North Korean cyber operations received renewed attention from both the US and India since late last week. US Cyber Command posted seven malware samples to VirusTotal. The malware is associated with Hidden Cobra (the Lazarus Group), and Cyber Command says they've been used for "fund generation and malicious cyber activities including remote access, beaconing, and malware command." Financial crime in particular has been characteristic of Pyongyang's cyber operations.
Reports continue to link North Korean cyber operators to recent incidents at India's Kudankulam nuclear power plant, CPO summarizes. What the Lazarus Group was after, assuming the attribution in the press holds up, remains unclear. As ZDNet pointed out two weeks ago, the operation could have been espionage, reconnaissance, staging, or simply collateral damage from some other campaign.
More curiously, ISRO, the Indian Space Research Organization, was also warned of a DTrack infestation, believed to be of North Korean origin, the Indian Express reports. The warning arrived during the space agency's Chandrayaan-2 lunar mission which failed when controllers lost contact with the spacecraft during its September 6th landing attempt.
BleepingComputer reports that the threat actor Microsoft tracks as "Platinum" is using a new, stealthy backdoor.
McAfee researchers note that Buran, a Russian-speaking gang offering a variant of VegaLocker ransomware, is competing in the ransomware-as-a-service market by cultivating customer relationships and offering competitive discounts.