654 reports
APT37, also known as ScarCruft or RedEyes, is described as a North Korean espionage group that mainly targets South Korea and has also operated against Japan, Vietnam, Russia, Nepal, China, India, Romania, Kuwait, and Middle Eastern targets. The advisory …
North Korean operators behind Contagious Interview and WageMole continued using fake developer hiring activity to steal data and support remote job fraud in Western countries. Zscaler observed updated BeaverTail JavaScript and InvisibleFerret Python paylo…
Andariel, also tracked as APT45, Silent Chollima, and Onyx Sleet, is linked in the source to a recently disclosed keylogger used against U.S. organizations. The malware installs low level keyboard and mouse hooks with SetWindowsHookExW, persists by modify…
The sample is attributed in the excerpt to Reaper/APT37 and uses a Windows LNK file with a defector-themed lure connected to the Korea Institute of Maritime and Fisheries Technology. The LNK masquerades with a Microsoft Edge icon, extracts and opens an em…
NSHC's September 2024 monthly threat actor intelligence report summarizes activity collected from August 21 to September 20, identifying 47 hacking-group activities and reporting SectorA as the largest share at 46 percent. The report says finance-sector a…
NSHC's August 2024 monthly threat actor intelligence report summarizes activity observed from July 21 to August 20, identifying 29 hacking-group activities overall and a high share attributed to SectorJ, followed by SectorA and SectorE clusters. The repor…
Genians analyzes APT37 reconnaissance activity against South Korea, including collection of target IP address, location, web browser, and operating-system details before endpoint compromise. The report links the activity to prepared threat infrastructure …
Ketman's gh-fake-analyzer write-up gives reconnaissance heuristics for separating ordinary GitHub accounts from suspicious profiles used in malware-as-a-service, account farming, or DPRK-style IT worker activity. For DPRK-style profiles, it highlights old…
Ketman's guide describes how suspicious GitHub accounts associated with DPRK activity can be mapped through follower and following networks, profile context, repository behavior, and repeated identity patterns. It flags clusters of accounts created around…
APT37, also known as ScarCruft or RedEyes, is described as a North Korean espionage group that mainly targets South Korea and has also operated across Japan, Vietnam, Russia, Nepal, China, India, Romania, Kuwait, and the Middle East. The advisory links AP…
Kimsuky, also called Black Banshee in the advisory, is described as a North Korean espionage group active since at least 2012 and targeting organizations and individuals in South Korea, Japan, and the United States. The source lists phishing, malware infe…
APT45, also known as Andariel or Jumpy Pisces, is described as a North Korean state-sponsored actor tied to financially motivated activity involving the Play ransomware operation between May and September 2024. The excerpt says researchers assessed with m…
This APT group was detected targeting the Russian diplomatic sector in January 2022, employing a spear phishing theme for New Year's Eve festivities as bait. The North Korean hacker group distributes Konni RAT via phishing messages or emails. KONNI has be…
DPRK-aligned APT macOS activity In recent years, the Lazarus Group, a North Korean state-sponsored APT group , has intensified its focus on macOS, marking a significant shift in the macOS threat landscape. They employed advanced phishing campaigns themed …
The Wezard4u post analyzes a Kimsuky-linked MSC lure that impersonated the Sejong Institute's Center for Korean Peninsula Strategy director to target people working on North Korea issues. The malicious command sequence used curl to retrieve a decoy DOCX, …