies to mitigate risks associated with these evolving threats. The emergence of these new tools also highlights the importance of international collaboration in cybersecurity to detect, analyze, and counteract sophisticated attacks orchestrated by these groups. Staying informed about the latest threat actor capabilities is crucial for cybersecurity professionals aiming to protect critical infrastructure and sensitive information from increasingly complex cyberattacks.

This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 31 Oct 2025 08:45:45 +0000

Cyber News related to Kimsuky and Lazarus Hacker Groups Unveil New Tools

North Korea's Kimsuky Attacks Rivals' Trusted Platforms - North Korea-linked threat groups are increasingly using living-off-the-land (LotL) techniques and trusted services to evade detection, with a recent Kimsuky campaign showcasing the use of PowerShell scripts and storing data in Dropbox folders, along ...
9 months ago Darkreading.com Andariel Kimsuky

CVE-2023-53649 - In the Linux kernel, the following vulnerability has been resolved: ...
1 month ago

Kimsuky and Lazarus Hacker Groups Unveil New Tools - The notorious North Korean hacker groups Kimsuky and Lazarus have recently unveiled new cyber tools, escalating their threat capabilities in the global cybersecurity landscape. These groups, known for their sophisticated cyber espionage and ...
4 weeks ago Cybersecuritynews.com CVE-2023-28252 CVE-2023-4863 Kimsuky Lazarus

North Korea-linked APT Kimsuky targeted German defense firm Diehl Defence - North Korea-linked APT group Kimsuky has been linked to a cyberattack on Diehl Defence, a defense firm specializing in the production of advanced military systems. “Researchers from Mandiant, a Google subsidiary, uncovered and analyzed a ...
1 year ago Securityaffairs.com Kimsuky

North Korean Hacker Group Kimsuky Deploys New Linux Malware 'Gomir' via Trojanized Software Installers - Kimsuky, linked to North Korea's military intelligence, the Reconnaissance General Bureau, has a history of sophisticated cyber attacks aimed primarily at South Korean entities. In early February 2024, researchers at SW2, a threat intelligence ...
1 year ago Cysecurity.news Kimsuky

Lazarus hackers drop new RAT malware using 2-year-old Log4j bug - The new malware are two remote access trojans named NineRAT and DLRAT and a malware downloader named BottomLoader. The D programming language is rarely seen in cybercrime operations, so Lazarus probably chose it for new malware development to evade ...
1 year ago Bleepingcomputer.com

Exposed Kim Dump Exposes Kimsuky Hackers - The recent leak known as the "Exposed Kim Dump" has unveiled critical insights into the operations of the Kimsuky hacker group, a notorious North Korean cyber espionage entity. This dump includes a wealth of data that sheds light on Kimsuky's ...
2 months ago Cybersecuritynews.com Kimsuky

Feds Seize 'Sinbad' Crypto Mixer Used by North Korea's Lazarus - In its continued efforts to crack down on North Korea's most formidable state-sponsored threat group, the US government has seized a virtual currency mixer that has been serving as the principal way the group launders money stolen from its ...
1 year ago Darkreading.com Lazarus Group

US govt sanctions North Korea's Kimsuky hacking group - The Treasury Department's Office of Foreign Assets Control has sanctioned the North Korean-backed Kimsuky hacking group for stealing intelligence in support of the country's strategic goals. OFAC has also sanctioned eight North Korean agents for ...
1 year ago Bleepingcomputer.com Andariel Kimsuky

North Korean hackers exploit critical TeamCity flaw to breach networks - Microsoft says that the North Korean Lazarus and Andariel hacking groups are exploiting the CVE-2023-42793 flaw in TeamCity servers to deploy backdoor malware, likely to conduct software supply chain attacks. In September, TeamCity fixed a critical ...
1 year ago Bleepingcomputer.com CVE-2023-42793 Andariel

Lazarus Group is No Longer Consider a Single APT Group, But Collection of Many Sub Groups - The cybersecurity landscape is witnessing a growing complexity in the attribution of Advanced Persistent Threat (APT) actors, particularly the North Korean-linked Lazarus group. For instance, Bureau325 and APT43 have been identified as entities that ...
7 months ago Cybersecuritynews.com Kimsuky Lazarus Group

