296 reports
Sky Mavis reported that the March 2022 Ronin bridge breach let an attacker control five of nine validator private keys and drain 173,600 ETH plus 25.5 million USDC in two forged withdrawals. The company said an employee compromise enabled access into Sky …
Zscaler ThreatLabz linked a South Korea-focused phishing and malware campaign to Lazarus with high confidence after correlating reused infrastructure, attacker-controlled Dropbox accounts, registrant email addresses, sender infrastructure, and domains tie…
With recent reports that North Korea may be again preparing for nuclear testing, today’s sanctions activity highlights the importance of ensuring that Lazarus Group is not able to successfully launder the proceeds of these attacks. Today the US Treasury’s…
The source summarizes an April 2022 FBI, CISA, and Treasury advisory on North Korean cyber operations against cryptocurrency and blockchain organizations. The agencies identify the activity as Lazarus Group, APT38, BlueNoroff, or Stardust Chollima and say…
NSHC observed SectorA01, SectorA02, SectorA05, and SectorA06 activity during February 2022 across South Korea and multiple global regions. SectorA02 used malicious HWP files themed around South Korea's presidential election, while SectorA05 sent spear-phi…
Stairwell analyzed a GOLDBACKDOOR deployment chain from malicious artifacts NK News received in a spear-phishing campaign targeting journalists focused on the DPRK. The campaign delivered a ZIP containing a large Windows shortcut named “Kang Min-chol Edit…
REKT’s Big Phish article connects the Ronin bridge theft to FBI attribution that named the North Korean Lazarus Group and discusses CISA reporting on DPRK state-sponsored targeting of cryptocurrency organizations. The source emphasizes Lazarus and BlueNor…
360 attributed multiple 2021 attacks to APT-C-26/Lazarus, assessing the activity as aligned with the BlueNoroff branch and focused on cryptocurrency theft. The lure was a Venture Labo Investment Pitch Deck document using remote template injection through …
AhnLab ASEC reported that Lazarus malware infections were observed in about 47 companies and organizations during Q1 2022, including defense-sector victims. The activity abused the legitimate INITECH INISAFE CrossWeb EX process inisafecrosswebexsvc.exe, w…
FBI, CISA, and Treasury warned that North Korean actors tracked as Lazarus Group, APT38, BlueNoroff, and Stardust Chollima were targeting blockchain and cryptocurrency organizations to steal digital assets. The TraderTraitor campaigns used recruitment-the…
Dragos' 2021 ICS/OT Cybersecurity Year in Review covers industrial threat activity, ransomware pressure on infrastructure, incident response lessons, and recurring security weaknesses in operational technology environments. The report tracks known activit…
The FBI attributed the March 2022 theft of $620 million in Ethereum to Lazarus Group and APT38, cyber actors associated with the DPRK. The statement links the Ronin-related cryptocurrency theft to North Korea’s broader use of cybercrime and illicit financ…
Symantec observed the North Korea-linked Lazarus group targeting South Korean chemical-sector organizations in activity assessed as a continuation of Operation Dream Job, tracked by Symantec as Pompilus. The campaign used fake job-offer lures that led to …
Elliptic reported that OFAC sanctioned the Ethereum address used in the Ronin Bridge theft and identified its owner as Lazarus Group, linking the $540 million March 2022 exploit to North Korean state hackers. Ronin said the attacker compromised five valid…
The U.S. Department of Justice reported that Virgil Griffith was sentenced to 63 months in prison for conspiring to provide cryptocurrency and blockchain services to North Korea in violation of U.S. sanctions. The source says Griffith attended the 2019 Py…