Cybersecurity researchers from Lookout Threat Lab have identified a sophisticated Android surveillance tool, dubbed “KoSpy”, believed to be the work of North Korean hackers. Active since March 2022, KoSpy is associated with the North Korean threat group APT37 (ScarCruft), disguised as legitimate utility applications. Once installed, it can gather a vast range of sensitive user data, focusing on Korean and English-speaking targets. KoSpy symbolizes an advanced evolution in North Korean cyber espionage capabilities.

Lazarus Hackers Exploiting IIS Servers to Deploy ASP-based Web Shells
The Lazarus group has launched sophisticated attacks on South Korean web servers, deploying ASP-based web shells as first-stage Command and Control (C2) servers. These attacks,