183 reports
ESRC identified Operation Golden Bird as a March 2019 spear-phishing campaign aimed mainly at South Korean figures working on North Korea-related affairs, diplomacy, security, unification, defense, defector, and civic organization issues. The lure used a …
Hauri reports continued abuse of malicious Hangul documents delivered by email to Korean users, with one case impersonating a Ministry of Foreign Affairs employee to increase trust. The infection chain uses a link to a malicious HWP document, embedded scr…
A presentation examines the 2018 attack campaign against Mexican banks using the SPEI interbank payment system. The excerpt says the session explains how SPEI works, what happened inside affected banks during the incidents, and how the attacks operated. I…
The RSA Conference presentation examines cyberattacks against wire transfer and interbank payment systems, including Mexican banking incidents in 2018 and earlier payment-system compromises worldwide. The material frames likely threat categories broadly, …
ESRC reported Operation Blackhat Voice spear-phishing activity in early 2019 using password-protected ZIP lures such as Protected.zip and filenames tied to Chinese themes. The payload chain hid CAB data in MP3/WAVE-themed files, extracted DLLs including s…
AhnLab attributes Operation Kabar Cobra to activity suspected of being linked to Kimsuky, including January 2019 malware sent to Ministry of Unification reporters and other recent targeting of military, media, finance, cryptocurrency, and related sectors.…
Norfolk Infosec walks through analysis of a malicious Hangul Word Processor document associated with DPRK-linked activity and prior ESTsecurity reporting. The sample includes published MD5, SHA1, and SHA256 values and, when opened, spawns Internet Explore…
Unit 42 described November 2018 spear-phishing against a U.S. university conference and a U.S. national security think tank using messages impersonating a nuclear security expert. The attached malicious Office documents launched BabyShark by running a rem…
ESRC reported a 21 February 2019 spear-phishing attack using a malicious HWP document themed around the planned second U.S.–North Korea summit in Hanoi. The document contained a BIN0003.eps PostScript stream that exploited an HWP EPS vulnerability and emb…
AhnLab ASEC observed malicious Hangul HWP documents circulating with content related to the upcoming second U.S.–North Korea summit. The documents contained a vulnerable EPS object whose shellcode is decoded with a one-byte XOR key and executed through th…
The National Security Archive reviews the 2016 Bangladesh Bank SWIFT theft, in which fraudulent transfer orders attempted to move one billion dollars from the bank's Federal Reserve account. Five orders totaling 101 million dollars succeeded, with funds r…
The Asan Institute describes North Korea's cyber development despite the country's limited public internet access and weak domestic infrastructure. The source argues that Pyongyang has increased resources for cyber operations and now ranks among major cyb…
The Spanish-language report describes Lazarus activity targeting Russia-based organizations with malicious Office documents delivered in ZIP files alongside a benign StarForce Technologies NDA PDF lure. The infection chain uses a malicious macro to downlo…
VP of Counter Adversary Operations, CrowdStrike AI-Accelerated Threat Landscape: AI-Accelerated Threat Landscape: CrowdStrike's experts reveal how threat actors are evading traditional defenses by weaponizing AI, exploiting cross-domain blind spots, and t…
Check Point observed malicious Office documents uploaded from Russian sources that appeared tailored to Russian organizations and showed intrinsic connections to Lazarus tactics, techniques, and tools, while noting attribution limits. The infection chain …