778 reports
OpenAI reports that since February 2024 it has disrupted and publicly reported more than 40 networks that violated its usage policies. The excerpt says the activity spans authoritarian-regime abuse, scams, malicious cyber activity, and covert influence op…
Elliptic assesses that North Korea-linked hackers have stolen more than $2 billion in cryptoassets in 2025, the largest annual total it has recorded, bringing known cumulative regime-linked theft above $6 billion. The total is driven heavily by the $1.46 …
Blackpoint SOC analyzed a North Korea-linked OtterCookie intrusion delivered through a trojanized Bitbucket repository posing as a 3D chess project. The loader deliberately triggers an initialization error, fetches JavaScript from serve-cookie[.]vercel[.]…
Fortune describes North Korea’s remote IT worker scheme as an identity-fraud and sanctions-evasion operation in which DPRK workers pose as legitimate candidates to obtain technology jobs at companies in the U.S. and other wealthy countries. The excerpt sa…
A Kimsuky-linked LNK malware sample used a lure titled “Global Complex Crisis, Korea’s Security Strategy” and presented an HWP document tied to a Seoul National University security-strategy event. The shortcut launches hidden PowerShell, searches for a 56…
SBI Crypto suffered an unauthorized outflow of roughly $24 million across Bitcoin, Ethereum, Litecoin, Dogecoin, and Bitcoin Cash wallets on September 24, 2025. The source reports that ZachXBT identified coordinated outflows routed through instant exchang…
AhnLab reviewed public data from “APT Down: the North Korea Files” and related disclosures about an attacker workstation that the original authors claimed belonged to a Kimsuky member. The material describes sustained intrusions against South Korean admin…
Sygnia describes a covert remote-control system developed by a North Korean IT worker operating inside a legitimate organization. The toolkit used WebSockets for command and control, ARP packets as a payload transport mechanism, and Zoom as a covert remot…
The SecTor 2025 slide deck presents a North Korean cyber operation involving tooling found after a North Korean IT worker was hired as a senior DevOps engineer and the returned laptop was analyzed. The described control system avoided conventional malware…
ENISA’s 2025 Threat Landscape presents a broad EU-focused assessment built from 4,875 incidents observed between 1 July 2024 and 30 June 2025. The excerpt states that the report uses a more threat-centric approach and contextual analysis to identify promi…
Chainalysis describes how DPRK IT workers infiltrate global technology companies to earn cryptocurrency that can support North Korea’s weapons programs. The workers use facilitators such as Chinyong, VPNs, fraudulent or stolen identity documents, and AI v…
Blockchain investigators reported about $21 million in suspicious outflows from addresses linked to SBI Crypto across Bitcoin, Ethereum, Litecoin, Dogecoin, and Bitcoin Cash. The funds were routed to five instant exchanges and deposited into Tornado Cash,…
Ketman describes GitHub organizations allegedly established and maintained by DPRK IT workers as hubs for credibility building, codebase management, recruitment fronts, malware-spreading opportunities, and crypto scams. The report focuses on organizations…
A July 2025 supply-chain attack against BigONE drained an estimated $27 million from the exchange, and the excerpt says the attacker later moved funds using laundering methods commonly associated with North Korean Lazarus activity. The stolen assets were …
Leaked Apache access, error, virtual-host, and configuration logs reconstruct Kimsuky/APT43 phishing infrastructure used against South Korean government and military targets in 2025. The operators staged domains including sponetcloud.com and websecurityno…