654 reports
Vertex demonstrated a Synapse investigation beginning with a suspicious SHA256 file and enriching it through VirusTotal, MalwareBazaar, and MITRE ATT&CK data. The workflow connected the sample to Konni-tagged files, Korean tax-themed HWP and LNK lures, tt…
Yonhap reports that South Korean police investigated suspected North Korean hacking of personal email accounts belonging to senior defense officials and military officers. The article says similar activity affected more than 100 domestic targets including…
The report analyzes the Radiant Capital exploit on Arbitrum, where a smart-contract rounding and token-quantity calculation flaw enabled theft of roughly $4.5 million in ETH. It records attacker, attack-contract, vulnerable-contract, and transaction ident…
AlexLab’s XLink bridge on BNB was exploited after a compromised private key let the attacker take over an ALEX liquidity-pool vault and make malicious proxy-contract upgrades. The incident drained about $4.3 million in assets, including roughly 13.7 milli…
The U.S. Justice Department announced arrests, searches, seizures, and charges tied to DPRK revenue-generation schemes that placed overseas IT workers in remote jobs at U.S. companies. Court documents allege the workers used stolen or borrowed U.S. identi…
Symantec attributes a new Linux backdoor, Linux.Gomir, to Springtail, also known as Kimsuky, in activity linked to recent campaigns against South Korean organizations. Gomir is a Linux counterpart to the GoBear backdoor and shares extensive code with it, …
AhnLab ASEC reports Andariel APT activity against South Korean companies and institutions in manufacturing, construction, and education. The attackers used backdoors, keyloggers, infostealers, proxy tools, and malware families including Nestdoor and Dora …
ESET’s Q4 2023 to Q1 2024 APT overview says North Korea-aligned groups continued targeting aerospace, defense, and cryptocurrency organizations. The source highlights DPRK-linked tradecraft improvements through supply-chain attacks, trojanized software in…
A Dutch court ruling sentenced a Tornado Cash developer for laundering large amounts of cryptocurrency through software that enabled anonymous movement of funds. The legal source is relevant to CTI because Tornado Cash and similar mixers appear in cryptoc…
Rain disclosed and contained a security incident while stating that customer fiat and crypto assets remained fully accounted for and held one-to-one under custody. The update says Rain isolated the issue, added security controls, and covered potential los…
The report analyzes Xeno-RAT as an open-source remote-access tool and builds on prior Kimsuky research involving PowerShell loading of an encrypted Xeno-RAT payload. It covers configuration extraction, feature analysis, command-and-control communication b…
Chainalysis Public Key episode 109 interviews DOJ senior counsel Jessica Peck and FBI supervisory special agent Chris Wong about North Korean cryptocurrency theft and laundering. The discussion frames Lazarus Group and other DPRK-linked hackers as major c…
Avast reported that Lazarus exploited CVE-2024-21338, an admin-to-kernel zero-day patched by Microsoft in February 2024, to load an updated FudModule data-only rootkit. The exploit replaced the group's earlier BYOVD approach with abuse of a built-in Windo…
NSHC ThreatRecon summarizes March 2024 threat-actor activity and highlights SectorA groups associated with North Korean operations. The report notes activity by SectorA01, SectorA02, SectorA05, and SectorA07, including malicious Python packages on PyPI, t…
KrCERT issued a security update advisory for Secuve TOS Agent after vulnerabilities allowed remote code execution and local privilege escalation on affected Windows builds. The threat is operationally significant because exploitation could let an attacker…