Lazarus Group moved 41,000 ETH from the Harmony Bridge hack

Chainabuse records Lazarus Group moving 41,000 ETH from the Harmony Bridge theft through Railgun on January 13–14, 2023 before depositing funds at three exchanges. The source is primarily an abuse report with a large wallet list, but its core CTI value is…

김수키(Kimsuky)조직, 카카오 피싱 공격 진행 중

ESRC reports an active Kimsuky phishing campaign using urgent password-change emails that impersonate Daum and lead victims to a fake Kakao account-management login page. The messages used a lookalike sender domain, daurn.net, and embedded hidden image-lo…

疑似APT-C-26（Lazarus）组织通过加密货币钱包推广信息进行攻击活动分析

360 Advanced Threat Research Institute describes a suspected APT-C-26/Lazarus campaign delivering a malicious ISO themed around promotion of the Somora cryptocurrency wallet to cryptocurrency holders. The ISO contained wallet screenshots and a malicious “…

Web Page Disguised as a Kakao Login Page

ASEC found fake Kakao login pages built to steal credentials from specific users, likely reached through phishing emails. The pages copied the Kakao login format and prefilled account IDs, increasing the chance that victims would enter passwords without c…

원고 청탁서로 위장한 악성코드 (안보 분야 종사자 대상)

AhnLab ASEC observed document malware distributed to people in the security field under the guise of a manuscript solicitation letter. Opening the Word document used template injection through an external object to download and run an additional malicious…

How 2022’s Biggest Cryptocurrency Sanctions Designations Affected Crypto Crime

Chainalysis reviews 2022 cryptocurrency sanctions and highlights Lazarus Group as the North Korea-linked hacking and crypto-theft actor among OFAC-designated entities. The DPRK-relevant section focuses on Tornado Cash, a decentralized Ethereum mixer sanct…

2022 Blockchain Security and AML Analysis Annual Report

SlowMist’s 2022 blockchain security and AML annual report includes DPRK-relevant coverage of Lazarus Group’s role in major cryptocurrency theft and laundering activity. The report notes U.S. Treasury sanctions on addresses tied to the Ronin Network hacker…

Emulating the Highly Sophisticated North Korean Adversary Lazarus Group

AttackIQ released attack graphs that emulate Lazarus Group tradecraft across historical campaigns including Operation Sharpshooter, Operation In(ter)ception, and Operation Dream Job. The excerpt attributes Lazarus Group to North Korea’s Reconnaissance Gen…

The Cyber Threat from Pyongyang

RSIS assesses North Korea’s cyber threat as an enduring national-security problem centered on Bureau 121 and associated DPRK cyber units. The article describes Pyongyang’s cyber forces as capable of espionage, destructive malware, and operations launched …

LABScon Replay | InkySquid: The Missing Arsenal

SentinelOne’s LABScon replay covers Volexity research on InkySquid/APT37, a North Korea-linked actor also known as Group123 or ScarCruft, and its macOS port of RoKRAT. The presentation describes BaDRAT/CloudMensis as a macOS espionage tool delivered throu…

카카오 로그인화면으로 위장한 웹페이지

AhnLab ASEC reported a credential-phishing page that closely imitated Kakao’s login screen and prefilled target account IDs. The suspected delivery route was phishing email, and ASEC inferred from the targeted IDs and its North Korea-related monitoring th…

Cyber Operations Tracker

CFR's Cyber Operations Tracker is a dataset rather than a single intrusion report. The excerpt states that since 2005, 34 countries are suspected of sponsoring cyber operations, with China, Russia, Iran, and North Korea linked to 77 percent of suspected o…