Tag: northkorea
5 attack reports | 0 vulnerabilities
Attack reports
Observes Targeted Attacks Amid FBI Warnings
The report details targeted attacks observed by Jamf Threat Labs that align with FBI warnings about the Democratic People's Republic of Korea (DPRK) targeting individuals in the crypto industry through social engineering tactics for malware delivery. It outlines attack scenarios involving malicious…
Downloadable IOCs 8
Threat Assessment: North Korean Threat Groups
This assessment evaluates several North Korean threat groups operating under the Reconnaissance General Bureau. It describes their organizational structure, objectives, and the diverse malware families employed in their recent campaigns targeting various industries worldwide. The analysis covers 10…
Downloadable IOCs 58
North Korean based backdoor packs a punch
This report analyzes a new threat campaign discovered in late May, featuring multiple layers and ultimately delivering a previously undocumented backdoor. The campaign specifically targets Aerospace and Defense companies, sectors of particular interest to North Korean threat groups. The backdoors a…
Downloadable IOCs 20
APT attack discovered using Facebook and MS management console (Attack signs detected targeting Korea and Japan)
A threat actor impersonated a North Korean human rights official on Facebook and approached targets. They shared malicious URLs disguised as documents. Microsoft OneDrive cloud service was used to host the malicious MSC file, which communicated with C2 servers and deployed Reconshark malware associ…
Downloadable IOCs 46
Springtail: New Linux Backdoor Added to Toolkit
Symantec's Threat Hunter Team has uncovered a new Linux backdoor, named Gomir, developed by the North Korean Springtail espionage group, which is linked to malware employed in a recent campaign targeting organizations in South Korea. The backdoor shares extensive code similarities with the Windows-…
Downloadable IOCs 20
Observes Targeted Attacks Amid FBI Warnings
The report details targeted attacks observed by Jamf Threat Labs that align with FBI warnings about the Democratic People's Republic of Korea (DPRK) targeting individuals in the crypto industry through social engineering tactics for malware delivery. It outlines attack scenarios involving malicious…
Downloadable IOCs 8
Threat Assessment: North Korean Threat Groups
This assessment evaluates several North Korean threat groups operating under the Reconnaissance General Bureau. It describes their organizational structure, objectives, and the diverse malware families employed in their recent campaigns targeting various industries worldwide. The analysis covers 10…
Downloadable IOCs 58
North Korean based backdoor packs a punch
This report analyzes a new threat campaign discovered in late May, featuring multiple layers and ultimately delivering a previously undocumented backdoor. The campaign specifically targets Aerospace and Defense companies, sectors of particular interest to North Korean threat groups. The backdoors a…
Downloadable IOCs 20
APT attack discovered using Facebook and MS management console (Attack signs detected targeting Korea and Japan)
A threat actor impersonated a North Korean human rights official on Facebook and approached targets. They shared malicious URLs disguised as documents. Microsoft OneDrive cloud service was used to host the malicious MSC file, which communicated with C2 servers and deployed Reconshark malware associ…
Downloadable IOCs 46
Springtail: New Linux Backdoor Added to Toolkit
Symantec's Threat Hunter Team has uncovered a new Linux backdoor, named Gomir, developed by the North Korean Springtail espionage group, which is linked to malware employed in a recent campaign targeting organizations in South Korea. The backdoor shares extensive code similarities with the Windows-…
Downloadable IOCs 20
Observes Targeted Attacks Amid FBI Warnings
The report details targeted attacks observed by Jamf Threat Labs that align with FBI warnings about the Democratic People's Republic of Korea (DPRK) targeting individuals in the crypto industry through social engineering tactics for malware delivery. It outlines attack scenarios involving malicious…
Downloadable IOCs 8
Threat Assessment: North Korean Threat Groups
This assessment evaluates several North Korean threat groups operating under the Reconnaissance General Bureau. It describes their organizational structure, objectives, and the diverse malware families employed in their recent campaigns targeting various industries worldwide. The analysis covers 10…
Downloadable IOCs 58
North Korean based backdoor packs a punch
