Cyberattack links North Korean hackers to ransomware used for extortions



News Cyberattack links North Korean hackers to ransomware used for extortions Researchers suspect collaboration between Lazarus Group and criminals behind the TFlower extortion campaign Nils Weisensee March 5, 2021 SHARE COPY LINK FACEBOOK X LINKEDIN MASTODON NK Pro (Pyongyang, North Korea / Archive Photo) A newly discovered connection between North Korea-linked malware and a recent type of ransomware suggests that the DPRK is attempting to scale its cybercrime operations, security firm Sygnia wrote in a report on Friday. Researchers at the company said they found that a new variant of the malicious software framework MATA, which had previously been linked to North Korea’s Lazarus Group, was used to install the TFlower ransomware. TFlower is a piece of malware created by hackers calling themselves the “TFlower Group,” which was not known to be affiliated with the DPRK. The report Read More © Korea Risk Group. All rights reserved. No part of this content may be reproduced, distributed, or used for commercial purposes without prior written permission from Korea Risk Group. LATEST ANALYSIS 01Navigating uncertainty: How Lee Jae-myung could overhaul North Korea policy 02North Korea puts finishing touches on Wonsan Kalma resort ahead of June opening 03North Korea poised to test more weapons in months ahead as 5-year deadline looms 04A third front: Japan’s missile buildup challenges North Korea’s defense plans 05What Arab Gulf states’ rise as mediators means for future US-North Korea talks 06North Korea prioritizes shipyard construction as major naval base project stalls 07North Korea heralds naval revolution with launch of impressive new destroyer 08How secret North Korean customs rules lay bare a bizarre trade regime

News

Cyberattack links North Korean hackers to ransomware used for extortions

Researchers suspect collaboration between Lazarus Group and criminals behind the TFlower extortion campaign

Nils Weisensee March 5, 2021

Cyberattack links North Korean hackers to ransomware used for extortions

NK Pro (Pyongyang, North Korea / Archive Photo)

A newly discovered connection between North Korea-linked malware and a recent type of ransomware suggests that the DPRK is attempting to scale its cybercrime operations, security firm Sygnia wrote in a report on Friday.

Researchers at the company said they found that a new variant of the malicious software framework MATA, which had previously been linked to North Korea’s Lazarus Group, was used to install the TFlower ransomware. TFlower is a piece of malware created by hackers calling themselves the “TFlower Group,” which was not known to be affiliated with the DPRK.

The report

01Navigating uncertainty: How Lee Jae-myung could overhaul North Korea policy
02North Korea puts finishing touches on Wonsan Kalma resort ahead of June opening
03North Korea poised to test more weapons in months ahead as 5-year deadline looms
04A third front: Japan’s missile buildup challenges North Korea’s defense plans
05What Arab Gulf states’ rise as mediators means for future US-North Korea talks
06North Korea prioritizes shipyard construction as major naval base project stalls
07North Korea heralds naval revolution with launch of impressive new destroyer
08How secret North Korean customs rules lay bare a bizarre trade regime

Cyberattack links North Korean hackers to ransomware used for extortions

LATEST ANALYSIS

Similar Articles

About the Author

Nils Weisensee