654 reports
SecAI linked a series of April 2024 onward targeted attacks against the United States, Japan, and South Korea to Kimsuky, a North Korea-based APT focused on intelligence collection around the Korean Peninsula, nuclear policy, sanctions, diplomacy, and nat…
Operation ControlPlug describes DarkPeony activity using MSC files as an initial attack vector against possible military and government targets in Myanmar, the Philippines, Mongolia, and Serbia. The report explains that opening the MSC file and clicking i…
A Lazarus Group DeFi laundering case is used to explore whether YARA-style pattern matching can help classify suspicious blockchain activity. The source cites ZachXBT’s analysis of more than $200 million laundered from 25-plus crypto hacks between 2020 an…
NSHC ThreatRecon's April 2024 report identifies SectorA01, SectorA05, and SectorA07 activity during the March 21 to April 20 collection window. SectorA01 targeted India, Bangladesh, Singapore, and Hungary with LNK files disguised as job descriptions, then…
Kimsuky impersonated a foreign news-agency researcher to approach North Korean human-rights activists with written interview requests about Korean Peninsula peace issues. The campaign used spear-phishing, malicious HWP documents, and MSC files disguised w…
The Alphapo and CoinsPaid hot-wallet intrusion report tracks stolen cryptocurrency laundering through cross-chain bridges, token swaps, and mixing services such as Sinbad. The analysis notes that the movement of funds resembled previously observed Lazarus…
Konni, a North Korea-linked threat group associated in reporting with Thallium, APT37, and possibly Kimsuky, distributed a malicious Excel LNK-themed file named around Kim Myeong-hui in May 2024. The report links Konni RAT activity to phishing delivery, i…
DMM Bitcoin disclosed the loss of 4,502.9 BTC, about $308 million, in an unauthorized leak that Elliptic assessed as a major cryptocurrency theft. The report notes that the stolen bitcoin was split across new wallets shortly after the incident, making the…
DMM Bitcoin reported that 4,502.9 BTC, worth more than $304 million, was illegally leaked from its wallet around 1:30 p.m. JST. The exchange halted spot buy orders, leveraged position openings, and new account screenings while stating that customer BTC de…
Konni is a North Korea-linked threat actor that targeted government-related users with MSI installer packages masquerading as legitimate software, including a Russian foreign-ministry-style statistics application. The report explains that the installer dr…
NSHC ThreatRecon's March 2024 report lists SectorA01, SectorA02, SectorA05, and SectorA07 activity across South Korea, Taiwan, the United States, China, Russia, and other locations. SectorA01 pushed malicious Python packages through PyPI for information g…
Akamai observed RedTail cryptomining operators adding Palo Alto PAN-OS CVE-2024-3400 exploitation to a broader web-exploit arsenal targeting IoT devices, web applications, SSL-VPNs, and security products. The infection chain used command execution to down…
Cisco Talos tracks LilacSquid as an espionage-motivated APT active since at least 2021, compromising organizations in pharmaceuticals, oil and gas, and technology across Asia, Europe, and the United States. The campaign gains access through vulnerable int…
AhnLab attributes recent intrusions against Korean educational, manufacturing, and construction organizations to Andariel. The cases include compromise of an outdated Apache Tomcat server to deploy backdoors and proxy tools, continued use of Nestdoor, and…
A U.S. court filing in USA v. Oleksandr Didenko concerns alleged cybercrime infrastructure and identity-abuse activity rather than a malware reverse-engineering report. The source is legal evidence that may support CTI tracking of criminal enablement, acc…