627 reports
CertiK links Lazarus Group to a series of major 2023 Web3 breaches affecting Atomic Wallet, Alphapo, CoinsPaid, Stake.com, and CoinEx, with at least $291.3 million in recorded losses across the five incidents. The analysis cites on-chain correlations betw…
CryptoSlate reported that SlowMist attributed the CoinEx hot-wallet theft of more than $27 million to North Korea's Lazarus Group, with ZachXBT citing wallet links to the earlier Stake exploit on Optimism and Polygon. The source says SlowMist connected Co…
CoinEx disclosed anomalous withdrawals from hot wallet addresses on September 12, 2023, affecting assets including ETH, TRON, and MATIC. The exchange said it opened an investigation, temporarily suspended deposits and withdrawals, and was still determinin…
Knownsec 404 observed a sharp increase in North Korean APT activity against South Korea during August 2023, with attack timing overlapping the Ulchi Freedom Shield military exercise. The team collected more than 200 deduplicated samples, including more th…
The UN Panel of Experts midterm report says DPRK hackers continued targeting cryptocurrency and other financial exchanges globally after an estimated $1.7 billion in cyber thefts in 2022. It attributes the activity to actors working for the Reconnaissance…
Google Project Zero analyzed CVE-2023-26369, an Adobe Acrobat Reader remote code execution flaw triggered by malformed TrueType font bitmap tables processed by libCoolType. The write-up says the bug was exploited in the wild by government-backed actors in…
Knownsec 404 researchers observed a sharp rise in North Korean APT activity against South Korean targets during the August 2023 Ulchi Freedom Shield joint exercises. The report says more than 80 samples were captured during the exercises and more than 200…
360 Advanced Threat Research linked APT-C-26/Lazarus and its Andariel subgroup to EarlyRat activity delivered through Skype links to malicious compressed files and macro-enabled lure documents. The macro dropped an EarlyRat binary into the Windows startup…
AhnLab ASEC reported that Kimsuky activity in July 2023 showed FlowerPower gaining traction while the group diversified its attack methods. AppleSeed and RandomQuery activity did not show major changes and appeared to be used less. ASEC also began incorpo…
SlowMist traced the Stake.com theft across Ethereum, Binance Smart Chain, Polygon, and Avalanche after roughly $40 million in assets was stolen from the gambling platform. The attackers redistributed funds across multiple addresses, converted DAI to ETH f…
KrCERT warned that a file-upload vulnerability in NetID ClouDoc could allow attackers to place malicious files and execute malware on affected systems. Organizations using ClouDoc should update to version 4.1 or later through NetID and inspect the \plusdr…
The FBI attributed the roughly $41 million theft from Stake.com to North Korea's Lazarus Group after funds were taken from Stake-controlled Ethereum, Binance Smart Chain, and Polygon addresses. TRM's on-chain tracing says the actors swapped much of the ET…
AhnLab ASEC reported renewed CHM malware distribution assessed as likely RedEyes/ScarCruft activity, using Korean interest in the Fukushima wastewater release as the lure. The CHM file registers an mshta command under the HKCU Run key, then retrieves Java…
The FBI has confirmed that this theft took place on or about September 4, 2023, and attributes it to the Lazarus Group (also known as APT38) which is comprised of DPRK cyber actors. The FBI will continue to expose and combat the DPRK’s use of illicit acti…