197 reports
DBAPPSecurity attributed a set of cryptocurrency-themed LNK attacks to Lazarus activity against exchanges, industry staff, and digital-currency users. One Japanese-language lure masqueraded as business guidance and executed `mshta` through a Bitly short l…
Some organizations track North Korean clusters or groups, such as Bluenoroff, APT37, and APT38 separately, while other organizations track some activity associated with those groups as Lazarus Group. Malware used by Lazarus Group has correlated to other r…
ESRC’s Part 3 analysis connected Thallium/Kimsuky and Konni through shared or overlapping phishing infrastructure rather than treating them as separate unrelated clusters. The report examined a November 2020 Daum/Naver-themed credential-harvesting campaig…
KuCoin’s continually updated incident page records recovery actions after the September 2020 KuCoin security incident, including internal audit work, coordination with project partners, and restoration of services for affected assets. The source lists man…
KR-CERT warned that attackers were abusing Wizvera’s Veraport integrated security installer to distribute malware through phishing sites impersonating financial-transaction or corporate services. The advisory says the attack attempted to install malware d…
ESRC reported a spearphishing campaign using a malicious Microsoft Word document about Biden-era North Korea denuclearization negotiations and regime-security guarantees. The email delivered a download URL disguised to resemble a Korean portal service; wh…
ESET described a Lazarus supply-chain attack in South Korea that abused WIZVERA VeraPort, software commonly used by government and banking websites to install required security components. The attackers compromised websites that already supported VeraPort…
ReversingLabs analyzed a PoorWeb campaign built around malicious Hangul Word Processor documents aimed at a victim organization and related Korean-language HWP attacks seen from March 2019 through September 2020. The initial documents abused HWP compound-…
IssueMakersLab attributed attacks on COVID-19 vaccine related organizations to the North Korean state sponsored Kimsuky group, also described as RGB-D5. The post says the campaign targeted the WHO and pharmaceutical companies in the United States, South K…
DBAPPSecurity’s Operation Gold Hunting report describes phishing documents aimed at venture-capital and frontier-technology targets, using NDA and investment-presentation themes as lures. The analyzed DOCX files used remote template injection to fetch mal…
ESRC reported continued activity by the North Korea-linked Thallium/Kimsuky group under its Blue Estimate APT campaign, with new malicious files produced in November 2020. The activity targeted South Korean science, technology, and defense-related sectors…
KuCoin suffered a September 2020 exchange breach that moved more than 11,470 ETH and over 150 Ethereum-based tokens to attacker-controlled wallets, with total losses reported above $150 million. Uppsala Security focused on wallet 0xeB31973E0FeBF3e3D705823…
McAfee ATR expanded its Operation North Star analysis by examining the campaign's command-and-control backend, showing how the operators selected and assessed victims before deciding whether to continue exploitation. The campaign used LinkedIn conversatio…
ESRC attributed a malicious HWP document themed as U.S. election prediction press content to the North Korea-linked Thallium/Kimsuky group. The document hid an OLE object containing Hancom.Configuration.VBS and used xeoskin.co[.]kr as C2, with stages incl…