211 reports
NSHC describes SectorA05 activity using spear-phishing emails with malicious PDF attachments that exploit CVE-2020-9715 in Adobe Acrobat Reader to target specific organizations in South Korea. The lure content impersonated a Northeast Asia Economic Associ…
The article revisits Lazarus Group and North Korea’s Reconnaissance General Bureau through the lens of the BBC “Lazarus Heist” podcast and recent public reporting. It highlights financially motivated operations against cryptocurrency organizations, includ…
AhnLab reports targeted attacks using malicious PDF documents believed to be connected to a North Korea-related group, possibly Kimsuky or Thallium, while noting that imitation by another actor remains possible. The PDFs exploited CVE-2020-9715 in unpatch…
AhnLab describes continued distribution of malicious Word documents using a “BIO form” lure, likely aimed at professors or research-center heads involved in North Korea-related topics. The DOCX file uses an external link to fetch a malicious BIO.dotm temp…
ESRC reports that the North Korea-linked Thallium group used malicious PDF documents in attacks against current and former South Korean personnel in diplomacy, security, defense, unification, and North Korea-related research. The campaign is assessed as a…
Sands Lab tracked Lazarus Group document malware collected from malwares.com that impersonated companies including Rheinmetall, GM, and Airbus. The campaign used malicious Word documents with similar VBA scripts, Base64 encoded payloads, split script comp…
NSHC’s June 2021 monthly threat actor report covers multiple regional actor clusters, with the DPRK-relevant portion centered on SectorA activity. SectorA01 used document lures related to a European aircraft manufacturer, while SectorA04 targeted South Ko…
Nexus Mutual founder Hugh Karp lost 370,000 NXM, worth more than $8 million at the time, after an attacker tricked him into approving a spoofed MetaMask transaction. The stolen NXM was converted to WNXM, moved through several Ethereum addresses, swapped i…
360 Threat Intelligence Center profiles Kimsuky activity in the first half of 2021, describing a North Korea-linked espionage cluster focused on South Korean government, diplomatic, defense, academic, and think-tank targets. The campaigns relied heavily o…
Kaspersky's Q2 2021 APT trends material includes no DPRK-linked section in the provided excerpt, so the supported content is limited to other regional intrusion clusters. The excerpt describes Exchange exploitation tied to FourteenHi and possible ShadowPa…
Sangfor attributes a social-engineering operation against cryptocurrency-sector targets to Lazarus based on victimology and technical overlap with earlier Lazarus campaigns against security researchers. Operators allegedly contacted targets over instant m…
Bondly's postmortem says an attacker compromised corporate wallets and gained control of Bondly token and NFT assets after accessing a password account tied to CEO Brandon Smith's hardware wallet recovery phrase. The attacker transferred 373,088,023 BONDL…
QiAnXin attributed several captured malicious document samples to Kimsuky, describing Korean fee-payment lures that displayed decoy content while inducing victims to enable malicious VBA. The core macro monitored text input before downloading Base64-encod…
ETERBASE reported that attackers compromised six exchange hot wallets on September 7, 2020, stealing more than $5 million in BTC, ETH and ERC-20 tokens, XRP, TRX, XTZ, and ALGO. Merkle Science assessed the likely failure as exposed hot-wallet private keys…
Bondly Finance suffered an infinite-mint exploit that generated 373 million new BONDLY tokens and produced about $5.9 million in attacker profit. The attacker minted and dumped 100,000 tokens at a time, causing the BONDLY price to fall by about 80%. The e…