« Reports in 2025 »

779 reports

2025-02-21 • Trmlabs

TRM assessed with high confidence that North Korean hackers were behind the Bybit theft of about USD 1.5 billion in Ethereum tokens, citing substantial overlaps between attacker-controlled addresses and addresses linked to prior North Korean thefts. The a…

#Bybit
2025-02-20 • ESET

ESET tracks DeceptiveDevelopment as a North Korea-aligned cluster that targets freelance software developers, especially people working on cryptocurrency and DeFi projects. Operators pose as recruiters or headhunters on job and freelancing platforms, then…

#BeaverTail #InvisibleFerret #DeceptiveDevelopment #T1027.013 #T1082 #T1119 #T1059.003 #T1140 #T1005 #T1587.001 #T1041 #T1608.001 #T1071.001 #T1115 #T1083 #T1056.001 #T1059.006 #T1059.007 #T1204.002 #T1566.003 #T1555.003 #T1124 #T1583.003 #T1552.001 #T1585.001 #T1219 #T1133 #T1571 #T1564.001 #T1016 #T1074.001 #T1657 #T1071.002 #T1021.001 #T1614 #T1555.001 #T1217 #T1095 #T1025 #T1010 #T1560.002 #T1030 #T1567.004 #T1564.003
2025-02-18 • Chollima Group

Chollima Group tracks a North Korean IT worker cell using open-source data, photos, and logs discovered in an exposed Dropbox folder. The reporting places the cluster in Laos from roughly September 2021 to February 2024, with some members later appearing …

#ITWorker
2025-02-16 • S3N4T0R

The article presents an adversary simulation based on Labyrinth Chollima activity targeting people in the energy and aerospace sectors with job-description lures. The simulated chain uses a password-protected ZIP containing an encrypted PDF and a trojaniz…

#LabyrinthChollima