778 reports
GTIG reports that state-sponsored actors, including North Korea-linked operators, continue to misuse Gemini across the attack lifecycle rather than only for basic productivity. The DPRK-relevant finding is that North Korean actors used AI assistance for r…
OFAC sanctioned North Korean bankers, foreign-based financial representatives, Ryujong Credit Bank, and Korea Mangyongdae Computer Technology Company for supporting laundering tied to cybercrime and overseas IT worker operations. Treasury linked Jang Kuk …
The thread assesses that DWF Labs was likely compromised in September 2022 by the DPRK-affiliated AppleJeus actor, resulting in theft of at least $44 million in mostly USDC and USDT. The activity began with draining of address 0x3d67fdE4B4F5077f79D3bb8Aaa…
OFAC sanctioned eight individuals and two entities for helping launder funds tied to DPRK cybercrime, cryptocurrency theft, ransomware, IT worker fraud, and broader sanctions evasion. The release says DPRK state-sponsored hackers and overseas IT workers g…
CrowdStrike’s European threat landscape report says DPRK-nexus adversaries conducted operations targeting Ukrainian entities during the period dominated by Russia’s invasion-related cyber activity. The DPRK section appears within a broader nation-state ov…
Quetzal reports another suspected Famous Chollima hiring attempt after earlier failed interviews, this time involving a candidate using the name Julian Arleby Munoz Mendez for a company role. The applicant allegedly copied a Colombian senior full-stack en…
Dr. Julie Kim's paper traces North Korea's cyber operations from intelligence collection against officials, academics, journalists, defectors, and defense targets toward sanctions-driven revenue generation. It links cryptocurrency theft and overseas IT wo…
Bitso's Quetzal Team describes two suspected Famous Chollima job-infiltration attempts against a Senior Software Engineer opening at a financial and crypto company. The candidates used stolen resumes, fabricated Mexican identities, LinkedIn profiles, AI-a…
Gen Threat Labs details two DPRK-linked toolsets: Kimsuky’s newly named HttpTroy backdoor and a Lazarus chain using Comebacker to deploy a new BLINDINGCAN variant. The Kimsuky case targeted a victim in South Korea with a ZIP archive masquerading as a Secu…
North Korea is described as expanding cyber operations into a major revenue and strategic tool as sanctions restrict traditional foreign-currency channels. The excerpt cites Chainalysis data that North Korean cryptocurrency theft reached about $1.34 billi…
S2W TALON analyzed recent Lazarus malware samples targeting South Korean entities and identified three loader variants plus the FastCopy v3.6.1 utility. The loaders recovered encrypted or encoded payloads in memory using AES or XOR operations, including k…
BlueNoroff, also tracked as APT38, Sapphire Sleet, Alluring Pisces, Stardust Chollima, and TA444, is described as continuing SnatchCrypto operations against Web3 and blockchain developers, executives, venture capital targets, and technology companies. Gho…
Ransom-ISAC analyzed a suspected DPRK-affiliated campaign that used a weaponized private GitHub repository to compromise cryptocurrency and developer environments. The attack chain combined DEV#POPPER.js, a cross-platform JavaScript payload, with OmniStea…
North Korean operators are presented as repeatedly exploiting Hancom Hangul Word Processor files because HWP is deeply embedded across South Korean government, military, critical industry, defense-contractor, and academic workflows. The article cites mali…
Chainalysis summarizes MSMT findings that DPRK cyber operations now combine large-scale cryptocurrency theft, laundering, IT-worker fraud, and espionage in support of North Korea’s strategic objectives. The excerpt cites an estimated $2.8 billion in DPRK …