« Reports in 2026

416 reports

2026-05-27 • Wiz

Wiz identified JINX-0164, a previously unreported financially motivated actor targeting cryptocurrency organizations and developers through LinkedIn recruitment/business lures, fake conferencing pages, and malicious macOS “fix” scripts. The actor deploys …

#Suspicious #macOS #T1480.001 #T1555 #T1195.002 #T1056.001 #T1059.004 #T1552 #T1566 #T1059 #T1105 #T1547 #JINX-0164
2026-05-27 • ENKI

ENKI Whitehat identified Kimsuky malware delivery activity through April 2026 against South Korean military and enterprise-related targets. The campaigns used tailored lures, including fake domestic security software installation pages and a fake Webex me…

#Kimsuky #T1636.004 #T1027.013 #T1140 #T1041 #T1113 #T1071.001 #T1059.007 #T1204.002 #T1547.001 #T1053.005 #T1132.001 #T1566 #T1497.001 #T1620 #T1573.001 #T1027.010 #T1027.009 #T1055.001 #HttpSpy #JSONPing
2026-05-27 • ENKI

ENKI Whitehat reported Kimsuky malware delivery cases targeting South Korean military and corporate environments through April 2026. The actor used fake security software installation pages and a Webex-themed lure based on a legitimate meeting schedule, w…

#Kimsuky #T1636.004 #T1027.013 #T1059.003 #T1090 #T1140 #T1070.004 #T1071.001 #T1059.007 #T1027 #T1204.002 #T1547.001 #T1053.005 #T1132.001 #T1566 #T1497.001 #T1620 #T1573.001 #T1070.006 #T1055.001 #HttpSpy #JSONPing
2026-05-26 • Ahnlab

AhnLab observed April 2026 APT activity against South Korean targets, with most infections beginning through spear-phishing emails that used spoofed senders, malicious attachments, and malicious links. The activity relied heavily on LNK files, PowerShell,…

#Phishing #LNK
2026-05-22 • Foxit

Fox-IT analyzed a Lazarus subgroup toolset used against financial and cryptocurrency organizations, overlapping with activity linked to AppleJeus, Citrine Sleet, UNC4736, and Gleaming Pisces. The intrusion chain uses DPAPILoader to decrypt victim-bound pa…

#Lazarus #RemotePE