« Reports in 2025 »

779 reports

2025-05-16
Rekt
#ITWorker #LND
2025-05-19 • NISOS

Nisos tracks the Saja DPRK Employment Scam Network as a likely DPRK-affiliated IT worker operation seeking remote engineering and full-stack blockchain roles. The actors posed as Polish and U.S. nationals through GitHub accounts, portfolio sites, freelanc…

#ITWorker
2025-05-16 • Rekt

Rekt analyzes the May 9, 2025 LNDFi theft as a $1.18 million drain enabled by Pool Admin control over modified Aave-style token contracts. The article notes ZachXBT's DPRK claim but focuses on the on-chain mechanics: a deployer granted Pool Admin rights, …

#ITWorker #LND
2025-05-15 • Ahnlab

AhnLab's April 2025 APT trend report highlights two DPRK-relevant campaigns. Konni used spear phishing that impersonated the Korean National Police Agency and National Human Rights Commission, first encouraging replies and then delivering LNK and AutoIT-b…

#Trend #Konni #Lazarus #SyncHole
2025-05-15 • LND

LND attributed its May 9, 2025 breach to a developer it unknowingly hired who later proved to be an undercover DPRK IT worker. The attacker gained access to administrative keys and drained about $1.27 million through unauthorized transactions, prompting L…

#ITWorker #LND
2025-05-14 • Cyfirma

CYFIRMA profiles Group123 as a North Korean state-sponsored espionage group active since at least 2012 and tracked as APT37, Reaper, ScarCruft, and related aliases. The report describes targeting in South Korea, Japan, Vietnam, the Middle East, and other …

#Group123 #T1102.002 #T1082 #T1059.003 #T1005 #T1071.001 #T1059.006 #T1027 #T1204.002 #T1555.003 #T1057 #T1059.005 #T1566.001 #T1547.001 #T1053.005 #T1059 #T1105 #T1055 #T1203 #T1189 #T1123 #T1548.002 #T1106 #T1529 #T1033 #T1561.002 #T1559.002 #T1120 #T1036.001 #T1094 #T1027.003