Cyberattack links North Korean hackers to ransomware used for extortions
Researchers suspect collaboration between Lazarus Group and criminals behind the TFlower extortion campaign
A newly discovered connection between North Korea-linked malware and a recent type of ransomware suggests that the DPRK is attempting to scale its cybercrime operations, security firm Sygnia wrote in a report on Friday.
Researchers at the company said they found that a new variant of the malicious software framework MATA, which had previously been linked to North Korea’s Lazarus Group, was used to install the TFlower ransomware. TFlower is a piece of malware created by hackers calling themselves the “TFlower Group,” which was not known to be affiliated with the DPRK.
- 01North Korea and Russia’s hot-and-cold relationship rapidly heats up
- 02How faith-based groups can help North Korea — if they’re ever able to return
- 03State media review: North Korea says Kim Jong Un suffered during 1990s famine
- 04Exclusive images provide first look at North Korea’s newest skyscraper street
- 05Seoul will need more than impressive weapons to deter North Korean threats
- 06Chinese imports appear to fill North Korean quarantine zone after trade restart
- 07North Korea’s longest missile test to date points to new reentry vehicle
- 08Timeline: From new North Korean nuclear law to three rounds of missile tests