627 reports
IBM Security X-Force examined defensive detection opportunities for Lazarus FudModule, a malware component previously analyzed for tampering with Event Tracing for Windows. The source says FudModule installs a Dell driver vulnerable to CVE-2021-21551 to g…
Mandiant’s 2022 zero-day review tracked 55 vulnerabilities exploited before public patches, a decline from 2021 but still far above 2020 levels. The DPRK-relevant finding in the provided excerpt is narrow: Mandiant identified two zero-day vulnerabilities …
AhnLab summarized its detections for IOCs published in the South Korea–Germany joint advisory on Kimsuky. The advisory said Kimsuky used Chromium browser extensions and Android app-developer support functions to steal account information, primarily target…
Germany’s BfV and South Korea’s NIS issued a joint cybersecurity notice on Kimsuky cyber-espionage activity. The German source says Kimsuky, also known as Velvet Chollima or Thallium, steals information worldwide through cyberattacks, including foreign-mi…
South Korea’s NIS and Germany’s BfV warned that Kimsuky, also known as Thallium or Velvet Chollima, abused Google browser and app-store services to target Korean Peninsula and North Korea specialists. The advisory describes spear-phishing that led victims…
AhnLab ASEC reported a Kimsuky OneNote malware campaign disguised as reward-payment paperwork, extending the group’s recent use of CHM and LNK delivery formats. The OneNote lure appeared to contain a Korean HWP privacy-agreement document, but the clickabl…
S2W reported that Kimsuky was distributing malware with a malicious Microsoft OneNote file, a delivery technique more commonly seen in cybercrime campaigns. The lure impersonated Korea University’s Institute for Peace and Democracy and asked survey partic…
The source analyzes a Kimsuky-linked malicious Word document named as a mutual-divorce intent confirmation application, a lure also associated with North Korea-focused targeting in South Korea. The macro-enabled document displays a divorce form decoy but …
AhnLab reported a remote code execution vulnerability in MLsoft’s TCO!Stream asset-management solution, affecting versions 8.0.22.1115 and earlier. During incident response, AhnLab found attackers abusing the resident client process to execute code remote…
AhnLab warned that vulnerable versions of YettieSoft VestCert, a Korean Non-ActiveX public certificate module, exposed users to remote code execution because the resident service can restart the process and keep it available for exploitation. AhnLab obser…
ASEC's trend report explains how ransomware operators tailor activity to specific regions to maximize profit and reduce pressure from local law enforcement. It distinguishes criminal ransomware gangs and RaaS affiliates, including initial access brokers, …
SEKOIA.IO attributed a surveillance campaign targeting North Korean defectors to Reaper, also known as APT37, after finding two open C2 directories that exposed hosted implants and exfiltrated victim data. The investigation uncovered phishing pages for se…
Chainalysis reported only tentative DPRK relevance in the Euler Finance incident: 100 ETH stolen from Euler moved on March 17, 2023 to an address that had previously received funds from the Lazarus-attributed Axie Infinity Ronin Bridge hack. The source ex…