183 reports
OFAC’s September 2019 sanctions update added North Korean cyber entities to the SDN list, including Andariel, and linked the action to Treasury sanctions on state-sponsored malicious cyber groups. The page records the legal designation context for DPRK cy…
The U.S. Treasury sanctioned Lazarus Group, Bluenoroff, and Andariel as North Korean state-sponsored cyber groups controlled by the Reconnaissance General Bureau. The release describes Lazarus activity across government, military, financial, manufacturing…
The Hungarian article reports that the Hungarian Development Center had to rebuild its administration after a cyberattack destroyed its server environment and digital records. The source says the center stored contracts, invoices, business software, and o…
The DHS, FBI, and DoD malware analysis report describes BADCALL Trojan variants used by North Korean HIDDEN COBRA actors to maintain access and support network exploitation. Three Windows executables functioned as proxy servers using a Fake TLS method, wh…
The DHS, FBI, and DoD malware analysis report attributes ELECTRICFISH proxy malware to North Korean HIDDEN COBRA activity. The analyzed 32-bit Windows executables implement a custom tunneling protocol that can connect a source and destination IP address a…
U.S. Cyber Command released 11 malware samples to VirusTotal for defender analysis and malware correlation. CISA amplified the release and urged administrators to review the samples and apply malicious-code protection guidance across affected environments…
The excerpt contains only a KrCERT/KISA report-page fragment and navigation text, not the substantive malware analysis body. The visible headings indicate a malware-focused incident report involving server analysis, malware collected from a server, additi…
ANSSI identified a credentials-gathering campaign active since at least 2017 that used spearphishing emails, phishing websites, and large clusters of lookalike domains and subdomains. The infrastructure appeared to target diplomatic bodies, ministries of …
The UN Panel of Experts reported that the DPRK continued sanctions evasion while using cyber operations to steal funds from financial institutions and cryptocurrency exchanges. The excerpt says DPRK cyber actors, many operating under Reconnaissance Genera…
Alyac analyzes a Lazarus social-engineering campaign targeting Bitcoin users with a malicious HWP document tied to the earlier Movie Coin lure activity. The document contains malicious PostScript, shellcode, and C2 download logic that reaches youdermoscop…
AhnLab tracks Operation Moneyholic as activity observed from early 2018 through August 2019 against cryptocurrency exchanges and users for financial theft. The attacks used email attachments with double extensions or hidden spacing to masquerade as docume…
The MITRE ATT&CK entry catalogs Kimsuky, also tracked as APT43, THALLIUM, Emerald Sleet, and related aliases, with techniques spanning infrastructure acquisition, credential theft, exfiltration, and persistence. The group has registered spoofed domains, u…
ESRC described Konni activity linked to Kimsuky using spear-phishing email that impersonated a cryptocurrency exchange security notice and pushed an Android APK named BithumbProtect.apk. The attackers spoofed sender details and used exchange-themed cloud-…
Anomali observed a suspected North Korean cyber-espionage phishing campaign after finding a fake login page for a French Ministry for Europe and Foreign Affairs portal. Infrastructure analysis showed a broader campaign targeting three Ministry of Foreign …
ESTsecurity analyzed a Konni-series malicious Word document using a Russian filename about the Korean Peninsula and U.S.–DPRK dialogue, while internal code-page artifacts showed Korean-language build characteristics. The document contains VBA macros and a…