778 reports
The Raven File traces Babuk ransomware wallet activity through Indodax exchange wallets and argues that Babuk funds may have been caught in the September 2024 Indodax hot-wallet theft. The source lists a Babuk Bitcoin wallet, shows transfers into an Indod…
A U.S. cybersecurity professional, Aidan Raney, spent about two months engaging suspected North Korean IT workers after a client saw signs of DPRK-linked involvement in a hiring process. The workers, using the persona “Ben,” claimed to be a Ukrainian refu…
NSHC’s December 2024 threat-actor roundup observed four SectorA clusters, with activity primarily found in South Korea and one cluster also seen in Russia. SectorA01 used LinkedIn-style recruitment lures to approach potential victims and deploy malware ca…
Bitdefender describes a North Korea-linked Lazarus recruiting scam that used LinkedIn job offers to push targets toward a malicious project repository. The code hid an obfuscated script that loaded a cross-platform stealer for Windows, macOS, and Linux, h…
A South Korean court judgment found that an operator of an illegal Lineage private server bought and used a security-bypass executable from a North Korean hacker identified as “Eric,” or Oh Sung-hyuk. The excerpt says Eric led a development team at the Ru…
ASEC reports that Kimsuky continues to deliver malicious LNK files through spear-phishing, with filenames tailored to specific people or companies. The LNK files run PowerShell or Mshta to fetch payloads, and the final control tools include PebbleDash and…
The essay summarizes the 2017 WannaCry ransomware worm, which infected more than 200,000 Windows systems across roughly 150 countries and disrupted organizations including healthcare, transport, and manufacturing. It explains how WannaCry used EternalBlue…
CyberSec Sentinel profiles the DPRK-linked FERRET malware family used in fake job and spear-phishing operations against macOS users. The source describes variants such as InvisibleFerret, FRIENDLYFERRET, FROSTYFERRET_UI, FlexibleFerret, and BeaverTail, wi…
ASEC reports continued Kimsuky activity involving spear-phishing lures, malicious shortcut files, PebbleDash, and custom use of RDP Wrapper to maintain access. The source notes that file names contain personal or company-specific details, indicating targe…
A Kimsuky-attributed lure used a Korean insurance-themed Windows shortcut named as a PDF for a 2024 GA sales-branch allocation document. The LNK executed Base64-decoded PowerShell that downloaded and opened a decoy PDF from Dropbox, then wrote chrome.ps1 …
The report analyzes North Korean threat activity tied to the Contagious Interview campaign, where attackers pose as recruiters or employers and approach software developers through job-related channels. It describes malicious project or package delivery t…
NuriLab reports a Lazarus-attributed NetSupport RAT campaign that used fake CAPTCHA instructions to push victims into running a PowerShell command. The chain created C:/Users/Public/as, downloaded a ZIP from 147.45.xx.200, extracted NetSupport Manager com…
A CyberDefenders 3CX supply-chain write-up walks through analysis of malicious 3CX Desktop App updates that triggered antivirus alerts, degraded performance, and unusual network traffic. The exercise identifies Windows 3CX versions flagged as malicious, t…
SentinelLABS describes new macOS FlexibleFerret samples tied to the DPRK Contagious Interview campaign, where victims are lured through fake job or developer interactions into installing malware. The versus.pkg installer drops InstallerAlert.app and a mal…
NSHC summarizes October 2024 threat-actor activity, including SectorA clusters associated with North Korea linked operations. The report notes activity against government and commercial targets, with North America and Europe among the most frequently targ…