Cyberattack links North Korean hackers to ransomware used for extortions
Researchers suspect collaboration between Lazarus Group and criminals behind the TFlower extortion campaign
A newly discovered connection between North Korea-linked malware and a recent type of ransomware suggests that the DPRK is attempting to scale its cybercrime operations, security firm Sygnia wrote in a report on Friday.
Researchers at the company said they found that a new variant of the malicious software framework MATA, which had previously been linked to North Korea’s Lazarus Group, was used to install the TFlower ransomware. TFlower is a piece of malware created by hackers calling themselves the “TFlower Group,” which was not known to be affiliated with the DPRK.
- 01Why normalizing US-North Korea relations is a prerequisite for denuclearization
- 02North Korean planes active at Pyongyang airport hours after runway missile test
- 03North Korea using US-ROK drills as cover to carry out missile tests, experts say
- 04State media review: North Korea says rusty American bombs threaten capital
- 05Why the US might not actually try to shoot down a North Korean ICBM over Pacific
- 06Huge swath of Pyongyang under construction after state mobilized young people
- 07How North Korea’s submarine-launched cruise missiles ratchet up risk of conflict
- 08North Korea’s solid-fuel missile salvo sends clear message to US, ROK