654 reports
It offers: - Detailed threat profiles: Gain an in-depth understanding of various threat categories, including vulnerabilities, targeted attacks, ransomware campaigns, and OT- and IoT-related threats. - Critical analysis: Receive valuable insights into vul…
NSHC ThreatRecon's December 2023 report tracks five SectorA groups active across East Asia, Europe, North America, and other regions, with targeting that includes South Korea, Japan, the United States, and several European countries. The SectorA activity …
The analysis examines a newer RokRAT sample attributed to APT37, also known as Group123, Venus 121, or Reaper, and describes updates to its execution flow. A large LNK lure drops a decoy HWP document plus public.dat, temp.dat, and working.bat, then uses h…
AhnLab reports that Kimsuky compromised the security program installation flow on a Korean construction related association website, causing users who tried to log in to install malware with the required security software. The malicious NX_PRNMAN installe…
SECUI analyzes a Kimsuky reconnaissance malware variant that shifted delivery from earlier LNK files to a compiled HTML Help file. The CHM lure appears to contain Bitcoin key themed content and executes embedded scripts through hh.exe, decompiling files i…
KrCERT warned that an improper-authentication vulnerability in MLSoft Tgate could let attackers gain administrator privileges and potentially deploy malware. Organizations using Tgate should update through MLSoft, while unsupported v2.0 and earlier instal…
CrowdStrike's 2024 Global Threat Report documents North Korean adversary activity as maintaining a high operational tempo during 2023, with financially motivated cryptocurrency theft and intelligence collection against South Korean and Western organizatio…
This Defender's Advantage podcast episode features Mandiant analyst Michael Barnhart discussing DPRK use of IT workers to gain access to enterprises. The source frames the activity as an enterprise access risk rather than conventional malware delivery, wi…
DCSO analyzed a KONNI sample uploaded to VirusTotal in January 2024 and assesses it as likely North Korea linked activity targeting Russia's Ministry of Foreign Affairs. The malware was bundled into a Russian language installer for a suspected internal co…
JPCERT/CC reports that Lazarus published malicious Python packages on PyPI, including pycryptoenv and pycryptoconf, with names chosen to resemble legitimate crypto libraries and catch installation typos. The packages carried XOR-encoded DLL data in test.p…
Genian Security Center analyzed a January 2024 spear-phishing case that used a real New Year opinion column as the lure for Korean targets. The email delivered a password-protected ZIP containing a double-extension LNK disguised with a WordPad icon, then …
Phylum found a malicious npm package, execution-time-async, that copied the legitimate execution-time profiler package but hid obfuscated JavaScript in a test file loaded from index.js. The code stole browser credentials, cryptocurrency extension data, an…
South Korea's National Intelligence Service and Germany's Federal Office for the Protection of the Constitution issued a joint advisory on North Korean cyber threats against defense-industry companies and research institutes. The advisory says North Korea…
NSHC ThreatRecon's December 2023 roundup said SectorA activity represented the largest share of observed threat actor reporting for the month and targeted government, finance, East Asian, and European environments. The SectorA section described several cl…