T1552 | lazarus.day

#T1552 Unsecured Credentials

Technique

Tactics: Credential Access
Description:
Adversaries may search compromised systems to find and obtain insecurely stored credentials. These credentials can be stored and/or misplaced in many locations on a system, including plaintext files (e.g. Shell History), operating system or application-specific repositories (e.g. Credentials in Registry), or other specialized files/artifacts (e.g. Private Keys).(Citation: Brining MimiKatz to Unix)
First Seen: Kimsuky • 2019-08-26

MITRE ATT&CK

11

Tagged Reports
11

Unique Authors
2,488

Active Days

Tagged Reports

2026-06-17

Quill Audits

Humanity Protocol $36M Admin Key Compromise Exploit (Explained)

#HumanityProto #Cryptocurrency #DeFi #Phishing #FinancialGain #T1078 #T1098 #T1552

2026-06-17

Jfrog

easy-day-js: Supply Chain Campaign Targets Mastra npm Packages

#Mastra #NPM #SupplyChain #T1195 #T1195.001 #T1059.007 #T1105 #T1547 #T1027 #T1082 #T1057 #T1518 #T1552

2026-05-28

Safe Dep

Inside MicrosoftSystem64: A Supply Chain RAT Exfiltrating to HuggingFace

#FamousChollima #NPM #T1195 #T1195.002 #T1102 #T1102.002 #T1567 #T1567.002 #T1056 #T1056.001 #T1113 #T1005 #T1552 #T1552.004 #T1059 #T1059.001 #T1059.003 #T1547 #T1547.001 #T1053 #T1053.005 #T1543 #T1543.001 #T1543.004 #HuggingFace #T1119

2026-05-27

Wiz

Commit to Compromise: A New Threat Actor Targeting the Cryptocurrency Industry's Software Development Infrastructure

#macOS #T1566 #T1195.002 #T1059.004 #T1547 #T1552 #T1555 #T1056.001 #T1105 #T1059 #JINX-0164 #Suspicious #T1480.001

2026-05-20

Ox Security

North Korean-Linked Threat Actor Targets Developers with New npm Infostealer RAT

#NPM #T1056.001 #T1115 #T1552 #T1555 #T1053.005 #T1547.001

2026-04-21

Any Run

New Lazarus APT Campaign: “Mach-O Man” macOS Malware Kit Hits Businesses

#ClickFix #Lazarus #macOS #T1005 #T1543.001 #T1083 #T1497 #T1548.003 #T1555 #T1560 #T1124 #T1222 #T1567 #T1204 #T1552 #T1057 #T1082

2025-02-24

Scott Bolen

Lazarus Group Attack on ByBit — TTP Analysis

#Bybit #Lazarus #T1583 #T1078 #T1590 #T1046 #T1566 #T1657 #T1485 #T1195 #T1068 #T1027 #T1567 #T1649 #T1021 #T1059 #T1530 #T1552 #T1592.003 #T1082

2024-07-19

Cyfirma

APT Quarterly Highlights : Q2 2024

#Trend #Andariel #Kimsuky #MoonstoneSleet #Lazarus #T1562.001 #T1190 #T1068 #T1543.003 #T1056 #T1595.002 #T1059.003 #T1566 #T1485 #T1218.011 #T1069.002 #T1010 #T1571 #T1102.001 #T1583.001 #T1555.003 #T1033 #T1497.001 #T1203 #T1036 #T1012 #T1027 #T1583.003 #T1071 #T1562.004 #T1614 #T1027.005 #T1548 #T1552 #T1140 #T1005 #T1053.005 #T1564.001 #T1555 #T1129 #T1070.001 #T1046 #T1070 #T1095 #T1569.002 #T1562 #T1573 #T1047 #T1552.001 #T1057 #T1082 #T1518.001 #T1176 #T1090 #T1518 #T1539 #T1041 #T1564 #T1560 #T1202 #T1071.001 #T1547 #T1112 #T1497 #T1059.001 #T1124 #T1056.001 #T1222 #T1070.006 #T1059 #T1564.003 #T1222.001 #T1056.004 #T1547.001 #T1584 #T1087.002 #T1070.004 #T1505.003 #T1113 #T1608.005 #T1204.002 #T1087 #T1574.002 #T1115 #T1083 #T1490 #T1053 #T1486 #T1566.002 #T1133 #T1021.004 #T1003

2023-12-19

Picus Security

Play Ransomware Analysis, Simulation and Mitigation- CISA Alert AA23-352A

#Play #Ransomware #T1078 #T1518.001 #T1190 #T1562.001 #T1016 #T1486 #T1133 #T1570 #T1560.001 #T1048 #T1070.001 #T1552 #T1003

2023-08-08

Crowd Strike

NOWHERE TO HIDE CROWDSTRIKE 2023 THREAT HUNTING REPORT

#LabyrinthChollima #Trend #T1190 #T1036 #T1016 #T1482 #T1056 #T1558 #T1556 #T1480 #T1552 #T1078 #T1020 #T1555 #T1556.008 #T1046 #T1547 #T1070 #T1110 #T1204 #T1059 #T1003

2019-08-26

MITRE

Kimsuky

#Kimsuky #G0094 #T1136 #T1589 #T1562 #T1534 #T1190 #T1593 #T1036 #T1012 #T1608 #T1587 #T1550 #T1543 #T1016 #T1027 #T1114 #T1567 #T1102 #T1071 #T1057 #T1056 #T1082 #T1176 #T1566 #T1111 #T1591 #T1098 #T1585 #T1021 #T1553 #T1584 #T1140 #T1218 #T1598 #T1546 #T1583 #T1005 #T1552 #T1078 #T1518 #T1505 #T1041 #T1219 #T1560 #T1555 #T1564 #T1105 #T1588 #T1547 #T1070 #T1112 #T1557 #T1083 #T1055 #T1594 #T1007 #T1053 #T1040 #T1133 #T1586 #T1074 #T1204 #T1059 #T1003

« Back