« Reports in 2026

416 reports

2026-02-19 • Ahnlab

AhnLab's January 2026 domestic APT trends report says spear phishing dominated observed attacks against Korean targets, with LNK files representing the largest share of activity. One LNK chain runs PowerShell to reach external URLs, copies curl.exe under …

#LNK
2026-02-16 • Kmsec

KMSEC documents two accidental operational-security exposures linked to FAMOUS CHOLLIMA npm activity. Several malicious packages published between July and September 2025 included an `ordinary.txt` JavaScript source file that appears to have been a refere…

#NPM #FamousChollima
2026-02-12 • Ahnlab

AhnLab’s January 2026 APT trend report highlights several DPRK-linked activities affecting developer, Web3, public-sector, activist, and supply-chain targets. Lazarus is reported to have replaced blocked Pastebin infrastructure with Polygon NFT contracts …

#Trend #Andariel #Kimsuky
2026-02-12 • Rekt

Rekt describes DPRK fake IT-worker and recruiter operations that weaponize both sides of the employment pipeline against Western companies, crypto firms, and job seekers. In the insider-worker scheme, North Korean operatives use stolen identities, fabrica…

#ITWorker
2026-02-11 • Okta

Okta Threat Intelligence examines DPRK IT-worker fraud through two tracked personas drawn from a larger dataset of more than 130 actors and 6,500 interviews across 500 companies. The examples show actors using free webmail accounts, job and coding platfor…

#ITWorker