North
-
Blog
North Korean hackers deepfake execs in Zoom call to spread Mac malware
The North Korean BlueNoroff hacking group is deepfaking company executives during Zoom calls to trick employees into installing custom malware on their macOS devices. BlueNoroff (aka Sapphire Sleet or TA444) is a North Korean advanced persistent threat (APT) group known for conducting cryptocurrency theft attacks using Windows and Mac malware. Huntress researchers uncovered a new BlueNoroff attack on June 11, 2025,…
Read More » -
Blog
North Face, Cartier among latest retail cyber attack victims – here’s what we know so far
Outdoor clothing company North Face and luxury jeweler Cartier are the latest retailers to be hit by cyber attacks following a spate of incidents across the industry. Cartier hasn’t specified when the attack took place, but told customers that it had contained the issue and ramped up protection of its systems and data. The luxury retailer has informed relevant authorities…
Read More » -
Blog
North Carolina clinics notify 23K people of data breach; SSNs, financial and medical info leaked
Compassion Health Care in North Carolina this week confirmed it notified 23,282 people of a March 2025 data breach that compromised the following patient info: Names Social Security numbers Driver’s license numbers Health insurance info Claims info Clinical/diagnostic info Addresses Phone numbers Dates of birth And the following employee info: Names Social Security numbers Financial account info Bank and routing…
Read More » -
Blog
The North Face warns customers of April credential stuffing attack
Outdoor apparel retailer The North Face is warning customers that their personal information was stolen in credential stuffing attacks targeting the company’s website in April. The North Face is a major American outdoor apparel and equipment brand owned by VF Corporation that also controls Vans, Timberland, and Dickies. The North Face generates over $3 billion in annual revenue, making it…
Read More » -
Blog
North Korea ramps up cyberspying in Ukraine to assess war risk
The state-backed North Korean threat group Konni (Opal Sleet, TA406) was observed targeting Ukrainian government entities in intelligence collection operations. The attackers use phishing emails that impersonate think tanks, referencing important political events or military developments to lure their targets. Proofpoint researchers who discovered the activity in February 2025 suggest that it’s likely an effort to support the DPRK’s military…
Read More » -
Blog
North Korean Hackers Disguised as IT Workers Targeting UK, European Companies
Image: DC_Studio/Envato North Korean hackers who disguise themselves as IT workers are applying for work in the U.K., according to Google Threat Intelligence Group. Success in the U.S. is declining due to rising awareness of their tactics, indictments, and right-to-work verification challenges, prompting them to turn elsewhere. The attackers pose as legitimate remote workers, looking to generate revenue, access sensitive…
Read More » -
Blog
Google warns that fake North Korean IT workers have expanded to Europe
Google is warning that the recent spate of North Korean fake IT workers has spread outside the US and into Europe. Over the last few years, individuals from the Democratic People’s Republic of Korea (DPRK) have been posing as remote IT staff and applying for jobs with US companies. The candidates claim to be based anywhere in the world –…
Read More » -
Blog
North Korean IT worker army expands operations in Europe
North Korea’s IT workers have expanded operations beyond the United States and are now increasingly targeting organizations across Europe. Also referred to as “IT warriors,” they hide their true identities and pose as workers based in other countries by connecting via laptop farms to fraudulently secure positions as remote freelance IT employees at companies worldwide to generate revenue for the…
Read More » -
Blog
New North Korean Android spyware slips onto Google Play
A new Android spyware named ‘KoSpy’ is linked to North Korean threat actors who have infiltrated Google Play and third-party app store APKPure through at least five malicious apps. According to Lookout researchers, the spyware is attributed to the North Korean threat group APT37 (aka ‘ScarCruft’). The campaign has been active since March 2022, with the threat actors actively developing the…
Read More » -
Blog
North Korean Lazarus hackers infect hundreds via npm packages
Six malicious packages have been identified on npm (Node package manager) linked to the notorious North Korean hacking group Lazarus. The packages, which have been downloaded 330 times, are designed to steal account credentials, deploy backdoors on compromised systems, and extract sensitive cryptocurrency information. The Socket Research Team discovered the campaign, which linked it to previously known Lazarus supply chain operations.…
Read More »