Tag: northkorea

5 Attack Reports | 0 Vulnerabilities

Attack reports

Observes Targeted Attacks Amid FBI Warnings

The report details targeted attacks observed by Jamf Threat Labs that align with FBI warnings about the Democratic People's Republic of Korea (DPRK) targeting individuals in the crypto industry through social engineering tactics for malware delivery. It outlines attack scenarios involving malicious…
malware
backdoor
infostealer
northkorea
2024-09-17
socialengineering
rustdoor
thiefbucket
cryptoindustry
Published: September 17, 2024
Downloadable IOCs: 8

Threat Assessment: North Korean Threat Groups

This assessment evaluates several North Korean threat groups operating under the Reconnaissance General Bureau. It describes their organizational structure, objectives, and the diverse malware families employed in their recent campaigns targeting various industries worldwide. The analysis covers 10…
malware
espionage
cybercrime
northkorea
rats
comebacker
rustbucket
kandykorn
2024-09-10
collectionrat
fullhouse
poolrat
odicloader
objcshellz
pondrat
smoothoperator
Published: September 10, 2024
Downloadable IOCs: 58

North Korean based backdoor packs a punch

This report analyzes a new threat campaign discovered in late May, featuring multiple layers and ultimately delivering a previously undocumented backdoor. The campaign specifically targets Aerospace and Defense companies, sectors of particular interest to North Korean threat groups. The backdoors a…
backdoor
espionage
defense
northkorea
2024-06-21
nikigo
aerospace
nikihttp
Published: June 21, 2024
Downloadable IOCs: 20

APT attack discovered using Facebook and MS management console (Attack signs detected targeting Korea and Japan)

A threat actor impersonated a North Korean human rights official on Facebook and approached targets. They shared malicious URLs disguised as documents. Microsoft OneDrive cloud service was used to host the malicious MSC file, which communicated with C2 servers and deployed Reconshark malware associ…
apt
kimsuky
northkorea
2024-05-21
Published: May 21, 2024
Downloadable IOCs: 46

Springtail: New Linux Backdoor Added to Toolkit

Symantec's Threat Hunter Team has uncovered a new Linux backdoor, named Gomir, developed by the North Korean Springtail espionage group, which is linked to malware employed in a recent campaign targeting organizations in South Korea. The backdoor shares extensive code similarities with the Windows-…
malware
linux
backdoor
2024-05-16
troll stealer
gobear
southkorea
northkorea
linux.gomir
Published: May 16, 2024
Downloadable IOCs: 20
Click here to see more Attack Reports