Cyberattack links North Korean hackers to ransomware used for extortions
Researchers suspect collaboration between Lazarus Group and criminals behind the TFlower extortion campaign
A newly discovered connection between North Korea-linked malware and a recent type of ransomware suggests that the DPRK is attempting to scale its cybercrime operations, security firm Sygnia wrote in a report on Friday.
Researchers at the company said they found that a new variant of the malicious software framework MATA, which had previously been linked to North Korea’s Lazarus Group, was used to install the TFlower ransomware. TFlower is a piece of malware created by hackers calling themselves the “TFlower Group,” which was not known to be affiliated with the DPRK.
- 01Resuming inter-Korean hotline communications: What it means
- 02NK Pro briefing: Humanitarian aid and the civil environment of North Korea
- 03North Korea’s five-year strategy set outlandish targets for economic growth
- 04Overtaxed cell network and shoddy construction pose risks in North Korea
- 05Power, fuel, and roads: North Korea’s severe infrastructure risks
- 06How North Korea’s poor infrastructure could compound devastation in a disaster
- 07North Korean documents suggest economy worse off than previously known
- 08Kim family using newly-remodeled ‘amusement park’ boat on east coast: imagery