T1567 - DPRK Threat Intelligence

#T1567 Exfiltration Over Web Service

Technique

Tactics: Exfiltration
Description:
Adversaries may use an existing, legitimate external Web service to exfiltrate data rather than their primary command and control channel. Popular Web services acting as an exfiltration mechanism may give a significant amount of cover due to the likelihood that hosts within a network are already communicating with them prior to compromise. Firewall rules may also already exist to permit traffic to these services.

Web service providers also commonly use SSL/TLS encryption, giving adversaries an added level of protection.
First Seen: Lazarus Group • 2017-05-31

MITRE ATT&CK

15

Tagged Reports
13

Unique Authors
3,285

Active Days

Tagged Reports

2026-05-28

Safe Dep

Inside MicrosoftSystem64: A Supply Chain RAT Exfiltrating to HuggingFace

#FamousChollima #NPM #T1195 #T1195.002 #T1102 #T1102.002 #T1567 #T1567.002 #T1056 #T1056.001 #T1113 #T1005 #T1552 #T1552.004 #T1059 #T1059.001 #T1059.003 #T1547 #T1547.001 #T1053 #T1053.005 #T1543 #T1543.001 #T1543.004 #HuggingFace #T1119

2026-04-30

Domaintools

DPRK Contagious Interview: Developer Workflow Compromise

#ContagiousInterview #Lazarus #T1005 #T1059.006 #T1204.001 #T1059.007 #T1036 #T1555 #T1059.004 #T1027 #T1204.002 #T1566.002 #T1566.003 #T1555.003 #T1567 #T1071

2026-04-21

Any Run

New Lazarus APT Campaign: “Mach-O Man” macOS Malware Kit Hits Businesses

#ClickFix #Lazarus #macOS #T1005 #T1543.001 #T1083 #T1497 #T1548.003 #T1555 #T1560 #T1124 #T1222 #T1567 #T1204 #T1552 #T1057 #T1082

2026-04-17

Break Glass Intelligence

850 Hostnames, 6 Servers, 1 Kill Chain: Mapping Kimsuky's 2026 Korean Credential Harvesting Machine

#Kimsuky #Phishing #T1102.002 #T1059.005 #T1027 #T1583.006 #T1566.003 #T1567 #T1583.003 #T1204.004 #T1057 #T1082 #T1518.001 #T1568.001 #T1566.001 #T1547.001 #T1585.002 #T1140 #T1056.003 #T1204.001 #T1053.005 #T1539 #T1041 #T1113 #T1608.005 #T1608.001 #T1204.002 #T1598.003 #T1071.001 #T1590.005 #T1115 #T1083 #T1583.001 #T1059.001 #T1497 #T1056.001 #T1566.002 #T1036.005

2025-10-27

Ransom ISAC

Cross-Chain TxDataHiding Crypto Heist: A Very Chainful Process (Part 2)

#DevPopper #EtherHiding #T1547 #T1059.006 #T1059.007 #T1005 #T1573 #T1566 #T1041 #T1219 #T1195 #T1027 #T1204.002 #T1555.003 #T1095 #T1567 #T1071.001 #T1140 #T1082

2025-10-19

MITRE

Contagious Interview

#ContagiousInterview #G1052 #T1562 #T1589 #T1593 #T1573 #T1608 #T1036 #T1587 #T1543 #T1027 #T1048 #T1567 #T1071 #T1082 #T1566 #T1090 #T1585 #T1480 #T1546 #T1583 #T1041 #T1219 #T1555 #T1656 #T1681 #T1571 #T1588 #T1547 #T1070 #T1083 #T1497 #T1059 #T1204 #T1657

2025-02-24

Scott Bolen

Lazarus Group Attack on ByBit — TTP Analysis

#Bybit #Lazarus #T1583 #T1078 #T1590 #T1046 #T1566 #T1657 #T1485 #T1195 #T1068 #T1027 #T1567 #T1649 #T1021 #T1059 #T1530 #T1552 #T1592.003 #T1082

