627 reports
Windows-based Malware Mandiant determined that the attacker infected targeted 3CX systems with TAXHAUL (AKA “TxRLoader”) malware. The malware uses the Windows CryptUnprotectData API to decrypt the shellcode with a cryptographic key that is unique to each …
Crystal Blockchain's February 2023 report tracks crypto and DeFi hacks, fraud, and scams from 2011 through February 18, 2023, counting 231 DeFi hacks, 135 security attacks, and 95 fraudulent schemes. It estimates about $16.7 billion in cryptocurrency thef…
The WEMIX Foundation said the GDAC exchange hack withdrew about 23% of GDAC's custodial assets, including 10,000,000 customer-deposited WEMIX3.0 tokens, to unidentified wallets. The statement emphasizes that the incident occurred at the exchange and did n…
GDAC disclosed that a hack at about 07:00 KST on 9 April 2023 caused assets in its hot wallet to be transferred to unidentified wallets, representing roughly 23% of assets then held by the exchange. The exchange suspended wallet and server systems, conven…
BBC’s Lazarus Heist episode “Olympic Destroyer” focuses on the cyberattack against the Winter Olympics during the opening ceremony and asks who was responsible. The source excerpt is an episode listing, so it supports the incident focus but not detailed m…
A Korean malware-analysis post attributes a malicious Word document named Questionnaire.doc to BlueNoroff, described as part of North Korea’s Lazarus-linked cybercrime activity targeting North Korea-related personnel. The lure discusses Kim Ju-ae successi…
CNN describes a South Korean and U.S.-supported operation that tracked cryptocurrency stolen from Harmony, a California cryptocurrency firm, and helped freeze a little over $1 million when North Korean hackers briefly moved part of the funds into a dollar…
The U.S. Treasury DeFi risk assessment says DPRK cyber actors, along with ransomware operators, thieves, and scammers, use DeFi services to transfer and launder illicit proceeds. It frames this as a sanctions-evasion and proliferation-finance risk because…
Plainbit concludes its review of 43 CISA-disclosed Bitcoin addresses linked to North Korean ransomware, finding that nine had transaction history, two were Binance-owned exchange addresses, two were not discoverable in blockchain lookups, and seven non-ex…
Plainbit analyzes CISA-listed address 1KmWW6LgdgykBBrSXrFu9kdoHz95Fe9kQF and determines that QLUE identifies it as Binance exchange infrastructure in cluster 516186376. The address is tagged with ransomware and North Korea flags and shows 3,573 transactio…
Plainbit reviews CISA-listed North Korea ransomware address 1FX4W9rrG4F3Uc7gJ18GCwGab8XuW8Ajy2 and finds that QLUE identifies it as a Binance deposit address in cluster 419867548. The address carries Binance, ransomware, sent-to-Binance, and North Korea f…
Plainbit traces CISA-listed North Korea ransomware address 1KCwfCUgnSy3pzNX7U1i5NwFzRtth4bRBc, a high-risk wallet in QLUE cluster 806944670 with ransomware and North Korea flags. The address handled six transactions totaling 0.0361 BTC between May 2021 an…
Plainbit examines CISA-listed address 14hVKm7Ft2rxDBFTNkkRC3kGstMGp2A4hk, a high-risk Ryuk ransomware cluster address tagged with North Korea indicators in QLUE. The wallet received and sent 10 BTC across four transactions on 2018-09-14, with the initial …
Plainbit analyzes CISA-listed North Korea ransomware Bitcoin address 1J8spy62o7z2AjQxoUpiCGnBh5cRWKVWJC, which QLUE flags as high-risk ransomware/North Korea infrastructure in cluster 828661150. The wallet recorded five transactions and moved 1.87482707 B…
Plainbit analyzes the CISA-listed North Korea ransomware address 16ENLdHbnmDcEV8iqN4vuyZHa7sSdYRh76, which QLUE flagged as Ransomware/North Korea and high risk. The wallet received 0.00064181 BTC from another CISA-listed address, 1J8spy62o7z2AjQxoUpiCGnBh…