On Wednesday, the U.S. Department of Justice (DoJ) announced the seizure of 48 domains linked to the facilitation of distributed denial-of-service (DDoS) attacks. These domains provided a platform for malicious actors to launch attacks, thereby diminishing the barriers to entry for cybercriminal activities. In connection with this crackdown, six individuals…
Cybercrime, Fraud Management & Cybercrime Vastaamo Hacker Aleksanteri Kivimäki Released While Awaiting Appeal Akshaya Asokan (asokan_akshaya) • September 12, 2025 Aleksanteri Kivimäki in a Finnish courtroom on February 28, 2023 A Helsinki court has ordered the release of one of Finland’s most infamous hackers, Aleksanteri Tomminpoika Kivimäki, pending the outcome…
Blockchain & Cryptocurrency, Cryptocurrency Fraud, Fraud Management & Cybercrime In Focus: Cybercriminals Utilize Ethereum Smart Contracts to Conceal Malicious npm Code Rashmi Ramesh (rashmiramesh_) • September 11, 2025 Image: Shutterstock In a weekly summary by Information Security Media Group, notable cybersecurity events have emerged including a $41 million hack of…
Relevant topics include Third Party Risk Management, Cryptocurrency Fraud, and Fraud Management & Cybercrime. Developer Compromised by Phishing Attack Involving a Malicious Email Authored by Akshaya Asokan (asokan_akshaya), David Perera (@daveperera) • September 9, 2025 Image: Shutterstock An attacker compromised 18 widely-used npm packages by embedding cryptocurrency theft malware after…
A recent surge in malicious email campaigns has been traced back to a North Korean state-sponsored group known for its history of cryptocurrency heists. This latest wave of activity, identified as a significant shift in tactics, involves aggressive credential harvesting targeting multiple sectors including education, government, and healthcare, in addition…
Hackers have executed a significant supply-chain attack by embedding malicious code into a variety of open-source software packages, impacting more than 2 billion weekly updates. This incident, which has been characterized as possibly the largest of its kind to date, compromised nearly two dozen packages hosted on the npm repository,…
April 4, 2023
Cryptocurrency / Cyber Attack
A sophisticated supply chain attack on 3CX has led to a second-stage implant specifically targeting a select number of cryptocurrency firms. Kaspersky, a Russian cybersecurity company, has been monitoring this adaptable backdoor, known as Gopuram, since 2020. They noted a surge in infections coinciding with the March 2023 3CX breach. Gopuram’s main purpose is to connect to a command-and-control (C2) server, enabling attackers to interact with the victim’s file system, initiate processes, and execute up to eight in-memory modules. The malware has ties to North Korea, as it has been found on victim machines alongside AppleJeus, another backdoor linked to the Korean-speaking Lazarus group, which previously targeted a cryptocurrency company in Southeast Asia in 2020. This recent focus on cryptocurrency firms underscores a troubling trend.
Cryptocurrency Firms Targeted in Advanced 3CX Supply Chain Attack On April 4, 2023, cybersecurity reports emerged detailing a sophisticated supply chain attack targeting the 3CX communication software, with a specific focus on a select group of cryptocurrency companies. The cyber threat actors employed a second-stage implant, which has been internally…
April 4, 2023
Cryptocurrency / Cyber Attack
A sophisticated supply chain attack on 3CX has led to a second-stage implant specifically targeting a select number of cryptocurrency firms. Kaspersky, a Russian cybersecurity company, has been monitoring this adaptable backdoor, known as Gopuram, since 2020. They noted a surge in infections coinciding with the March 2023 3CX breach. Gopuram’s main purpose is to connect to a command-and-control (C2) server, enabling attackers to interact with the victim’s file system, initiate processes, and execute up to eight in-memory modules. The malware has ties to North Korea, as it has been found on victim machines alongside AppleJeus, another backdoor linked to the Korean-speaking Lazarus group, which previously targeted a cryptocurrency company in Southeast Asia in 2020. This recent focus on cryptocurrency firms underscores a troubling trend.
Taiwan Files Charges Against 14 in $41 Million Fraud; 1,200 Detained in Major Cybercrime Operation Rashmi Ramesh ( @rashmiramesh_) • August 28, 2025 Image: Shutterstock Every week, Information Security Media Group compiles notable cybersecurity incidents involving digital assets. This week, a scammer impersonated a police official to steal Bitcoin;…
The North Korean cyber threat group known as Lazarus has been observed changing its strategies and rapidly enhancing its tools within its ongoing DeathNote campaign. While historically focused on the cryptocurrency sector, recent attacks have also expanded to include the automotive, academic, and defense sectors in Eastern Europe and beyond. This shift is seen as a major change in approach. Kaspersky researcher Seongsu Park noted that the group has switched its decoy documents to job descriptions for defense contractors and diplomatic services, marking a strategic pivot that began in April 2020. This campaign is also identified by other names such as Operation Dream Job or NukeSped, with Google-owned Mandiant linking certain activities to this evolving threat.
Lazarus Hacker Group Adapts Strategies in Ongoing DeathNote Campaign April 13, 2023 Cyber Attack / Cyber Threat The Lazarus Group, a North Korean cyber threat actor, has been observed refining its strategies and expanding its targets in an ongoing campaign known as DeathNote. Traditionally focused on the cryptocurrency sector, this…
The North Korean cyber threat group known as Lazarus has been observed changing its strategies and rapidly enhancing its tools within its ongoing DeathNote campaign. While historically focused on the cryptocurrency sector, recent attacks have also expanded to include the automotive, academic, and defense sectors in Eastern Europe and beyond. This shift is seen as a major change in approach. Kaspersky researcher Seongsu Park noted that the group has switched its decoy documents to job descriptions for defense contractors and diplomatic services, marking a strategic pivot that began in April 2020. This campaign is also identified by other names such as Operation Dream Job or NukeSped, with Google-owned Mandiant linking certain activities to this evolving threat.
