#north-korea
10 articles
This archive collects 10 articles tagged north-korea published between April 13, 2026 and May 6, 2026, giving security teams a focused view of how this topic has appeared across ZCyberNews coverage. Observed actor references include Lazarus Group, APT37, and APT37 (ScarCruft, InkySquid), presented only where the underlying article metadata supports the attribution. The affected-scope signals emphasize cryptocurrency, technology, and financial services across Global, Asia, and Europe, helping readers compare exposure patterns without adding claims beyond the archive data. Severity coverage includes 1 critical, and 9 high reports.
HIGHAPT37 Targets Ethnic Koreans in China With Android BirdCall Malware
ESET says APT37 compromised Sqgame card game platform to deliver BirdCall backdoor to Android devices, stealing SMS, call logs, and private keys from ethnic Koreans in Yanbian.
CRITICALNorth Korea Laundered 76% of All Stolen Crypto in 2026
North Korean hackers laundered 76% of all stolen cryptocurrency in 2026 — $2.3 billion — per Chainalysis.
HIGHBlueNoroff Fakes Zoom Calls to Lure Crypto Execs
BlueNoroff uses stolen video, AI avatars, and fake Zoom invites to turn crypto executives into attack lures.
HIGHLazarus Hijacks macOS via ClickFix to Target Executives
Lazarus APT uses ClickFix social engineering to deliver macOS malware — fake browser update prompts trick executives into running AppleScript payloads that steal credentials and…
HIGHNorth Korean Hackers Steal $12 Million in Crypto via Trojanized
North Korean hackers siphoned over $12 million from crypto users in Q1 2026 using trojanized trading apps like CoinStats and TradingView AI Agent to steal recovery phrases and…
HIGHNorth Korean Fake Job Scams Spread Malware via 'Contagious Interview'
North Korean operatives use a 'contagious interview' tactic, where a compromised developer's GitHub repo spreads RATs to other job seekers.
HIGHNorth Korean Operatives Use AI and Fake Identities to Infiltrate Companies via
North Korean operatives are using AI tools and forged documents to pass remote job interviews, according to Flare research. The tactic aims to place threat actors inside target companies for long-term espionage and network access.
HIGHUNC1069 Targets Crypto Professionals with Fake Zoom and Teams Meetings
North Korean threat actor UNC1069 lures Web3 professionals with fake Zoom and Microsoft Teams meetings to deploy malware that steals cryptocurrency, according to new research.
HIGHSapphire Sleet Targets macOS Users with Fake Zoom SDK Update
North Korean threat actor Sapphire Sleet is distributing a new macOS malware via a fake Zoom SDK installer, stealing passwords, crypto wallets, and personal data through a multi-stage social engineering campaign.
HIGHAPT37 Targets Individuals via Facebook to Deploy RokRAT Malware
North Korea's APT37 group is conducting a social engineering campaign on Facebook, using fake profiles to build trust and deliver the RokRAT remote access trojan to targeted individuals.
Stay Updated
Get the latest cybersecurity news delivered to your inbox.