654 reports
MurAll said a bridge hack affected Paint token holders on Polygon and forced the project to use DAO funds to reimburse users because the incident changed token supply and voting power. The team opened a Paint token claim process through its official migra…
CoinStats said it temporarily shut down its application after an attack affected 1,590 hosted CoinStats Wallets, about 1.3% of that wallet population. The company said connected external wallets and centralized exchange accounts were not affected, but use…
The source analyzes a malicious LNK file assessed as likely Konni activity and disguised as a 2024 application form for North Korean human-rights civic-organization strategic activity support. The shortcut runs heavily obfuscated PowerShell, searches for …
QiAnXin reports a suspected Kimsuky, or APT-Q-2, campaign using fake General Dynamics and Lockheed Martin recruitment lures for defense jobs in Germany to target European military industry personnel. The activity used JSE, C++ and Go droppers to place a D…
Malspace features Aleksandar Milenkoski discussing previously undisclosed material from a PIVOTcon talk on North Korean APT activity. The source text highlights ScarCruft operations involving strategic intelligence collection and targeting of cybersecurit…
CyberArmor analyzes a newly observed North Korean campaign named Niki that targets aerospace and defense companies with job-description lures. The intrusion begins with a RAR archive masquerading as a ZIP file for a General Dynamics safety manager role, w…
South Korea’s National Intelligence Service held a June 17 briefing for KISIA member security companies on North Korean cyber threat trends and recent attack cases. NIS warned that North Korean operators are increasingly targeting domestic security produc…
NSHC’s April 2024 roundup identifies SectorA01 activity in India, Bangladesh, Singapore, and Hungary using malicious Windows LNK files disguised as job descriptions. SectorA01 payloads transmitted system information, added registry persistence, and execut…
Konni is described as a North Korea-linked group using a National Tax Service-themed VAT.hwp lure to deliver malware through a malicious shortcut and obfuscated PowerShell. The script searches for a specific LNK file, reads embedded byte ranges, XOR-decod…
Malicious Windows LNK shortcut files are shown as a recurring initial trigger in phishing chains because Windows hides the extension and attackers can disguise shortcuts as invoices, PDFs, or benign applications. The excerpt gives examples involving Async…
CYFIRMA surveys APAC threat activity across Japan, the Philippines, Vietnam, Malaysia, Australia, South Korea, Taiwan, Thailand, and other regional targets. The excerpt emphasizes ransomware against critical infrastructure, IoT data theft, exploitation of…
NTT notes that Kimsuky abuse of MSC files had been reported since April 2024, placing Microsoft Common Console documents among techniques already adopted by multiple APT groups. The detailed case in the excerpt is DarkPeony’s Operation ControlPlug rather …
SharkTeam analyzed the June 2024 UwU Lend exploit, in which the project lost about $19.3 million across three attacker transactions. The report identifies the attacker wallet, transaction hashes, and DeFi attack flow, providing technical evidence for inci…
LilacSquid, also tracked as UAT-4820, is described as an espionage-focused actor active since at least 2021 against U.S. IT firms, European energy organizations, and Asian pharmaceutical companies. The report states that LilacSquid’s tactics resemble Nort…
Checkmarx linked a new North Korean threat actor, Moonstone Sleet, to malicious npm packages targeting the open source software supply chain. The activity overlaps with earlier North Korean package campaigns attributed to Jade Sleet but uses a different s…