North Korea's state hackers stole $3 billion in crypto since 2017 - North Korean-backed state hackers have stolen an estimated $3 billion in a long string of hacks targeting the cryptocurrency industry over the last six years since January 2017. Kimsuky, Lazarus Group, Andariel, and other North Korean hacking groups ...
1 year ago Bleepingcomputer.com Andariel Kimsuky Lazarus Group

8 Tips on Leveraging AI Tools Without Compromising Security - Forecasts like the Nielsen Norman Group estimating that AI tools may improve an employee's productivity by 66% have companies everywhere wanting to leverage these tools immediately. How can companies employ these powerful AI/ML tools without ...
1 year ago Darkreading.com

Kimsuky Group Using Weaponized file Deploy AppleSeed Malware - Hackers use weaponized LNK files to exploit vulnerabilities in Windows operating systems. These files often contain malicious code that can be executed when the user clicks on the shortcut. These weaponized files allow threat actors to perform ...
1 year ago Cybersecuritynews.com Kimsuky

Lazarus hackers breach six companies in watering hole attacks - In the incidents analyzed by Kaspersky, victims are redirected to sites that mimick software vendors, such as the distributor of Cross EX - a tool that enables South Koreans to use security software in various web browsers for online banking and ...
7 months ago Bleepingcomputer.com

UK, ROK sound alarm over North Korean supply chain attacks The Register - The national cybersecurity organizations of the UK and the Republic of Korea have issued a joint advisory warning of an increased volume and sophistication of North Korean software supply chain attacks. "In an increasingly digital and interconnected ...
1 year ago Theregister.com Lazarus Group

North Korean Hackers Developing Malware in Dlang Programming Language - The North Korea-linked hacking group Lazarus has been observed deploying Dlang malware in attacks against organizations in the manufacturing, agriculture, and physical security sectors, Cisco's Talos security researchers report. Released in 2001, ...
1 year ago Packetstormsecurity.com Andariel

Kimsuky - Kimsuky, also known as Velvet Chollima and Black Banshee, is a North Korean state-backed hacker group. The group has been active since at least 2012 and initially focused on targeting South Korean government entities, think tanks, and individuals ...
1 year ago Kimsuky

Kimsuky Hackers Deploy Weaponized LNK File in Latest Espionage Campaign - Kimsuky, a notorious North Korean hacker group, has been observed deploying a weaponized LNK file in their latest cyber espionage campaign. This attack vector leverages malicious shortcut files to execute payloads stealthily on targeted systems, ...
2 months ago Cybersecuritynews.com Kimsuky

ClickFake Interview - Lazarus Hackers Exploit Windows & macOS Users Fake Job Campaign - The ClickFake Interview campaign builds upon the tactics of Contagious Interview, which targeted software developers via fake job interviews conducted on platforms like LinkedIn or X (formerly Twitter). The Lazarus Group, a North Korean ...
7 months ago Cybersecuritynews.com Lazarus Group

Hacker Conversations: Chris Evans, Hacker and CISO - Chris Evans is CISO and chief hacking officer at HackerOne. SecurityWeek's Hacker Conversations series seeks to understand the mind and motivations of hackers by talking to hackers. Evans challenges the common perception of both hackers and their ...
1 year ago Securityweek.com Silence

North Korean hackers adopt ClickFix attacks to target crypto firms - Sekoia says that Lazarus impersonates numerous well-known companies in the latest campaign, including Coinbase, KuCoin, Kraken, Circle, Securitize, BlockFi, Tether, Robinhood, and Bybit, from which the North Korean threat actors recently stole a ...
7 months ago Bleepingcomputer.com

North Korea-Linked Group Levels Multistage Cyberattack on South Korea - North Korea-linked threat group Kimsuky has adopted a longer, eight-stage attack chain that abuses legitimate cloud services and employs evasive malware to conduct cyber espionage and financial crimes against South Korean entities. NET applications - ...
1 year ago Darkreading.com Kimsuky

OKX suspends DEX aggregator after Lazarus hackers try to launder funds - OKX Web3 has decided to suspend its DEX aggregator services to implement security upgrades following reports of abuse by the notorious North Korean Lazarus hackers, who recently conducted a $1.5 billion crypto heist. OKX is a leading global ...
8 months ago Bleepingcomputer.com Lazarus Group