Today > 1 Critical | 7 High | 21 Medium vulnerabilities - You can now download lists of IOCs here!
14 attack reports | 0 vulnerabilities
In December 2024, the Lazarus Group, a North Korean threat actor, launched a sophisticated global campaign targeting cryptocurrency and technology developers. The operation, code-named 'Phantom Circuit,' involved embedding malware into trusted development tools, compromising hundreds of victims wor…
The report provides an in-depth analysis of the email phishing campaigns conducted by the Kimsuky threat actor group. It highlights their tactics of using diverse themes and subjects to pique the curiosity of recipients, targeting researchers and individuals related to North Korean affairs in an at…
Unit 42 researchers identified a North Korean IT worker activity cluster, CL-STA-0237, involved in phishing attacks using malware-infected video conference apps. The cluster likely operates from Laos and exploited a U.S.-based SMB IT services company to apply for other jobs, securing a position at …
SentinelLabs researchers identified a North Korea-linked threat actor targeting crypto businesses with new macOS malware as part of a campaign called 'Hidden Risk'. The attackers, linked to BlueNoroff, used fake cryptocurrency news emails and a malicious app disguised as a PDF to deliver multi-stag…
The report analyzes the covert cyber reconnaissance activities of the state-sponsored APT37 group targeting South Korea. The group uses spear-phishing emails with malicious LNK files to deploy the RoKRAT malware, collecting sensitive information from victims' devices. The attackers employ various t…
Unit 42 has identified Jumpy Pisces, a North Korean state-sponsored threat group, as a key player in a recent ransomware incident. The group appears to be collaborating with the Play ransomware group, marking a shift in their tactics. This is the first observed instance of Jumpy Pisces using existi…
This analysis details a sophisticated cyber attack attributed to the North Korean-linked Kimsuky APT group. The attack begins with an LNK file, leading to the execution of obfuscated VBS scripts. These scripts create scheduled tasks, modify registry keys for persistence, and establish communication…
Cisco Talos has uncovered a campaign employing a new malware family called 'MoonPeak,' a remote access trojan actively developed by a North Korean advanced persistent threat group tracked as 'UAT-5394.' The analysis reveals the evolution of MoonPeak from an open-source malware called XenoRAT, with …
A report detailing an ongoing cyberattack campaign by the North Korean APT group Kimsuky, which is targeting university staff, researchers, and professors to conduct espionage and gather intelligence for the North Korean government. The group employs phishing tactics, compromised infrastructure, an…
South Korea's cybersecurity community, consisting of the National Intelligence Service, Prosecution Service, Police Agency, Defense Security Command, and Cyber Command, among others, warns of the risks posed by North Korean hacking groups' cyber attacks targeting the domestic construction and machi…
Microsoft Threat Intelligence analyzes the activities of the North Korean threat actor Onyx Sleet, which conducts cyber espionage operations primarily targeting military, defense, and technology industries. The report covers Onyx Sleet's affiliations with other North Korean threat groups, its targe…
Asec Ahnlab analyzes a new backdoor malware called HappyDoor used by the North Korean hacking group Kimsuky in recent email attacks. The malware has evolved over time and contains capabilities for information stealing and remote access. It communicates with command and control servers using encrypt…
In March 2024, the cybersecurity firm Zscaler observed a new activity from Kimsuky, a North Korean state-sponsored hacker group. They employed a malicious Google Chrome extension named 'TRANSLATEXT' specifically crafted to steal email addresses, usernames, passwords, cookies, and capture browser sc…
Microsoft has identified Moonstone Sleet, a new North Korean threat actor that employs various tactics, including creating fake companies, distributing trojanized legitimate tools, developing a malicious game, and deploying custom ransomware. This actor combines methods used by other North Korean g…