296 reports
Ronin Network, an Ethereum sidechain used by Axie Infinity, suffered a bridge exploit that drained 173,600 ETH and 25.5 million USDC. The body attributes the incident to compromise of validator private keys rather than a smart contract code flaw: the atta…
QiAnXin RedDrip reported a suspected Lazarus spearphishing campaign against Korean enterprises using malicious DOCX and CHM lures rather than consumer-targeted activity. The DOCX samples abused CVE-2017-0199 remote template execution, including lures such…
Cluster25 traced an April 2022 DPRK-nexus spearphishing campaign against South Korean individuals, noting similarities to the Kitty Phishing operation. The activity used Korean-language Word lures impersonating KRNIC, South Korean security firms, or crypt…
NSHC’s January 2022 ThreatRecon report identifies three North Korea-supported SectorA groups active during the period: SectorA02, SectorA05, and SectorA07. SectorA02 targeted South Korea-based workers involved in North Korea policy with phishing emails di…
ESRC reported a mass phishing campaign using malicious Word documents named around anxiety-inducing themes such as quarantine-rule police attendance notices and emergency relief application forms. The emails attempted to persuade recipients to enable Offi…
Somansa analyzed a Lazarus campaign that abused Windows Update-related services and lures aimed at defense-industry hiring or remote-work security guidance. The report says North Korean hackers commonly distribute malware by impersonating organizations, i…
ESRC observed a North Korea-linked phishing operation impersonating the Korean Society for Clinical Health Promotion with COVID-19 vaccine notification emails. The campaign primarily targeted people working on North Korea-related issues and used a careful…
The source covers the Ronin Network exploit after OFAC and the FBI linked the breach to North Korea’s Lazarus Group. Ronin’s bridge was drained of 173,600 ETH and 25.5 million USDC, worth about $568 million at the time, and OFAC added the Lazarus-associat…
AhnLab ASEC reported malicious Word documents impersonating AhnLab and using cryptocurrency-themed filenames to persuade recipients to enable macros. The initial DOCX fetched an external DOTM template through word/_rels/settings.xml.rels, then used a Wind…
AhnLab ASEC reported malicious Windows HTML Help files distributed to domestic Korean users under the guise of COVID-19 confirmation and cohabitant guidance notices. Opening the CHM displays a decoy coronavirus notice while embedded script commands decomp…
Kaspersky found a Lazarus-linked Trojanized DeFi Wallet application compiled in November 2021 that installed a legitimate-looking cryptocurrency wallet while dropping a full-featured backdoor. The infection chain wrote a disguised GoogleChrome.exe payload…
Uppsala Security traced funds from the Ronin Bridge exploit announced on 2022-03-29, in which attackers stole 173,600 ETH and 25.5 million USDC through two fraudulent bridge withdrawals using hacked private keys. CAMS monitoring identified 206 Ethereum tr…
AhnLab ASEC attributed a malicious Word-document APT lure disguised as an Uljin forest-fire donation receipt to Kimsuky. The document was created on March 28 by an author name previously seen in ASEC reporting and reused earlier Kimsuky tradecraft while c…
Ronin Bridge lost about $624 million after an attacker compromised Sky Mavis validators and abused unreclaimed Axie DAO whitelist access to obtain the fifth signature needed for withdrawals. The attacker authorized two withdrawals, draining 173,600 ETH an…
AhnLab ASEC observed phishing emails using North Korea-related broadcasting recruitment content to lure recipients into opening a compressed attachment containing a malicious VBS file disguised as a 2022 resume form. The script collects process, routing t…