« Reports in 2025 »

779 reports

2025-04-23 • navneet

A suspicious ZIP archive delivered a Korean-named LNK file disguised as a PDF proposal, and the source assesses its TTPs as similar to prior operations linked to DPRK's Konni group. The infection chain uses a double-extension LNK with a PDF icon to run ob…

#Konni #LNK #T1059.003 #T1140 #T1005 #T1070.004 #T1041 #T1071.001 #T1027 #T1059.005 #T1566.001 #T1547.001 #T1059.001 #T1573.001
2025-04-22 • Ahnlab

ASEC reports malicious LNK files distributed to Korean users under notice-themed filenames such as local tax bill and sex-offender information notice PDFs. When executed, the LNK downloads and runs an HTA file from an attacker-controlled server, which con…

#LNK
2025-04-22 • Cookie Connoisseur

The excerpt presents raw, unfiltered OSINT links around a likely DPRK-linked GitHub persona identified as zeus-dev919, while repeatedly warning that the linkages require double verification. It describes repositories and public Google Drive folders that a…

#ITWorker
2025-04-21 • Bybit

The archived executive summary tracks roughly $1.4 billion in hacked funds, about 500,000 ETH, with 68.57% still traceable, 27.59% gone dark, and 3.84% frozen. It says DPRK-linked laundering moved most value from Ethereum into BTC through Thorchain, conve…

#News #Bybit
2025-04-19 • Cookie Connoisseur

The archived post lists practical detection cues for DPRK remote IT-worker schemes during recruiting and onboarding. It advises employers to watch for VPN use during applications, formulaic developer-themed email addresses, virtual phone numbers, new or r…

#ITWorker