778 reports
Lazarus is presented as a North Korea-directed APT umbrella that combines espionage, cyber warfare, and large-scale financial theft against banks, cryptocurrency exchanges, VASPs, defense industries, and healthcare targets. The excerpt distinguishes Trade…
SlowMist’s 2025 blockchain security and AML review describes a more professionalized crypto threat landscape in which North Korea-linked hackers are frequently active alongside criminal networks. The excerpt identifies information-stealing malware, privat…
The CCC talk recounts how a Phrack dump of an APT member’s workstation exposed exploits, attacker tools, and loot from government networks, mobile carriers, and telecommunications providers. The attacker is described as most likely Chinese and working aga…
FalconFeeds presents Lazarus Group as a DPRK state-backed threat apparatus under the Reconnaissance General Bureau with a hybrid mandate spanning espionage, sabotage, and revenue-generating cybercrime. The excerpt links Bureau 121, Unit 180, and the 110th…
The Wall Street Journal reports U.S. allegations that North Korean banker Sim Hyon Sop laundered funds and helped evade sanctions for the Kim regime through wallets, brokers, front companies, and bank accounts. The excerpt connects DPRK IT-worker payments…
OpenSourceMalware identifies a new DPRK-linked Contagious Interview variant that abuses VS Code task execution and a disguised SpellRight dictionary file to infect developers who open a malicious repository. The initial payload uses tasks.json and a backu…
The Financial Security Institute report analyzes LNK malware collected between January 2024 and September 2025 from state-sponsored hacking groups in a campaign it names Dark Prism. The excerpt says the research focuses on how attackers’ TTPs changed over…
Genians attributes Operation Artemis to APT37 and describes spear-phishing that used malicious HWP/HWPX documents against people engaged with North Korea, human rights, abduction issues, interviews, seminars, and related policy topics. The attacker impers…
Genians identifies Operation Artemis as an APT37 campaign that used spear-phishing and malicious HWP/HWPX documents against South Korean targets interested in North Korea, human rights, abduction issues, broadcast interviews, seminars, and policy events. …
TRM assesses that North Korea was linked to well over half of the more than USD 2.7 billion stolen in 2025 crypto hacks, making it the dominant high-value attacker in the crypto theft ecosystem. The report describes a shift from bridge-focused theft towar…
Darktrace’s finance-sector security report describes adversaries targeting cloud environments, edge infrastructure, VPNs, remote gateways, and legacy systems across financial institutions. The DPRK-relevant portion names Lazarus alongside Cl0p as an examp…
Chainalysis reports that North Korean hackers stole at least $2.02 billion in cryptocurrency in 2025, a 51% year-over-year increase that raised the DPRK’s lower-bound cumulative crypto theft total to $6.75 billion. The body explains that fewer confirmed D…
The excerpt is a Chainalysis landing page for its 2026 Crypto Crime Report rather than the report body itself. It states that cryptocurrency remains a critical element in modern criminal operations as crypto adoption and mainstream financial integration c…
Amazon identified a suspected North Korean IT worker after keystroke telemetry from a contractor laptop showed latency inconsistent with the worker’s claimed U.S. location. Security staff found the machine was being remotely controlled and traced the traf…
Hunt.io and Acronis mapped DPRK operational infrastructure spanning Lazarus, Kimsuky, and related North Korean activity, using pivots across IPs, open directories, certificates, and hashes. The research found recurring infrastructure habits including expo…