183 reports
Norfolk Infosec reviewed open-source evidence supporting BAE Systems’ SAS2019 reporting on DPRK-attributed SWIFT heist activity, including a PowerShell backdoor dubbed PowerBrace and possible overlap with TA505 intrusions. The source ties DPRK-linked fina…
PeckShield assessed that CoinBene was hacked despite the exchange's denial, citing asset movements that matched exchange theft patterns. Its DATAR tracking found many token types and high value assets leaving CoinBene wallets for competing exchanges in a …
Sentinel Protocol tracked 25,533 ETH stolen in the July 2018 Bancor hack after the funds moved on 2019-03-13 following seven months of dormancy. The attacker transferred the ETH from the Etherscan-labelled Bancor Hack address through relay wallets, with m…
ESRC reports Kimsuky spear-phishing against South Korean diplomacy, security, unification, North Korea-related, and defector-focused organizations, tying the activity to Operation Low Kick and Operation Stealth Power. The attackers sent carefully written …
ESTsecurity attributes a set of Rocketman campaign cases to the Geumseong121 threat group and states that a DPRK state-sponsored actor exists behind the activity. The group targeted South Korean North Korea-related organizations, diplomacy, security, unif…
PeckShield traced the March 24, 2019 DragonEX exchange theft and estimated that $6.03 million in more than 20 digital assets was stolen. Researchers assessed that the attackers likely obtained DragonEX wallet private keys and illegal server API access, th…
Bithumb said its abnormal-transaction monitoring detected an unauthorized withdrawal of company-owned cryptocurrency at about 22:15 on March 29, 2019. The exchange assessed the incident as insider embezzlement rather than an external hack, moved all crypt…
360 researchers linked APT-C-26, identified in the excerpt as Lazarus, to continued attacks against cryptocurrency exchanges and related users. The group allegedly registered wb-invest.net and wb-bot.org in October 2018, then used them to present a malici…
ESRC links a Korean cryptocurrency-focused variant to the BabyShark-related “Baby” campaign family, naming the activity Operation Giant Baby and comparing it with Operation Mystery Baby and Operation Baby Coin. The malware disguises itself with a stolen K…
Elementus analyzed suspicious CoinBene blockchain flows after the exchange announced maintenance and denied that user funds were at risk. The firm observed $105 million in ETH and tokens moving from CoinBene's hot wallet to three addresses, followed by ei…
ESRC investigated reporting that Lazarus-linked operators targeted Israeli defense and aerospace-related organizations through spear-phishing, including Israel Military Industries and Ashot Ashkelon Industries. The lure impersonated a SysAid software upda…
Kaspersky reported a Lazarus operation active since at least November 2018 targeting cryptocurrency businesses, especially South Korean exchanges. Attackers used weaponized Korean and Chinese business documents, PowerShell backdoors for Windows, malicious…
Mandiant/FireEye described multiple campaigns abusing a recently disclosed WinRAR ACE handling vulnerability. Observed payloads provided keylogging, password theft and RAT capabilities, with different malware families and varied targeting. Exploits typica…
ESRC reported a March 2019 watering-hole campaign against South Korean public and private policy sites and a reunification research organization visited by defense, diplomacy and North Korea-focused researchers. The intrusions injected obfuscated VBS/Java…
The source analyzes APT38’s DYEPACK framework and describes North Korean financially motivated operations against banks, including TP Bank, Bangladesh Bank, and Far Eastern International Bank. It says APT38 performs reconnaissance, spear phishing, and exp…