296 reports
Interlab analyzed RambleOn, a malicious Android APK delivered to a South Korean journalist through an APT-style phishing approach. The attacker first contacted the journalist over WeChat about a sensitive topic, then pushed installation of a fake secure-m…
KISA’s second-half 2022 cyber threat trends report page lists the structure and attachments for a broader Korean cyber-threat landscape publication. The available archive shows chapters on second-half threat trends, vulnerability trends, and expert column…
NSHC ThreatRecon’s November 2022 actor report summarizes activity from 29 threat groups, with SectorA activity forming the largest share. The North Korea-linked section describes SectorA01 through SectorA07 operations against government, research, media, …
The National Assembly Research Service assesses North Korean cyber operations as an international security issue that has evolved from early DDoS activity into ransomware, financial-institution attacks, and cryptocurrency theft. The report says North Kore…
Kaspersky reported that BlueNoroff, a financially motivated North Korea-linked actor, adopted new delivery methods to bypass Windows Mark-of-the-Web warnings. The campaign used ISO and VHD files, Visual Basic Script, Windows Batch files, executables, and …
South Korea’s National Police Agency reported that email impersonation of journalists and lawmakers’ offices was confirmed as activity by a North Korean hacking group. The archived web page is a police press-release listing that points to attached HWPX an…
SlowMist investigated a large phishing campaign attributed to North Korean APT activity against cryptocurrency and NFT users. The campaign used hundreds of phishing domains, including 196 domains initially shared by PhantomXSec, to impersonate dozens of E…
NSHC’s October 2022 Threat Actor Group Intelligence Report summarizes activity collected from late September to late October, identifying 28 active threat actor groups with SectorA activity the most prominent. SectorA01 targeted workers in defense, financ…
Andariel is presented as a North Korean RGB-linked Lazarus subgroup with a history of espionage against South Korean government and military targets and later financially motivated ransomware activity. The emulated 2021 South Korea campaign chains a malic…
PolySwarm’s 2022 recap catalogs North Korea-nexus threat activity across Lazarus Group, BlueNoroff, Reaper/APT37, Andariel, Kimsuky, Gwisin, and H0ly Gh0st. Lazarus activity included TraderTraitor and AppleJeus cryptocurrency lures, fake job-offer campaig…
ESRC reports a North Korea-linked phishing campaign against diplomacy, security, defense, and North Korea-focused experts using fake advisory or reference-material requests. The activity routes victims from email download lures to credential-harvesting pa…
K7 Labs analyzed a Lazarus Operation In(ter)ception macOS sample that used a revoked signed fat binary to target users with a Coinbase job-vacancy lure. The malware drops a Coinbase-themed PDF, FinderFontsUpdater.app, a downloader named safarifontsagent, …
SEKOIA observed all known DPRK-linked intrusion sets active in 2022, with Lazarus and Kimsuky receiving the most reporting and showing continued cyberespionage and revenue-focused operations. Lazarus, Bluenoroff, and Andariel were described as overlapping…
NSHC ThreatRecon’s October 2022 actor report summarizes activity from 28 threat groups, with SectorA groups representing the largest share. The North Korea-linked section describes SectorA01 through SectorA07 operations against defense, finance, media, ph…