296 reports
Malwarebytes reported that KONNI RAT, used by a North Korean threat actor under the Kimsuky umbrella, was still being actively developed for attacks against political institutions in Russia and South Korea. Newer samples removed the rundll32 execution bra…
Hauri reports malicious emails targeting Korean users by posing as invitations to an expert online discussion about Korea's nuclear armament. The lure uses a password-protected document and instructs recipients to enable content, which runs malicious macr…
Outpost24's finance-sector whitepaper frames banks and financial services firms as high-value targets because they hold monetizable account data, card data, and sensitive PII while operating critical digital services. The source describes threat categorie…
NSFOCUS' 2021 APT yearbook analysis says Asia was a major focus for APT activity, with espionage and sensitive-information theft remaining dominant motives across tracked campaigns. The report highlights attribution uncertainty and notes Lazarus Group as …
Kaspersky links BlueNoroff to the broader Lazarus ecosystem and describes a continued shift from bank and SWIFT fraud toward cryptocurrency theft through the SnatchCrypto campaign. The activity targeted cryptocurrency startups and businesses by abusing tr…
ESRC reported an increase in North Korea-backed hacking that used financial-company notices and North Korea-related internal-information lures against people working in the North Korea field. One campaign impersonated a domestic credit card billing notice…
These attacks targeted primarily investment firms and centralized exchanges, and made use of phishing lures, code exploits, malware, and advanced social engineering to siphon funds out of these organizations’ internet-connected “hot” wallets into DPRK-con…
ASEC analyzed an information-stealing Windows malware campaign delivered through Korean phishing infrastructure and disguised as a NAVER-related archive. The phishing flow redirects users from a Kakao-themed credential theft page to NAVER.zip, which conta…
NSHC's November 2021 monthly intelligence notes SectorA01 activity in Vietnam, the United States, Estonia, Ireland, Serbia and Turkey using malware disguised as binary analysis tools commonly used by reverse engineers and malware analysts. SectorA02 activ…
In October 2021, a presumed phishing campaign targeted the Russian Federation MID with links to a series of spoofed MID portals to harvest credentials from MID personnel. Based on the observed TTPs, including the use of a light-weight loader to retrieve a…
Cluster25 attributes a spear-phishing attack against the Russian diplomatic sector to the North Korean APT group Konni. The campaign used a New Year's Eve-themed malicious email attachment as the lure, and execution of the attachment triggered a multi-sta…