Partners in crime: North Koreans and elite Russian-speaking cybercriminals
Contents
By Mark Arena, CEO of Intel 471.
This blog post takes a look at the credibility of claims in public reports of North Korean (referred to as DPRK for the rest of this post) links to Russian-speaking cybercriminals. The post is based as much as possible on public and open sources from credible parties that can be referenced rather than introducing new or confidential sources of information. We examine TrickBot, TA505 and Dridex, believed to originate from Eastern Europe, and attempt to understand potential linkages between these and DPRK threat actors.
For the purpose of this blog post, we are making the following generally accepted assumptions:
- Lazarus/Lazarus Group is tied to DPRK threat actors.
- TrickBot, TA505 and Dridex are tied to Russian-speaking cybercriminals.
It is outside the scope of this blog post to explain or justify this attribution.
Key findings
- DPRK threat actors likely are active in the cybercriminal underground and maintain trusted relationships …
This blog post takes a look at the credibility of claims in public reports of North Korean (referred to as DPRK for the rest of this post) links to Russian-speaking cybercriminals. The post is based as much as possible on public and open sources from credible parties that can be referenced rather than introducing new or confidential sources of information. We examine TrickBot, TA505 and Dridex, believed to originate from Eastern Europe, and attempt to understand potential linkages between these and DPRK threat actors.
For the purpose of this blog post, we are making the following generally accepted assumptions:
- Lazarus/Lazarus Group is tied to DPRK threat actors.
- TrickBot, TA505 and Dridex are tied to Russian-speaking cybercriminals.
It is outside the scope of this blog post to explain or justify this attribution.
Key findings
- DPRK threat actors likely are active in the cybercriminal underground and maintain trusted relationships …
IoC
http://ecombox.store
https://ecombox.store/tbl_add.php?action=agetpsb
https://ecombox.store/tbl_add.php?action=cgetpsa
https://ecombox.store/tbl_add.php?action=agetpsb
https://ecombox.store/tbl_add.php?action=cgetpsa