627 reports
AhnLab summarized its detection coverage for the South Korea-U.S. joint cybersecurity advisory on North Korean ransomware activity. The advisory assessed Maui and H0lyGh0st ransomware as North Korea-linked threats affecting U.S. healthcare, public-health,…
South Korea’s Ministry of Foreign Affairs announced measures to disrupt North Korea’s illicit cyber-enabled revenue generation, which it identifies as a funding source for nuclear and missile development. The notice states that the government would design…
The Korean analysis attributes a malicious VBS payload disguised as a software security checklist XLSM document to Kimsuky activity targeting South Korean think tanks, industry, nuclear and defense-related organizations, and North Korea-focused personnel.…
This advisory highlights TTPs and IOCs DPRK cyber actors used to gain access to and conduct ransomware attacks against Healthcare and Public Health (HPH) Sector organizations and other critical infrastructure sector entities, as well as DPRK cyber actors’…
The ScarCruft threat-tracking material summarizes a campaign against North Korean defectors and related targets attributed to the APT37/Ricochet Chollima cluster. The attack flow used email links or attachments to download Office documents, load macros or…
She discusses cryptocurrency recovery efforts by law enforcement and explains how much we should be weighing proof of reserves as a sign of crypto exchange solvency. Read and listen to part 1 of the 2023 Crypto Crime Report Preview. Public Key Episode 42 …
NSHC’s December 2022 monthly report identifies SectorA02, SectorA05, SectorA06, and SectorA07 as the most relevant clusters for Korea-focused tracking, with activity observed in South Korea, Switzerland, France, Poland, and the United States. SectorA02 an…
AhnLab reports that Kimsuky-linked malicious documents previously seen against security-sector personnel were also being distributed to broadcasting and general enterprise users. The lure documents, including files resembling KBS interview questions and a…
AhnLab reports that infrastructure previously used for Kakao credential phishing was also hosting Naver login-themed phishing pages assessed from reverse-DNS, IP, domain, and related-file evidence as likely Kimsuky activity. The phishing pages imitated Na…
ESRC describes a Konni-attributed phishing campaign impersonating South Korea’s Fair Trade Commission with emails titled as advance notice of a written fact-finding survey. The attached ZIP contained decoy PDF material and LNK files masquerading as HWP do…
WithSecure attributes the Q4 2022 “No Pineapple” intrusion with high confidence to Lazarus Group, targeting public and private research organizations, medical research, energy-sector entities, and their supply chain for likely intelligence collection. Ini…
North Korea-linked hackers break theft records yet again: $1.7 billion stolen North Korea-linked hackers such as those in cybercriminal syndicate Lazarus Group have been by far the most prolific cryptocurrency hackers over the last few years. While North …
As a result, Elliptic was the first to attribute the hack to APT38 – otherwise known as The Lazarus Group – within days of the hack. They were also able to complete a detailed analysis of this exploit’s characteristics, as well as subsequent laundering ty…
ESET’s T3 2022 APT activity reporting notes that North Korea-aligned groups remained active against cryptocurrency firms and exchanges in multiple regions. The DPRK-linked activity relied on older exploits to compromise targets, while Kimsuky continued op…
Somansa analyzed document-based malware attributed to the North Korean Konni group, which has targeted South Korea and other regions since 2017. The report says Konni used HWP documents in earlier attacks against Korean companies and institutions, but shi…