171 reports
The provided excerpt contains CrowdStrike product, Gartner, and evaluation-result boilerplate rather than a threat report body. It does not provide supported details about an actor, campaign, malware family, victim set, infection chain, infrastructure, or…
FireEye assesses APT37, also known as Reaper, as a North Korean cyber espionage group active since at least 2012 and aligned with Scarcruft and Group123 reporting. The group primarily targeted South Korean public and private entities, then expanded in 201…
WannaCry is presented as a highly destructive ransomware outbreak with strong evidence linking it to Lazarus, reportedly operating from North Korea, and the source uses it to examine wider collateral damage from worm-like malware connected to DPRK cyber a…
DHS and FBI describe HARDRAIN as HIDDEN COBRA malware used by North Korean government actors with proxy servers to maintain access and support further exploitation. The MAR analyzes three files: two 32-bit Windows executables that act as proxy servers usi…
ESRC reported that Kimsuky-linked activity against South Korean targets was still active in 2018 and had evolved from earlier public reporting. The attacks primarily used spear-phishing with malicious HWP documents themed around North Korea and inter-Kore…
McAfee ATR details HaoBao, a Lazarus phishing campaign that revived recruiter-themed malicious Word documents to target Bitcoin users and global financial organizations. Victims were prompted to enable macros, after which VBA code decrypted and wrote an i…
The available excerpt only exposes a Morphisec page source URL for a CVE-2018-4878 Flash Player analysis and surrounding site navigation/resource listings. It does not include the exploit analysis body, victim context, malware behavior, infrastructure, or…
Intezer analyzes a Hermes 2.1 ransomware sample after earlier reporting linked Hermes use to a Taiwan bank-heist distraction and described the ransomware as thought to have originated from Lazarus. Code-reuse analysis found that the newer Hermes sample wa…
South Korea’s Ministry of the Interior and Safety described the 2017 Hanatour breach that exposed personal data for 494,669 people, including 424,757 resident registration numbers. The investigation said an unidentified hacker compromised a NetClient serv…
ESRC reported a spear-phishing campaign that impersonated confidential material from a South Korean lawmaker’s office and targeted users of cryptocurrency exchanges. The emails carried an encrypted archive containing malicious Word documents and social-en…
FireEye assessed that exploitation of Adobe Flash zero-day CVE-2018-4878 was being carried out by TEMP.Reaper, a suspected North Korean group. The actor had historically focused on South Korean government, military, and defense targets, with interest in K…
ESRC reported targeted attacks against people in South Korea working in North Korea-related fields, using social network phishing through a communication service and, in some cases, spear-phishing email attachments. Attackers impersonated or abused truste…
Flashpoint’s excerpt is a vulnerability prioritization briefing for the week of December 20–26, 2025, focused on remotely exploitable issues with public exploits and available fixes. The highlighted items include NVIDIA Isaac Launchable hardcoded credenti…
McAfee ATR found Gold Dragon, Brave Prince, Ghost419, and Running Rat implants used alongside the 2018 Olympics-themed intrusion activity to establish persistence, profile victims, and enable continued data theft or follow-on access. Gold Dragon acted as …