654 reports
This APT group has been associated with other threat actor groups, including Bluenoroff and Andariel, believed to be subgroups or closely aligned with Lazarus. One of their recent campaigns, "Dream Job," specifically targets cryptocurrency-adjacent entiti…
Kimsuky, also known as Black Banshee, is described as a North Korean APT active since at least 2012 and focused on espionage against targets in South Korea, Japan, the United States, and other countries. The advisory summarizes common Kimsuky tradecraft i…
A YouTube video description frames North Korean shadow IT workers as an insider-threat concern and lists sections on how they operate, their goals, and defensive steps. The excerpt does not provide technical indicators, malware details, or a specific intr…
The source describes an APT38 or Lazarus-attributed social-engineering operation that targeted a CEO through Discord and pushed a fake online meeting download. The download flow used a passcode-protected page and delivered a small macOS DMG containing a B…
This Andariel profile identifies the DPRK-linked group as Lab 110 / 3rd Bureau of the Reconnaissance General Bureau and catalogs its aliases, relationships, exploited vulnerabilities, and reporting history. The page maps Andariel to aliases such as APT45,…
The report describes a malware delivery technique disguised as a polished video-interview workflow, commonly initiated by fake recruiters claiming to represent well-known companies such as Kraken, MEXC, Gemini, or Meta. Targets are approached through Link…
Rewterz reports that North Korean actors behind the Contagious Interview campaign are using OtterCookie malware in fake job-offer attacks against software developers. The campaign has operated since at least late 2022 and previously distributed BeaverTail…
Picus profiles Kimsuky as a North Korean espionage actor active since at least 2012 and tracked under aliases including Black Banshee, Velvet Chollima, THALLIUM and Emerald Sleet. The source describes targeting of South Korean government, think-tank, defe…
NTT's SOC identified OtterCookie as malware used in the North Korea-linked Contagious Interview campaign, with activity observed around November 2024 and possible use since September. The campaign commonly starts from Node.js projects, npm packages or fil…
The report analyzes an APT-C-26/Lazarus campaign that delivered a weaponized IPMsg installer to targets. When executed, the installer dropped a malicious DLL while also launching the legitimate IPMsg Installer 5.6.18.0 to reduce user suspicion. The DLL ch…
South Korea's Ministry of Foreign Affairs announced independent sanctions against 15 North Korean IT workers and one related entity for foreign-currency earning activity tied to cyber operations and weapons funding. The statement says North Korea continue…
The report analyzes a Kimsuky-attributed PowerShell malware case, log_processlist.ps1, distributed from a site impersonating Radio Free Asia and aimed at a specific North Korean human-rights activist. The script used Dropbox API credentials to obtain an O…
NTT Security Japan analyzes OtterCookie, a malware family observed in the Contagious Interview campaign, which is described as a North Korea-linked, financially motivated operation. The activity often begins with Node.js projects or npm packages downloade…
The Piyolog summary covers the DMM Bitcoin incident in which 4,502.9 BTC, worth about 48.2 billion yen at the time, was illicitly transferred from the exchange's wallet on May 31, 2024. Japanese authorities later issued warnings stating that a North Korea…
Rekt reported that DPRK-linked wallets were observed trading on Hyperliquid, raising concern that North Korean actors were testing the protocol before a possible attack. The article highlights Hyperliquid's risk profile at the time: more than $2 billion i…