Cyberattack links North Korean hackers to ransomware used for extortions



News Cyberattack links North Korean hackers to ransomware used for extortions Researchers suspect collaboration between Lazarus Group and criminals behind the TFlower extortion campaign Nils Weisensee March 5, 2021 SHARE COPY LINK FACEBOOK X LINKEDIN MASTODON NK Pro (Pyongyang, North Korea / Archive Photo) A newly discovered connection between North Korea-linked malware and a recent type of ransomware suggests that the DPRK is attempting to scale its cybercrime operations, security firm Sygnia wrote in a report on Friday. Researchers at the company said they found that a new variant of the malicious software framework MATA, which had previously been linked to North Korea’s Lazarus Group, was used to install the TFlower ransomware. TFlower is a piece of malware created by hackers calling themselves the “TFlower Group,” which was not known to be affiliated with the DPRK. The report Read More © Korea Risk Group. All rights reserved. No part of this content may be reproduced, distributed, or used for commercial purposes without prior written permission from Korea Risk Group. LATEST ANALYSIS 01North Korea reveals new vertical take-off drones amid ‘modern warfare’ push 02How long-range strikes on Russia could impact North Korean troop deployments 03How North Korean hackers and IT workers collude to cause chaos 04What pro-Trump think tanks reveal about his likely North Korea policy priorities 05Yoon bet on US to deter North Korea. Now he faces an alliance skeptic in Trump. 06All the question marks hanging over Trump’s approach to North Korea in term two 07Time almost up for North Korea’s plan to launch 3 military satellites in 2024 08Trump return rekindles prospects of North Korea talks, but Russia stands in way 09How China could benefit from North Korea’s troop deployment to Ukraine 10New North Korean ICBM delivers big political message, and likely bigger payloads

News

Cyberattack links North Korean hackers to ransomware used for extortions

Researchers suspect collaboration between Lazarus Group and criminals behind the TFlower extortion campaign

Nils Weisensee March 5, 2021

Cyberattack links North Korean hackers to ransomware used for extortions

NK Pro (Pyongyang, North Korea / Archive Photo)

A newly discovered connection between North Korea-linked malware and a recent type of ransomware suggests that the DPRK is attempting to scale its cybercrime operations, security firm Sygnia wrote in a report on Friday.

Researchers at the company said they found that a new variant of the malicious software framework MATA, which had previously been linked to North Korea’s Lazarus Group, was used to install the TFlower ransomware. TFlower is a piece of malware created by hackers calling themselves the “TFlower Group,” which was not known to be affiliated with the DPRK.

The report

01North Korea reveals new vertical take-off drones amid ‘modern warfare’ push
02How long-range strikes on Russia could impact North Korean troop deployments
03How North Korean hackers and IT workers collude to cause chaos
04What pro-Trump think tanks reveal about his likely North Korea policy priorities
05Yoon bet on US to deter North Korea. Now he faces an alliance skeptic in Trump.
06All the question marks hanging over Trump’s approach to North Korea in term two
07Time almost up for North Korea’s plan to launch 3 military satellites in 2024
08Trump return rekindles prospects of North Korea talks, but Russia stands in way
09How China could benefit from North Korea’s troop deployment to Ukraine
10New North Korean ICBM delivers big political message, and likely bigger payloads

Cyberattack links North Korean hackers to ransomware used for extortions

LATEST ANALYSIS

Similar Articles

About the Author

Nils Weisensee