171 reports
Trend Micro reported that Andariel compromised South Korean websites to run reconnaissance scripts against visitors before possible follow-on exploitation. The injected JavaScript collected browser type, system language, Flash and Silverlight versions, an…
Coinrail’s July update focuses on recovery after a cryptocurrency theft rather than attribution or malware analysis. The exchange says recovery actions were completed for DENT, BBC, and ETH, while Jibrel Network recovery depended on KYC verification for a…
Magnitude exploit kit campaigns evolved from South Korea-focused Magniber delivery to a broader Asia-Pacific targeting pattern. The infection chain used Magnigate redirection, obfuscated JavaScript, Base64-encoded VBScript, and exploitation of Internet Ex…
A SlideShare entry identifies an AhnLab presentation, "From stealing confidential data to revenue-generating attacks," as covering Andariel Group activity from 2014 to 2018. The usable excerpt supports only a high-level finding: the material frames Andari…
The archived Bancor excerpt preserves only a short reference to a latest update on a recent security breach. The captured text is otherwise Twitter interface boilerplate and does not include the breach narrative, attacker identity, target details beyond B…
IssueMakersLab reported malware attributed as likely North Korean that used a Korean Word Processor document tied to inter-Korean economic cooperation as the lure. The infection chain used an HWP PostScript vulnerability, shellcode in BIN0002.ps, and an A…
Operation Mystery Egg is described as an APT campaign by the Geumseong121 group that impersonated South Korea’s Ministry of Unification and used a lure about a government survey on separated North-South families. Instead of attaching an executable or HWP …
AhnLab’s ASEC Report Vol.91 describes Operation Red Gambler, a campaign tracked from October 2016 to August 2017 in which a Korea-focused hacking group referred to as “Group A” distributed malware to steal information from domestic Go-Stop and poker-style…
A group suspected of North Korean activity repeatedly sent malicious HWP documents to cryptocurrency exchange personnel after June 1, 2018, using decoys tied to cryptocurrency regulation, wallet development, and job-application themes. The documents used …
AlienVault analyzed malicious HWP documents linked to Lazarus that targeted South Korean financial and cryptocurrency-related themes, including G20 financial meeting material and documents reportedly connected to the Bithumb theft. The HWP files contained…
Bithumb updated customers on the June 20 incident, saying the initially announced cryptocurrency theft of about 35 billion KRW was being reduced through ongoing recovery work. The exchange stated that customer cryptocurrency and KRW assets were separated …
Bithumb disclosed that approximately 35 billion KRW worth of cryptocurrency was stolen between late night and early morning. The exchange said the loss would be covered from company-owned reserves and that customer assets had been moved to cold wallets fo…
The slide material links Lazarus financial-sector activity to Manuscrypt, noting use since around 2013 and overlaps with known Lazarus code style and command-and-control patterns. Recent attacks used cryptocurrency-themed news, market-expectation lures, f…
DHS and FBI analyzed TYPEFRAME malware variants attributed by the U.S. Government to HIDDEN COBRA, the term used for malicious North Korean government cyber activity. The sample set included 32-bit and 64-bit Windows executables and a malicious Word docum…
South Korean exchange Coinrail reported that a June 2018 hacking incident led to the theft of several cryptocurrencies, including Pundi X, Aston, and NPER. The excerpt cites an estimated loss of about 40 billion Korean won and says Coinrail moved roughly …