778 reports
CBC reports that an Ontario architect’s professional seal appeared on a blueprint tied to Global Creative Consultant Engineers, while the architect said he had never seen the drawing, did not stamp it, and did not recognize the signature. The article conn…
The 2023 3CXDesktopApp compromise is presented as a software supply-chain intrusion that Mandiant, Kaspersky, and other researchers later linked to North Korea’s Lazarus Group. The breach followed an earlier compromise of the X_Trader financial trading ap…
Team Cymru describes North Korean remote IT workers using false identities to infiltrate companies as freelance developers and remote employees. The scheme has generated illicit revenue for DPRK-linked networks and can expose intellectual property, operat…
Criminal IP describes a targeted Zoom-themed phishing attempt against David Zhang, co-founder of Stably and dTRINITY, after an attacker impersonated a trusted contact and proposed a DeFi collaboration meeting. The phishing link led to a site that automati…
DTEX links the DOJ crackdown on North Korean remote IT worker schemes to a broader insider-risk ecosystem built around U.S. laptop farms, shell companies, stolen identities, facilitators, and financial mules. The excerpt says more than 80 stolen American …
Fortune’s CEO Daily includes Pindrop CEO Vijay Balasubramaniyan’s warning that fake job applicants are increasing as companies expand remote hiring. The DPRK-relevant finding is Pindrop’s claim that one in 343 applicants it identifies is from North Korea,…
On-chain research identified more than $16.58 million in payments since January 2025 to alleged North Korean IT workers hired as developers across crypto projects and other companies. One monitored cluster tied eight DPRK IT workers to more than 12 roles,…
SentinelLABS analyzed NimDoor, a DPRK-linked macOS malware campaign targeting Web3 and cryptocurrency businesses through social engineering and fake Zoom update lures. The infection chain uses AppleScript, C++, Bash, and Nim-compiled Mach-O binaries, with…
North Korean remote IT workers are posing as freelance and remote employees to gain trusted access to companies, with Microsoft linking a major activity cluster to Jasper Sleet. The scheme targets U.S. and allied organizations, including technology, criti…
Proofpoint researchers described North Korean cyber operations as a blend of espionage, financially motivated cybercrime, and remote IT worker infiltration tied to state strategy. The episode highlights phishing-heavy activity by TA427, also called Old Re…
SlowMist’s mid-year blockchain security and AML review records a high-loss threat environment in which 121 blockchain security incidents caused about $2.373 billion in losses during the first half of 2025. The excerpt highlights account compromises, smart…
A Korean analysis links a passport-themed malware case to Kimsuky and suggests that Korean passport imagery may have been stolen or otherwise abused as lure material. The sample is identified by MD5, SHA-1, and SHA-256 hashes, with embedded payloads encod…
Genians links early 2025 ClickFix activity to Kimsuky and assesses it as an extension of the group's BabyShark campaign. The activity targeted South Korean experts in diplomacy, national security, and international politics through sustained spear-phishin…
Genians observed Kimsuky adopting ClickFix-style social engineering in 2025 activity assessed as an extension of the BabyShark campaign. The cases targeted Korean foreign policy, security, defense, and international affairs audiences through spear-phishin…
Plainbit and South Korea's NCSC document a May 2025 Kimsuky/APT43 phishing case against an activist working on North Korea issues. The actor sent repeated spear-phishing emails that impersonated Sejong Institute staff and nuclear security forum themes, us…