2025-02-06

Hive Pro

“Contagious Interview” Targets macOS with FlexibleFerret Malware

#ContagiousInterview #FlexibleFerret #T1036 #T1068 #T1059.004 #T1567 #T1071 #T1566 #T1547.001 #T1567.002 #T1583 #T1202 #T1105 #T1071.001 #T1547 #T1583.001 #T1189 #T1566.002 #T1586 #T1204 #T1059

2024-07-26

Picus Security

Andariel: North Korean APT Group Targets Military and Nuclear Programs

#Andariel #T1087 #T1190 #T1083 #T1572 #T1090 #T1027 #T1567 #T1048 #T1021 #T1071 #T1059 #T1003

2024-07-25

USCISA

North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs

#YARA #Andariel #T1190 #T1027 #T1595 #T1048 #T1592 #T1567 #T1071 #T1572 #T1591 #T1090 #T1021 #T1587.001 #T1560 #T1021.002 #T1039 #T1587.004 #T1087 #T1083 #T1040 #T1059 #T1596 #T1003

2023-07-28

Securonix

Detecting Ongoing STARK#MULE Attack Campaign Targeting Victims Using US Military Document Lures

#StarkMule #T1566.001 #T1566 #T1053.005 #T1059.001 #T1204.002 #T1573.001 #T1571 #T1567 #T1105 #T1584.004

2023-05-17

S2W

Detailed Analysis of AlphaSeed, a new version of Kimsuky’s AppleSeed written in Golang

#Kimsuky #AlphaSeed #T1218.010 #T1113 #T1560 #T1567 #T1056.001 #T1547.001

2023-01-31

ESET

APT ACTIVITY REPORT T3 2022

#Trend #T1102.002 #T1190 #T1027 #T1560.001 #T1567 #T1102 #T1027.002 #T1071 #T1574 #T1566.001 #T1566 #T1553.002 #T1090 #T1027.006 #T1567.002 #T1553 #T1584 #T1218 #T1027.007 #T1505 #T1505.003 #T1113 #T1555 #T1560 #T1071.004 #T1195 #T1204.002 #T1584.006 #T1218.001 #T1195.002 #T1574.002 #T1484.001 #T1484 #T1555.003 #T1204 #T1090.003 #T1003

2019-08-26

MITRE

Kimsuky

#Kimsuky #G0094 #T1136 #T1589 #T1562 #T1534 #T1190 #T1593 #T1036 #T1012 #T1608 #T1587 #T1550 #T1543 #T1016 #T1027 #T1114 #T1567 #T1102 #T1071 #T1057 #T1056 #T1082 #T1176 #T1566 #T1111 #T1591 #T1098 #T1585 #T1021 #T1553 #T1584 #T1140 #T1218 #T1598 #T1546 #T1583 #T1005 #T1552 #T1078 #T1518 #T1505 #T1041 #T1219 #T1560 #T1555 #T1564 #T1105 #T1588 #T1547 #T1070 #T1112 #T1557 #T1083 #T1055 #T1594 #T1007 #T1053 #T1040 #T1133 #T1586 #T1074 #T1204 #T1059 #T1003

2017-05-31

MITRE

Lazarus Group

#G0032 #T0865 #T1608 #T1587 #T1056 #T1566 #T1485 #T1591 #T1620 #T1021 #T1078 #T1010 #T1571 #T1588 #T1557 #T1033 #T1001 #T1542 #T1593 #T1589 #T1134 #T1203 #T1036 #T1012 #T1016 #T1106 #T1027 #T1102 #T1071 #T1614 #T1529 #T1049 #T1140 #T1005 #T1105 #T1046 #T1070 #T1110 #T1489 #T1562 #T1534 #T1573 #T1047 #T1543 #T1104 #T1491 #T1057 #T1082 #T1574 #T1090 #T1218 #T1583 #T1041 #T1561 #T1560 #T1564 #T1202 #T1547 #T1497 #T1189 #T1124 #T1204 #T1059 #T1008 #T1048 #T1567 #T1221 #T1098 #T1585 #T1553 #T1584 #T1220 #T1132 #T1055 #T1087 #T1083 #T1053 #T1074

« Back