2025-02-22 11:30:27 Pacfic
Insight Partners Investigates Data Breach After Cyberattack - 2d
Venture capital firm Insight Partners suffered a cyberattack involving unauthorized access to its information systems through a sophisticated social engineering scheme. The firm is investigating the full impact and potential data exposure. The attack occurred on January 16, 2025, raising concerns over the compromise of sensitive financial and investment data.
North Korean Hackers Exploit PowerShell Trick - 9d
The North Korea-linked APT group Kimsuky, also known as Emerald Sleet, is using a new tactic to compromise its traditional espionage targets. The group is tricking targets into running PowerShell as an administrator and executing malicious code. They build rapport with targets before sending a spear-phishing email with an attached PDF. The registration link has instructions to open PowerShell as an administrator and paste code provided by Emerald Sleet. If the target runs the code as an administrator, the code downloads and installs a browser-based remote desktop tool. This allows the threat actor to access the device and carry out data exfiltration.
Lazarus Group Exploits LinkedIn for Cyber Attacks - 5d
The Lazarus Group, a North Korean cyber threat actor, is using LinkedIn to target organizations across various sectors. The group uses social engineering to establish contact, then moves communications to other platforms, and tricks victims into downloading malware. This includes posing as recruiters with fake job offers, which ultimately lead to malware infection. This activity highlights the risk of using LinkedIn for business purposes without proper security protocols and employee training and also indicates how social media can be used to target unsuspecting users and bypass common network security measures.