This report analyzes a new threat campaign discovered in late May, featuring multiple layers and ultimately delivering a previously undocumented backdoor. The campaign specifically targets Aerospace and Defense companies, sectors of particular interest to North Korean threat groups. The backdoors a…
Downloadable IOCs 20
APT attack discovered using Facebook and MS management console (Attack signs detected targeting Korea and Japan)
A threat actor impersonated a North Korean human rights official on Facebook and approached targets. They shared malicious URLs disguised as documents. Microsoft OneDrive cloud service was used to host the malicious MSC file, which communicated with C2 servers and deployed Reconshark malware associ…
Downloadable IOCs 46
Springtail: New Linux Backdoor Added to Toolkit
Symantec's Threat Hunter Team has uncovered a new Linux backdoor, named Gomir, developed by the North Korean Springtail espionage group, which is linked to malware employed in a recent campaign targeting organizations in South Korea. The backdoor shares extensive code similarities with the Windows-…
Downloadable IOCs 20
Observes Targeted Attacks Amid FBI Warnings
The report details targeted attacks observed by Jamf Threat Labs that align with FBI warnings about the Democratic People's Republic of Korea (DPRK) targeting individuals in the crypto industry through social engineering tactics for malware delivery. It outlines attack scenarios involving malicious…
Downloadable IOCs 8
Threat Assessment: North Korean Threat Groups
This assessment evaluates several North Korean threat groups operating under the Reconnaissance General Bureau. It describes their organizational structure, objectives, and the diverse malware families employed in their recent campaigns targeting various industries worldwide. The analysis covers 10…
Downloadable IOCs 58
North Korean based backdoor packs a punch
This report analyzes a new threat campaign discovered in late May, featuring multiple layers and ultimately delivering a previously undocumented backdoor. The campaign specifically targets Aerospace and Defense companies, sectors of particular interest to North Korean threat groups. The backdoors a…
Downloadable IOCs 20
APT attack discovered using Facebook and MS management console (Attack signs detected targeting Korea and Japan)
A threat actor impersonated a North Korean human rights official on Facebook and approached targets. They shared malicious URLs disguised as documents. Microsoft OneDrive cloud service was used to host the malicious MSC file, which communicated with C2 servers and deployed Reconshark malware associ…
Downloadable IOCs 46
Springtail: New Linux Backdoor Added to Toolkit
Symantec's Threat Hunter Team has uncovered a new Linux backdoor, named Gomir, developed by the North Korean Springtail espionage group, which is linked to malware employed in a recent campaign targeting organizations in South Korea. The backdoor shares extensive code similarities with the Windows-…
Downloadable IOCs 20
Observes Targeted Attacks Amid FBI Warnings
The report details targeted attacks observed by Jamf Threat Labs that align with FBI warnings about the Democratic People's Republic of Korea (DPRK) targeting individuals in the crypto industry through social engineering tactics for malware delivery. It outlines attack scenarios involving malicious…
Downloadable IOCs 8
Threat Assessment: North Korean Threat Groups
This assessment evaluates several North Korean threat groups operating under the Reconnaissance General Bureau. It describes their organizational structure, objectives, and the diverse malware families employed in their recent campaigns targeting various industries worldwide. The analysis covers 10…
Downloadable IOCs 58
North Korean based backdoor packs a punch
This report analyzes a new threat campaign discovered in late May, featuring multiple layers and ultimately delivering a previously undocumented backdoor. The campaign specifically targets Aerospace and Defense companies, sectors of particular interest to North Korean threat groups. The backdoors a…
Downloadable IOCs 20
APT attack discovered using Facebook and MS management console (Attack signs detected targeting Korea and Japan)
A threat actor impersonated a North Korean human rights official on Facebook and approached targets. They shared malicious URLs disguised as documents. Microsoft OneDrive cloud service was used to host the malicious MSC file, which communicated with C2 servers and deployed Reconshark malware associ…
Downloadable IOCs 46
Springtail: New Linux Backdoor Added to Toolkit
Symantec's Threat Hunter Team has uncovered a new Linux backdoor, named Gomir, developed by the North Korean Springtail espionage group, which is linked to malware employed in a recent campaign targeting organizations in South Korea. The backdoor shares extensive code similarities with the Windows-…
Downloadable IOCs 20