296 reports
KLAYswap reported that users were affected by a third-party SDK supply-chain compromise rather than a flaw in KLAYswap front-end source code or smart contracts. Requests for the normal Kakao SDK JavaScript file were redirected to an attacker-controlled se…
Qualys analyzed a Lazarus campaign, dubbed LolZarus, that used Lockheed Martin-themed job phishing documents against defense-sector targets. The documents shared author and macro-flow traits with earlier Lazarus lures, decoded embedded shellcode, hijacked…
ASEC reported an APT attempt against a broadcasting-company journalist using a malicious Word document disguised as internal financial-work details. Opening the document caused Word to fetch an external DOTM macro from ms-work.com-info.store, which create…
WIRED reported that P4x, an independent hacker previously targeted in a North Korean campaign against Western security researchers, claimed responsibility for outages affecting North Korea’s internet-facing websites and routers. The earlier North Korean a…
An attacker exploited Qubit Finance's QBridge protocol on January 27, 2022, draining roughly $77 million to $80 million in assets by minting qXETH without depositing corresponding ETH. The source attributes the failure to QBridge deposit logic that accept…
Qubit’s fourth exploit report narrows on the attacker’s later laundering path after funds were moved from an earlier BSC wallet to a new address. The exploiter swapped portions of the stolen assets through PancakeSwap and Ellipsis, bridged value via Celer…
Qubit’s third exploit report traces the post-exploit movement of stolen assets after the team stopped service and began monitoring the exploiter with security partners. The attacker used the QBridge deposit logic bug to create xETH on BSC without depositi…
Qubit’s second exploit report explains that QBridge contracts were deployed in late November 2021, audited in December, and then upgraded to add direct ETH deposits instead of WETH. The team says the obsolete deposit function unintentionally remained afte…
The malware extracts the hostname, username, network information, a list of processes, and other information that will be exfiltrated to one out of the four C2 servers. The data targeted for exfiltration is compressed, XOR-encrypted and then Base64-encode…
SlowMist analyzed the January 2022 Qubit Finance exploit, which caused roughly $80 million in losses through QBridge. The attacker supplied the resourceID for cross-chain ETH but called the ordinary token deposit path rather than depositETH, bypassing the…
Qubit reported that its QBridge deposit function was exploited after an obsolete deposit path remained active when depositETH support changed ETH handling to a zero address. The attacker sent 16 Ethereum-side deposit transactions and corresponding BSC vot…
ESRC reported a North Korea-linked phishing campaign that impersonated South Korea’s Central Disease Control Headquarters with emails about COVID-19 booster-shot adverse reaction monitoring. The activity targeted experts in specific fields and used a fake…
AhnLab observed Kimsuky using xRAT, an open-source Quasar RAT variant, alongside a Gold Dragon variant on an infected system in January 2022. The installer downloaded a GZip-compressed Gold Dragon payload from attacker infrastructure, unpacked it into the…
Malwarebytes analyzed a Lazarus job-themed spear-phishing campaign using Lockheed Martin decoy documents observed in late 2021 and early 2022. The macro used KernelCallbackTable control-flow hijacking to execute shellcode, which decrypted and manually map…
ESRC reported a North Korea-linked phishing operation that targeted simultaneous interpreters with tailored emails posing as international-event interpretation requests. The lures varied by language focus, including English, Chinese, Russian, and some Jap…