211 reports
BBC’s S1.3 Superdollars page describes an episode about Operation Smoking Dragon, a fake wedding, a divorce party, and counterfeit money. Within the Lazarus Heist series context, the episode supplies background on North Korean illicit finance themes rathe…
The report describes domestic attacks attributed to the Kimsuky threat group that use the GoldDragon and BravePrince malware clusters. According to the source, operators approach targets through spear phishing and deliver weaponized documents or malicious…
Positive Technologies describes a Lazarus Group intrusion into a large pharmaceutical company that began with job-offer lure documents delivered to employees, including one case over Telegram. Opening the documents enabled malicious macros on home compute…
BBC’s S1.2 Disaster movie episode page continues the Lazarus Heist narrative around the Sony Pictures hack, emphasizing panic in Hollywood, damaged careers, and balloons sent to North Korea. The excerpt provides episode-level context rather than malware o…
The source maintains a live mapping of DPRK cyber operations groups and their relationships to North Korean state organizations. It frames the content as a reference diagram for known offensive cyber-capable APT groups, updated through March 2022 with sou…
NSHC summarizes 2020 activity by SectorA subgroups, describing DPRK-linked operations focused on political and diplomatic intelligence collection and financially motivated intrusions. The report says SectorA groups used spear-phishing emails, malicious HW…
EasyFi lost about $6 million in stablecoins and roughly $53 million in EASY tokens after mnemonic keys tied to an administrative transfer capability were compromised. The excerpt says the attacker did not exploit a smart contract bug; instead, a compromis…
ESTsecurity warns that Lazarus and Thallium activity was increasing against South Korean experts and organizations in diplomacy, security, defense and unification, with some defense-industry and military specialists also exposed. The campaigns used tailor…
In one of their most recent campaigns Lazarus used a complex targeted phishing attack against security researchers. This blog was authored by Hossein Jazi Lazarus APT is one of the most sophisticated North Korean Threat Actors that has been active since a…
BBC’s S1.1 Hacking Hollywood episode page links the Lazarus Heist series to the Sony Pictures attack, describing a movie involving Kim Jong-un and a devastating cyberattack. The surrounding series context connects that incident to broader North Korea-link…
Group-IB links Lazarus to BTC Changer, a modified JavaScript sniffer campaign that shifted from stealing payment-card data to stealing cryptocurrency payments from e-commerce sites. The researchers connect BTC Changer to the earlier clientToken= infrastru…
AhnLab ASEC reports distribution of a malicious HWP document disguised as a North Korea-related questionnaire, likely modified from a real December 2020 broadcast discussion document. The file used an embedded link object and editing restrictions to hide …
BBC’s introduction page frames The Lazarus Heist as a series about North Korea-linked cyber operations, moving from the Sony Pictures hack to a billion-dollar banking plot. The source lists episodes covering the Sony attack, Bangladesh Bank/SWIFT theft, W…
Vyveva constitutes yet another addition to Lazarus’s extensive malware arsenal. The loader serves to decrypt the backdoor using a simple XOR decryption algorithm. The backdoor features capabilities for file exfiltration, timestomping, gathering informatio…
AhnLab ASEC observed malicious Word documents disguised as the April issue of a military-security monthly publication, continuing a pattern of North Korea-themed document malware. The DOCX files used protected content and an external relationship in the d…