197 reports
AhnLab ASEC analyzed malicious HWP documents themed around the U.S. presidential election and North Korea that used embedded OLE/VBS content resembling earlier HWP link-object attacks. When executed, the document dropped hancom.configuration.vbs under a u…
Cybereason Nocturnus documented Kimsuky’s KGH_SPY modular spyware suite and a related CSPY Downloader used in espionage operations against targets including South Korean institutions, human-rights groups, think tanks, research organizations, journalists, …
A Reddit post discusses a reported Coinberry hot-wallet incident in which approximately 8.33 BTC was allegedly taken on 2020-08-24. The author notes that withdrawals from Coinberry’s hot wallet paused for about 17 hours after the event and then resumed us…
ESRC reported an October Thallium/Kimsuky HWP attack that used apparent North Korean internal-news content and a separate Korea Foreign Affairs Association lure to entice users into opening malicious documents. The HWP chain displayed compatibility prompt…
CISA, FBI, and U.S. Cyber Command’s CNMF described Kimsuky as a North Korean APT group conducting global intelligence collection on issues of interest to Pyongyang, including Korean Peninsula policy, nuclear policy, sanctions, and targets in South Korea, …
The transcript covers CoinMetro's October 2020 breach and the impact on PARSIQ after a significant amount of PRQ tokens was stolen. PARSIQ says CoinMetro, not PARSIQ's own systems, was breached, but the team still forked and reissued the token to protect …
WithSecure’s second Lazarus detection-engineering post turns F-Secure threat intelligence into defensive logic for the later stages of a Lazarus intrusion. It covers remaining defense-evasion activity plus credential access, lateral movement, and command-…
Seongsu Park’s Kaspersky presentation analyzes Lazarus Group’s MATA framework as a multi-platform malware set spanning Windows, Linux, and macOS tooling. The deck describes AES-encrypted loaders and plugins, registry-based configuration, OpenSSL/RC4 C2, L…
ESRC analyzed a Thallium-linked multi-platform cryptocurrency-wallet campaign that combined supply-chain style Android abuse with Windows installers disguised as legitimate domestic wallet firmware or update programs. The Android app was distributed throu…
ESRC reports continued Thallium APT activity against South Korea-focused North Korea human-rights and defector-related targets. Recent malicious Word documents were created by the same account name, used a shared macro-lure image hash, and executed obfusc…
K7 Computing analyzes Lazarus macOS malware innovation around Union Crypto Trader and related cryptocurrency-targeting campaigns. The source describes trojanized trading applications delivered through phishing and fake websites, signed installers, post-in…
The Virus Bulletin presentation maps Kimsuky/Black Banshee tradecraft across complementary campaigns targeting South Korean government and media, defense and aerospace, diplomacy, national-security policy, cryptocurrency, and North Korea-related research …
NTT Security analyzes CryptoMimic, also known as Dangerous Password, an APT actor active since around 2018 against banks, finance-related organizations, and especially cryptocurrency companies worldwide. The observed intrusion chain used tailored emails o…
Chainalysis reported that the September 2020 KuCoin hack stole more than $275 million in cryptocurrency, including BTC, ETH, USDT, XRP, LTC, ERC-20 tokens, and Stellar assets. As of the update, the stolen BTC was split between two addresses, the attackers…
Rekt covered the September 2020 KuCoin breach, initially described by the exchange as an unplanned movement of funds, with estimated losses ranging from at least $150 million to as much as $280 million. The attacker obtained funds from hot wallets and beg…