627 reports
AhnLab’s JSAC 2023 material surveys ransomware localization in South Korea and includes a government-sponsored threat actor section citing Kaspersky’s disclosure that Andariel used ransomware. The DPRK-relevant portion notes a September 2020 customer samp…
In May 2022, OFAC sanctioned a mixer for the first time ever when it designated Blender.io for its role in laundering cryptocurrency stolen by North Korean hacking syndicate Lazarus Group. The sanctioning of prominent mixers may have contributed to two tr…
TA444, which overlaps with public activity called APT38, Bluenoroff, BlackAlicanto, Stardust Chollima, and COPERNICIUM, is likely tasked with generating revenue for the North Korean regime. Proofpoint clusters TA444 activities based on malware lineage, be…
The FBI attributed the June 2022 theft of $100 million in virtual currency from Harmony’s Horizon bridge to Lazarus Group, also known as APT38, a DPRK-linked cyber actor. The source updates the investigation by publishing North Korean-controlled virtual c…
ESRC reported a North Korea-linked phishing operation targeting personnel who work on North Korea-related issues. The emails impersonated Kakao security notifications about an overseas login and directed victims to a carefully built phishing page that imi…
360's 2022 global APT research report assessed that APT activity remained highly active under geopolitical pressure. The report counted 742 public APT reports in 2022 involving 141 groups, including 54 first-disclosed organizations. It mapped active group…
NSHC’s November 2022 threat-actor report identified SectorA activity as the most prominent cluster in its collection period, with five SectorA groups observed. The DPRK-relevant section says SectorA02 targeted South Korean media workers and North Korea-po…
Chainabuse recorded a report that the Harmony hacker withdrew 1,225 BTC from Huobi and began depositing funds into a Bitcoin mixer while chain-hopping the proceeds. The entry lists the suspected scammer as Lazarus Group and provides numerous Bitcoin walle…
The source examines the macOS port of the DPRK-linked Dacls/MATA malware family and explains how to build YARA rules from non-Objective-C binary traits. The analysis focuses on exported MataNet function names, wolfSSL-linked symbols, HTTP header strings, …
WannaCry is characterized as a network cryptoworm ransomware that spread through vulnerable SMB implementations in older Windows systems instead of relying mainly on malicious email attachments. After infection, it encrypted files, directed victims to a B…
WannaCry, sometimes also called WCry or WanaCryptor is ransomware malware, meaning that it encrypts files of its victims and demands a payment to restore the stolen information, usually in bitcoin with ransom amounts ranging from $300 to $600 equivalents.…
Chainalysis' Public Key episode previewed findings from the 2023 Crypto Crime Report, emphasizing that 2022 saw record DeFi hacking alongside abnormal declines in ransomware payments. Kim Grauer discussed how pig-butchering and investment scams, NFT and w…
On January 8th, the ASEC analysis team identified the distribution of a document-type malware targeting workers in the security field. The obtained malware uses an external object within a Word document to execute an additional malicious macro. The normal…
ESRC reported a phishing campaign impersonating South Korea’s National Tax Service with emails titled as tax-investigation attendance notices and assessed the activity as suspected North Korean-backed. The lure targeted virtual-asset investors, spoofed th…
The notebook walks through macOS malware analysis and YARA development using the CloudMensis spyware component as the specimen, noting prior ESET disclosure and Volexity attribution to APT37. The analysis identifies a universal Mach-O binary with x86_64 a…