Hidden Link Between TrickBot "Anchor" & North Korea "Lazarus” State Sponsored Group

2020-09-14 Adv Intel

https://www.x33fcon.com/slides/x33fcon20_Vitali_Kremez_-_Keynote_Hidden_Link_Between_TrickBot_"Anchor"_&_North_Korea_"Lazarus"_State_Sponsored_Group,_or_How_North_Korean_Hackers_are_Working_with_Eastern_European_Cybercriminals.pdf

Attachments

x33fcon20_Vitali_Kremez_-_Keynote_Hidden_Link_Between_TrickBot_Anc_6ADJnEe.pdf (3 MB)

Thumbnail for Hidden Link Between TrickBot "Anchor" & North Korea "Lazarus” State Sponsored Group

Vitali Kremez's x33fcon presentation examines a possible link between TrickBot's Anchor activity and North Korea's Lazarus ecosystem, framing it as convergence between high-end crimeware and state-backed operations. The source highlights TrickBot, QakBot and TA505 style targeting of high-value corporate networks, then connects the Anchor mystery to Lazarus, APT38/Bluenoroff banking theft, APT37/Andariel activity and North Korean revenue needs. Its outlook warns that North Korea is likely to keep pursuing large-scale financial operations, South Korea and US targets, and opportunistic ransomware or crimeware partnerships.

Indicators of Compromise

Type Value First Seen Last Seen
URL https://nogiartshop.com/product… 2020-09-14 2020-09-14
DOMAIN nogiartshop.com 2020-09-14 2020-09-14

Related Actors

Related Reports

« Back