183 reports
Cryptopia disclosed a major exchange breach after 20,752.5912 ETH moved from a Cryptopia address to a suspected relay wallet between January 13 and 14, followed by another 8,024.1588 ETH across 76,078 transactions. Uppsala Security estimated that 28,776.7…
Cointelegraph reported on the January 2019 Cryptopia breach after the New Zealand exchange disclosed significant losses and police opened an investigation. The article notes that key details, including the amount and types of stolen assets, were initially…
South Korea’s Defense Acquisition Program Administration confirmed that 10 internet-connected PCs were compromised in October 2018 and internal materials were leaked. An internal investigation report cited delayed response and poor awareness of a vendor a…
South Korea's Defense Acquisition Program Administration found abnormal traffic from agency IP space after National Intelligence Service monitoring in late 2018. Investigators reviewed 30 internet-connected PCs, confirmed infections on 10 systems, and exa…
The Mini Shai-Hulud Worm and the New Era of CI/CD Exploitation In this post we break down the technical mechanics of TeamPCP’s recent campaign, the impact on the developer ... How to Align and Measure Threat Intelligence Operations: Flashpoint Priority In…
An attempted intrusion against Chilean interbank network Redbanc used a fake LinkedIn developer-job approach to persuade an employee to run ApplicationPDF.exe. The .NET downloader displayed a fake job application form while contacting a C2 server, writing…
NSHC's December 2018 intelligence review observed multiple SectorA threat groups, with SectorA05 showing the most intense activity. The report links SectorA operations to political hacking against South Korea and financially motivated targeting of oversea…
Kryptos Logic assessed that Emotet infections likely formed the delivery layer for Ryuk ransomware incidents that had been publicly described as North Korean state-sponsored attacks. The source traces an attack chain from initial Emotet compromise to seco…
CrowdStrike attributes Ryuk ransomware operations to WIZARD SPIDER and the GRIM SPIDER subgroup, describing a big-game hunting model against large organizations for high ransom returns. The source notes Ryuk's operation since August 2018 and distinguishes…
FireEye tracks TEMP.MixMaster incidents where TrickBot infections preceded hands-on Ryuk ransomware deployment, with operators using EMPIRE, RDP, PsExec, batch scripts, and domain-controller access to spread encryption across victim networks. The investig…
Ryuk ransomware disrupted Tribune Publishing and Data Resolution around the 2018 holiday period, encrypting networked resources, deleting shadow copies, and interfering with business operations such as newspaper printing and cloud-hosting services. The ex…
ESRC reported Operation Cobra Venom, a January 2019 spear-phishing campaign against about 77 reporters covering South Korea’s Ministry of Unification and related beats. The lure email used Korean text and a password-protected archive with benign PDF/HWP d…
ESRC analyzed a 2019 APT lure built around a document titled as an assessment of North Korea's New Year address and noted code similarities to the 2014 Korea Hydro & Nuclear Power attack. The executable carried a normal HWP decoy and 32-bit/64-bit malicio…
Tencent Yujian’s 2018 APT research report is a broad landscape review, but its DPRK-relevant sections identify Lazarus, Group123/APT37, and SYSCON/KONNI activity. Tencent lists Lazarus among actors targeting North America, describing it as active against …
360's 2018 APT review highlights DPRK-linked activity through Lazarus Group and Group 123/APT37 sections rather than a single incident. The Lazarus section notes that vendor naming was becoming less clear, with FireEye separating financially motivated act…