171 reports
Pundi X said Coinrail notified it that 2,619,542,080 NPXS tokens had been transferred to IDEX through unauthorized suspicious transactions. Coinrail attributed the incident to a cyber intrusion affecting exchange-held tokens, while Pundi X stated that its…
ETH Zurich's 2018 Hotspot Analysis reviews DPRK-linked cyber disruption and cybercrime from 2009 onward. It describes targets that include South Korean institutions and media, US military and government entities, businesses, financial institutions, crypto…
0ffset analyzes a Lazarus/HIDDEN COBRA dropper connected to three malware strains publicly linked by the FBI to North Korean activity. The post focuses on static analysis of the dropper, its embedded DLL resources, and its relationship to a RAT and SMB-sp…
ESRC describes Operation Water Tank as a quiet watering-hole campaign conducted from April to May 2018 against South Korean think tanks, North Korea-related organizations, military-related websites, and other diplomacy, security, and unification research …
COVELLITE targets civilian electric energy networks worldwide to collect intelligence on intellectual property and internal industrial operations, with reported activity in Europe, East Asia, North America, and a small 2017 phishing campaign against selec…
Talos identified a malicious HWP document targeting Korean users with a decoy about the prospective U.S.-North Korea summit and assessed with medium confidence that the NavRAT campaign was linked to Group123. The infection chain used an embedded EPS objec…
DHS and FBI attributed Joanap RAT and Brambul SMB worm activity to HIDDEN COBRA, the U.S. Government term for North Korean government malicious cyber activity. The malware had reportedly been used since at least 2009 against victims globally and in the Un…
ESRC analyzed a May 2018 targeted APT case using an HWP lure themed around the end-of-war declaration and the Panmunjom inter-Korean summit, with overlaps to Kimsuky and Geumseong121 activity. The malicious HWP contained repeated shellcode streams that de…
Taylor said it lost almost all project funds in a hack, leaving about $25,000 and forcing the team to reconsider whether it could keep operating full time. The post does not disclose an actor, intrusion method, malware, infrastructure, or indicators, but …
Taylor reported that its project funds were stolen, including 2,578.98 ETH and TAY tokens from the team and bounty pools. The team said the same wallet activity appeared connected to the reported CypheriumChain theft, in which more than 17,000 ETH was all…
Taylor reported that attackers stole its funds after gaining access to one of the team’s devices and taking control of a 1Password file. The company said the incident was not a smart contract exploit, shifting the defensive focus from contract logic to en…
Operation GoldenAxe2 describes North Korean malware distributed through a watering-hole attack on the Sejong Institute, a South Korean think tank focused on reunification, diplomacy, and security. The campaign exploited an ActiveX vulnerability in AcubeFi…
The archived excerpt contains only Twitter interface boilerplate and a truncated reference to a claim about Cypherium private-sale funds. It does not provide the body of the allegation, technical evidence, actor attribution, malware, infrastructure, victi…
McAfee linked the RedDawn Android spyware campaign on Google Play to the Sun Team activity it had previously observed targeting North Korean defectors and journalists. Three apps, including a food-information app and two app-lock utilities, were uploaded …