North
-
Blog
North Carolina clinics notify 23K people of data breach; SSNs, financial and medical info leaked
Compassion Health Care in North Carolina this week confirmed it notified 23,282 people of a March 2025 data breach that compromised the following patient info: Names Social Security numbers Driver’s license numbers Health insurance info Claims info Clinical/diagnostic info Addresses Phone numbers Dates of birth And the following employee info: Names Social Security numbers Financial account info Bank and routing…
Read More » -
Blog
The North Face warns customers of April credential stuffing attack
Outdoor apparel retailer The North Face is warning customers that their personal information was stolen in credential stuffing attacks targeting the company’s website in April. The North Face is a major American outdoor apparel and equipment brand owned by VF Corporation that also controls Vans, Timberland, and Dickies. The North Face generates over $3 billion in annual revenue, making it…
Read More » -
Blog
North Korea ramps up cyberspying in Ukraine to assess war risk
The state-backed North Korean threat group Konni (Opal Sleet, TA406) was observed targeting Ukrainian government entities in intelligence collection operations. The attackers use phishing emails that impersonate think tanks, referencing important political events or military developments to lure their targets. Proofpoint researchers who discovered the activity in February 2025 suggest that it’s likely an effort to support the DPRK’s military…
Read More » -
Blog
North Korean Hackers Disguised as IT Workers Targeting UK, European Companies
Image: DC_Studio/Envato North Korean hackers who disguise themselves as IT workers are applying for work in the U.K., according to Google Threat Intelligence Group. Success in the U.S. is declining due to rising awareness of their tactics, indictments, and right-to-work verification challenges, prompting them to turn elsewhere. The attackers pose as legitimate remote workers, looking to generate revenue, access sensitive…
Read More » -
Blog
Google warns that fake North Korean IT workers have expanded to Europe
Google is warning that the recent spate of North Korean fake IT workers has spread outside the US and into Europe. Over the last few years, individuals from the Democratic People’s Republic of Korea (DPRK) have been posing as remote IT staff and applying for jobs with US companies. The candidates claim to be based anywhere in the world –…
Read More » -
Blog
North Korean IT worker army expands operations in Europe
North Korea’s IT workers have expanded operations beyond the United States and are now increasingly targeting organizations across Europe. Also referred to as “IT warriors,” they hide their true identities and pose as workers based in other countries by connecting via laptop farms to fraudulently secure positions as remote freelance IT employees at companies worldwide to generate revenue for the…
Read More » -
Blog
New North Korean Android spyware slips onto Google Play
A new Android spyware named ‘KoSpy’ is linked to North Korean threat actors who have infiltrated Google Play and third-party app store APKPure through at least five malicious apps. According to Lookout researchers, the spyware is attributed to the North Korean threat group APT37 (aka ‘ScarCruft’). The campaign has been active since March 2022, with the threat actors actively developing the…
Read More » -
Blog
North Korean Lazarus hackers infect hundreds via npm packages
Six malicious packages have been identified on npm (Node package manager) linked to the notorious North Korean hacking group Lazarus. The packages, which have been downloaded 330 times, are designed to steal account credentials, deploy backdoors on compromised systems, and extract sensitive cryptocurrency information. The Socket Research Team discovered the campaign, which linked it to previously known Lazarus supply chain operations.…
Read More » -
Blog
North Korean hackers join Qilin ransomware gang
Microsoft says a North Korean hacking group tracked as Moonstone Sleet has deployed Qilin ransomware payloads in a limited number of recent attacks. “Since late February 2025, Microsoft has observed Moonstone Sleet, a North Korean state actor, deploying Qilin ransomware at a limited number of orgs,” the company’s threat intelligence experts said this week “Moonstone Sleet has previously exclusively deployed their…
Read More » -
Blog
OpenAI bans ChatGPT accounts used by North Korean hackers
OpenAI says it blocked several North Korean hacking groups from using its ChatGPT platform to research future targets and find ways to hack into their networks. “We banned accounts demonstrating activity potentially associated with publicly reported Democratic People’s Republic of Korea (DPRK)-affiliated threat actors,” the company said in its February 2025 threat intelligence report. “Some of these accounts engaged in…
Read More »