CYFIRMA profiles Kimsuki as a North Korea-linked APT active since at least 2012 and aligned with strategic intelligence collection priorities associated with the Reconnaissance General Bureau. The group is described as targeting South Korean and U.S.-base…
« Reports in 2026
414 reports
AhnLab's December 2025 domestic APT trend report says spear phishing dominated observed attacks against South Korean targets, with LNK files accounting for the largest share that month. One LNK-based pattern executed malicious PowerShell from compressed a…
Security Alliance analyzes a malicious Bitbucket repository tied to the DPRK Contagious Interview campaign that targets developers through fake recruiting and partnership lures. The repository can execute malware when opened as a trusted VS Code workspace…
Red Asgard maps active Lazarus Group infrastructure discovered while vetting a cryptocurrency Upwork project containing Contagious Interview-style malware. The repository used VS Code auto-execution, a malicious npm dependency, and backend Function.constr…
Silent Push describes the DPRK remote worker program as an insider-risk and revenue-generation operation that uses stolen identities, remote hiring, and deceptive network paths to enter Western companies. The report separates long-term infiltrators, who m…
The FBI FLASH warns that North Korean Kimsuky actors used malicious QR codes in 2025 spearphishing against NGOs, think tanks, academia, government entities, and foreign policy experts focused on North Korea. The quishing emails impersonated foreign adviso…
Kudelski Security links mail-dump material, Hudson Rock stealer logs, and public research to DPRK fake IT worker infrastructure and internal coordination. The excerpt maps Russian public IP ranges, a Hong Kong proxy pivot, and a private 192.168.91.x netwo…
The excerpt alleges North Korean government and military involvement in scams targeting Americans, but it provides only a YouTube description and timestamps rather than a technical intrusion report. It says anonymous sources provided evidence and material…
Objective-See’s 2025 macOS malware review shows information stealers as the dominant new macOS malware class, with victims’ cookies, passwords, certificates, cryptocurrency wallets, SSH keys, and related sensitive data as primary collection targets. The e…