« Reports in 2023 »

627 reports

2023-02-16 • Mandiant

• The organizations targeted for employment align with previous efforts by DPRK operators to target cryptocurrency-related organizations as well as medical research companies. • The operation distributing the CUTELOOP dropper has been conducting a job-the…

#Cryptocurrency #QUINSTATUS #UNC614
2023-02-15 • Ahnlab

AhnLab reported Kimsuky document malware distributed beyond security-related targets to broadcasting and ordinary corporate users. The lures used DOCX filenames such as questionnaires, cover letters, and planning documents, then relied on template injecti…

#Kimsuky
2023-02-14 • Dragos

Dragos' 2022 ICS/OT review identifies WASSONITE as an activity group with limited technical overlaps to COVELLITE and the cluster tracked by other vendors as Kimsuky. The report says WASSONITE uses customized DTrack and Appleseed RAT variants, Mimikatz, s…

#Trend #WASSONITE
2023-02-14 • Chainalysis

We’ll break down these trends and more in our 2023 Crypto Crime Report. Well, you weren’t alone — crypto criminals had to face the same market conditions. Watch Part 1 and Part 2 of our Crypto Crime webinar series. Want more insights into the 2020 State o…

#Cryptocurrency
2023-02-14 • KRCERT

KrCERT/CC’s ScarCruft tracking note describes a North Korea-linked surveillance actor active against South Korean defectors, overseas workers, journalists, missionaries, and other people of interest since at least 2012. The report updates earlier TTPs by …

#Scarcruft #Chinotto
2023-02-13 • Ahnlab

ASEC observed fake Naver login pages built on the same attacker-controlled domain pattern previously used for fake Kakao credential theft. The phishing flow leads users to a password reconfirmation page where the login ID is prefilled and entered password…

#Kimsuky #Phishing