« Reports in 2026

416 reports

2026-03-15 • NISOS

Nisos identified a suspected DPRK IT worker applying for a remote Lead AI Architect role by combining pre-employment OSINT with targeted interview questions. The applicant allegedly used stolen personally identifiable information, a newly created Gmail ac…

#ITWorker
2026-03-12 • Break Glass Intelligence

Two samples submitted by the same Hungarian incident responder are presented as linking Lazarus Group to Medusa ransomware activity: gaze.exe, a Medusa encryptor, and TSMSISrv.dll, a Lazarus-detected DLL sideloading loader. The ransomware's XOR-decoded co…

#Ransomware #Lazarus #Medusa #T1082 #T1555 #T1059.001 #T1036.005 #T1574.002 #T1562.001 #T1490 #T1486 #T1547.014 #T1129 #T1622 #T1135 #T1027.002 #T1546.015 #T1489
2026-03-10 • NKInternet

An email sent from a North Korean @star-co.net.kp address exposed how DPRK software developers market domestically built products to overseas commercial partners, distinct from the better-known fraudulent IT worker hiring schemes. The headers showed origi…