654 reports
Dong-A Ilbo reported that South Korean intelligence assessed North Korea's cyber-crime workforce at roughly 8,400 personnel, an estimated 20 percent increase from the 6,800 figure previously reflected in defense white papers. The article says North Korea …
Chosun reported on an SK Shieldus investigation into the South Korean court network breach attributed in the article to Lazarus, describing a multi-stage intrusion from initial PC compromise to long-term data exfiltration. The attackers allegedly used wat…
Securonix reports that the North Korea-linked DEV#POPPER operators continued targeting software developers with fake interview lures and a ZIP package containing hidden malicious JavaScript. The updated samples added support for Windows, Linux, and macOS,…
Genians analyzed a Konni APT campaign that impersonated South Korean tax-related notices, including tax-evasion reports, source-of-funds explanations, and National Tax Service investigation themes. The attacks used spear-phishing emails containing ZIP arc…
NSHC's June 2024 monthly threat actor report observed activity from 27 threat groups between May 21 and June 20, with SectorJ most active and SectorB and SectorA following. SectorA activity included SectorA01, SectorA02, SectorA05, and SectorA07 operation…
The report describes a Kimsuky phishing site that impersonated Google Drive and used a fake Google/Gmail service interruption notice to push users toward reauthentication. The lure at gplokio[.]site redirected victims through another domain toward a spoof…
NSHC's 2023 SectorA activity summary says seven SectorA subgroups ran both South Korea-focused intelligence collection and financially motivated operations worldwide. SectorA05 was the most active subgroup, followed by SectorA02 and SectorA01, with financ…
WazirX's day-wise incident log says a July 18, 2024 cyber attack hit one of its multisig wallets managed through Liminal custody infrastructure and led to the theft of more than $230 million in digital assets. The exchange reported restoring account balan…
Attackers stole about $230 million from WazirX after upgrading a 4-of-6 multisig wallet to a malicious implementation. The source argues the attack likely required three WazirX signer approvals and one Liminal signer, possibly through phished signatures, …
Yonhap reported that classified information on South Korean Defense Intelligence Command overseas operatives, including identities and personal details, was leaked through a civilian employee's personal laptop. The leaked material reportedly included info…
Picus profiles Andariel, also known as Onyx Sleet, as a North Korea-linked APT associated with the Reconnaissance General Bureau. The source says the group targets defense, aerospace, nuclear and engineering organizations for espionage and also conducts r…
Andariel, also tracked as Onyx Sleet, DarkSeoul, Silent Chollima, and Stonefly/Clasiopa, is described in the CISA AA24-207A response as a DPRK RGB 3rd Bureau-backed actor targeting defense, aerospace, nuclear, engineering, government, and military entitie…
NSHC's March 2024 threat actor group report describes 33 observed hacking-group activities and highlights multiple SectorA operations associated with North Korean activity. The report says SectorA01 distributed malicious Python packages through PyPI to de…
WazirX's post describes preliminary findings from the July 2024 attack against an affected multisig wallet that used five WazirX signers and one Liminal signer. WazirX says it found no evidence that signer machines were compromised, while the malicious tr…
The U.S. Justice Department charged North Korean national Rim Jong Hyok over an alleged Andariel conspiracy to hack and extort U.S. hospitals and health care providers using Maui ransomware. Prosecutors say Rim and co-conspirators worked for North Korea’s…