627 reports
• The organizations targeted for employment align with previous efforts by DPRK operators to target cryptocurrency-related organizations as well as medical research companies. • The operation distributing the CUTELOOP dropper has been conducting a job-the…
Bridewell Intelligence warns that TA444, a financially motivated North Korea state-sponsored actor, poses a continuing threat to banks, financial institutions, and cryptocurrency exchanges. Pivoting from Proofpoint and Kaspersky reporting, Bridewell ident…
NSHC’s December 2022 monthly report observed SectorA activity as one of the two most prominent threat categories during the collection period from November 21 to December 20, 2022. The DPRK-relevant SectorA section identifies SectorA02, SectorA05, SectorA…
Norway’s Økokrim reported seizing nearly 60 million kroner in cryptocurrency tied to the Axie Infinity/Sky Mavis theft, describing it as the country’s largest-ever crypto seizure. The source states that about five billion kroner in cryptocurrency was stol…
AhnLab reported Kimsuky document malware distributed beyond security-related targets to broadcasting and ordinary corporate users. The lures used DOCX filenames such as questionnaires, cover letters, and planning documents, then relied on template injecti…
AhnLab analyzed anti-forensic techniques observed on systems compromised by the Lazarus Group in South Korea, including defense, satellite, software, and media-related environments. The report describes Lazarus hiding encrypted loader, PE, and configurati…
AhnLab reported malware distribution targeting users of vulnerable Innorix Agent file-transfer client versions, specifically identifying exploitation of version 9.2.18.418 within the KISA-advised vulnerable range of 9.2.18.450 and earlier. The delivered b…
government’s Cybersecurity and Infrastructure Security Agency (CISA) prepared for potential retaliation by issuing a call for “Shields Up,” which included actions to safeguard ICS and OT According to an analysis of the threats against U.S. With over 70 pe…
We’ll break down these trends and more in our 2023 Crypto Crime Report. Well, you weren’t alone — crypto criminals had to face the same market conditions. Watch Part 1 and Part 2 of our Crypto Crime webinar series. Want more insights into the 2020 State o…
KrCERT/CC’s ScarCruft tracking note describes a North Korea-linked surveillance actor active against South Korean defectors, overseas workers, journalists, missionaries, and other people of interest since at least 2012. The report updates earlier TTPs by …
AhnLab attributed a January 2023 HWP attack to RedEyes/ScarCruft, also known as APT37, based on the use of steganographic payload delivery and persistence commands resembling earlier ScarCruft activity. The initial access vector abused the old Hangul EPS …
ESTsecurity reported a North Korea-attributed phishing attack that impersonated a Ministry of Unification human-rights forum co-hosted with a South Korean lawmaker. The lure abused a legitimate encrypted HTML-style notice format used by the ministry, but …
This is a North Korea-controlled cybercrime group believed to be responsible for stealing billions of dollars worth of cryptoassets. Elliptic analysis indicates that Blender – sanctioned for helping North Korea’s Lazarus Group to launder tens of millions …
ASEC observed fake Naver login pages built on the same attacker-controlled domain pattern previously used for fake Kakao credential theft. The phishing flow leads users to a password reconfirmation page where the login ID is prefilled and entered password…
The South Korea-U.S. joint advisory details North Korean ransomware operations against healthcare, public-health, and other critical-infrastructure organizations, updating prior reporting on Maui and related activity. It describes operators obtaining infr…