654 reports
UNODC reported that casinos, junkets, illegal online gambling platforms, and cryptocurrency exchanges have become core infrastructure for underground banking and money laundering in East and Southeast Asia. The report links these services to transnational…
NSHC's September 2023 ThreatRecon report says SectorA activity accounted for the largest share of observed threat group operations in the period, with five SectorA clusters seen across South Korea, the United States, China, Romania, Poland, Malaysia, the …
Around September 12, SlowMist and its partners detected a large-scale Advanced Persistent Threat (APT) attack by the hacker group Lazarus Group targeted at the cryptocurrency industry. This article shifts the focus to the developments of the North Korean …
Recorded Future's 2023 infrastructure report tracks malicious C2, malware, botnet, and offensive security tooling infrastructure observed through its Intelligence Cloud. The excerpt says Cobalt Strike remained the leading C2 framework, AsyncRAT, QuasarRAT…
Project name: TerraPort Finance Date of exploit: Apr 10th, 2023 Asset loss: around $4M Vulnerability: Centralization Related Risk Date of audit report publishing: Dec 11th, 2023 Conclusion: Out of Audit Scope Terraport operates as a DeFi platform that use…
WhoisXML API examined a Kimsuky campaign using 13 AhnLab-published IOCs as pivots for DNS expansion. The source says Kimsuky shifted from its usual HWP or Microsoft Word spearphishing attachments toward compressed files and malicious links. The infrastruc…
DBAPPSecurity's 2023 advanced threat landscape report says Lazarus was the most active APT group disclosed during the year, accounting for 12.7% of observed reporting, with Kimsuky and APT37 also among the most active East Asian groups at 9.3% and 6.5%. T…
TRM Labs assessed that North Korea-linked hackers stole at least USD 600 million in cryptocurrency in 2023, with late-year activity potentially raising the total to about USD 700 million if confirmed. The report says DPRK-linked operations accounted for a…
Phylum reports that a crypto-themed npm package campaign first described in November remained active, with nearly two dozen additional packages identified through December 2023. The packages download a remote binary during installation, decrypt and execut…
NSHC ThreatRecon's October 2023 report identifies four SectorA groups, its North Korea-linked cluster set, operating during the September 21 to October 20 collection period. SectorA01 targeted recruiters in Singapore, India, Poland, and the United Kingdom…
KrCERT/CC warned that DoctorSoft NetClient6 contained a remote code execution vulnerability and urged affected organizations to apply the vendor's security update. The advisory says attackers could exploit the flaw to cause malware infections or related c…
TA444, also known as Sapphire Sleet, BLUENOROFF, or STARDUST CHOLLIMA, is linked in the excerpt to CosmicRust, a Rust-based Mach-O backdoor described as less mature than RustBucket. The sample uses WebSockets for communications, carries an ad-hoc signatur…
Objective-See analyzes SpectralBlur, a DPRK-linked macOS backdoor previously described by Greg Lesnewich as related to TA444 and BLUENOROFF activity. The sample is an unsigned 64-bit Intel Mach-O seen as .macshare or mac.jpg, with VirusTotal telemetry sho…
SlowMist's 2023 blockchain security and AML report says Lazarus Group activity and wallet-drainer phishing were major drivers of crypto losses during the year. It states that Lazarus spent the first half of 2023 laundering funds stolen in 2022, including …
NSHC ThreatRecon's November 2023 report lists five SectorA groups, its North Korea-linked cluster set, as active across South Korea, the United States, Russia, Israel, Mexico, Austria, China, and Japan. SectorA02 used LNK malware disguised as documents on…