211 reports
KISA advised users of DoctorSoft NetClient5 to apply a security update for a remote command execution vulnerability affecting version 5.6.3.x and earlier. NetClient is described as an integrated security-management and asset-management product, so exploit…
Moldy Pisces, also known as Reaper, is a suspected North Korean cyber espionage group that has targeted primarily South Korean government, military, defense industrial base, and media sector. Moldy Pisces tends to use primarily spear phishing tactics for …
Unit 42 describes Crooked Pisces, also known as KONNI, as an East Asia-focused threat group associated with spear-phishing operations. The group is known for using lure documents related to North Korea, with more recent activity also using cryptocurrency-…
Andariel is a North Korean state-sponsored threat group that has been active since at least 2009. Andariel has primarily focused its operations--which have included destructive attacks--against South Korean government agencies, military organizations, and…
The article traces funds from the WannaCry 2.0 ransomware wallets as they moved from Bitcoin into Monero and later back toward transparent BTC and BCH blockchains. It notes preliminary reporting that attributed WannaCry to North Korea’s Lazarus Group, the…
AhnLab ASEC reports that Kimsuky used its AppleSeed backdoor to install additional VNC malware for graphical remote control of compromised systems. The observed toolset includes TinyNuke with only the HVNC capability enabled, using reverse VNC behavior an…
ESTsecurity ESRC attributes a spear-phishing campaign impersonating the Korea Telecommunications Operators Association to Thallium/Kimsuky, a DPRK-linked APT focused on South Korean government and major institutions. The lure email claimed to request a UN…
The source analyzes KISA Mobile Security.apk, a fake Android security app attributed to the Kimsuky/Thallium North Korean hacking group and distributed through email while impersonating Korea Internet and Security Agency software. Once installed, the malw…
ASEC analyzed kakaoTest.exe, a suspected Kimsuky-developed test malware that reused code seen in earlier malicious documents and the related pagefile.sys component. The sample reads credentials and transfer parameters from test.ini, logs in to a Daum mail…
This presentation focuses on North Korea-based threat actors pursuing cryptocurrency and related financial targets as part of a broader pattern of revenue-driven operations. PwC highlights Black Alicanto, also known as DangerousPassword, CryptoCore, Crypt…
The funds included those from North Korean-perpetrated crimes, including the 2019 cyber-heist of a Maltese bank and the 2018 ATM cash-out theft from BankIslami in Pakistan. SAVANNAH, Georgia – A Canadian man was sentenced today to 140 months in federal pr…
CrowdStrike’s 2021 OverWatch Threat Hunting Report preview summarizes a year of record interactive intrusion activity from both eCrime and targeted intrusion adversaries between July 2020 and June 2021. OverWatch reported more than 65,000 potential intrus…
ESRC reported a North Korea-linked Geumseong121 campaign that used spear-phishing against a North Korean human-rights organization leader with a malicious DOC disguised as a column about recent North Korean political and security issues. The attacker alle…
QiAnXin’s RedDrip team reported Lazarus-attributed spear-phishing samples aimed at blockchain, finance, and oil-and-gas targets, including job-opportunity and security-themed lures packaged as ZIP/LNK files or decoy documents. The LNK chain used cmd.exe a…