The Threat CodexMay 26
RemotePE: The Lazarus RAT that lives in memory
#UNC4736 #DPAPILoader #RemotePELoader #RemotePE
https://blog.fox-it.com/2026/05/22/remotepe-the-lazarus-rat-that-lives-in-memory/
RemotePE: The Lazarus RAT that lives in memory

Authors: Yun Zheng Hu and Mick Koomen Summary Last year, we published research1 about a North Korean Lazarus subgroup targeting financial and cryptocurrency organizations, encountered during multip…

Fox-IT International blog
lazarusholicApr 24, 2025
"M-Trends 2025: Data, Insights, and Recommendations From the Frontlines" published by Mandiant. #ITWorker, #Trend, #UNC1069, #UNC3782, #UNC4736, #UNC4899, #UNC5342, #DPRK, #CTI https://cloud.google.com/blog/topics/threat-intelligence/m-trends-2025/?hl=en
M-Trends 2025: Data, Insights, and Recommendations From the Frontlines | Google Cloud Blog

We share data, insights and recommendations from the incident response frontlines in the latest edition of our annual report.

Google Cloud Blog
BGDon πŸ‡¨πŸ‡¦ πŸ‡ΊπŸ‡Έ πŸ‘¨β€πŸ’»Dec 24, 2024

Crypto hacks now seem like daily occurrences - one recent example:

Radiant Capital says North Korean threat actors are behind the $50M cryptocurrency heist that occurred after hackers breached its systems on Oct 16.

Hackers spoofed a former software contractor tricking a staffer to download a malicious ZIP file containing a decoy PDF file and a malware payload named "'InletDrift". https://www.bleepingcomputer.com/news/security/radiant-links-50-million-crypto-heist-to-north-korean-hackers/

#cyberattack #NorthKorea #UNC4736 #AppleJeus #Crypto #DiFi #Ethereum #blockchain #InletDrift

Radiant links $50 million crypto heist to North Korean hackers

Radiant Capital now says that North Korean threat actors are behind the $50 million cryptocurrency heist that occurred after hackers breached its systems in an October 16 cyberattack.

BleepingComputer
lazarusholicDec 10, 2024
"Radiant Capital Incident Update" published by RadiantCapital. #AppleJeus, #Radiant, #UNC4736, #DPRK, #CTI https://medium.com/@RadiantCapital/radiant-capital-incident-update-e56d8c23829e
Radiant Capital Incident Update - Radiant Capital - Medium

We have an important update on the October 16, 2024 incident in which Radiant Capital was targeted by a highly sophisticated cyberattack that resulted in a loss valued at approximately $50M USD. On…

Medium
Mustafa Kaan DemirhanApr 13, 2023
🚨 North Korean hackers #UNC4736 confirmed behind 3CX supply chain attack! Affected users urged to uninstall compromised Electron desktop client & switch to PWA Web Client App. https://www.bleepingcomputer.com/news/security/3cx-confirms-north-korean-hackers-behind-supply-chain-attack/?&web_view=true #CyberSecurity#SupplyChainAttack
3CX confirms North Korean hackers behind supply chain attack

VoIP communications company 3CX confirmed today that a North Korean hacking group was behind last month's supply chain attack.

BleepingComputer
lazarusholicApr 11, 2023
"Security Update Mandiant Initial Results" published by 3CX. #SupplyChain, #UNC4736, #SmoothOperator, #TAXHAUL, #3CXDesktopApp, #CTI, #OSINT, #LAZARUS https://www.3cx.com/blog/news/mandiant-initial-results/