Mastodawn

"보안 설치 프로그램으로 위장한 북한의 XCTDoor 실행 과정" published by Hauri. #Xctdoor, #DPRK, #CTI https://hauri.co.kr/security/security_view.html?intSeq=86&page=1&keyfield=&key=

(주)하우리

lazarusholic 23h ago

"2026年Q1朝鲜关联APT威胁态势综合分析" published by SwimSec. #Trend, #DPRK, #CTI https://mp.weixin.qq.com/s?__biz=MzI3MTU2NTUyMQ==&mid=2247484661&idx=1&sn=0e00b62661b51ebbccfb456d02f9a023

lazarusholic 4d ago

"EtherRAT & SYS_INFO Module: C2 on Ethereum (EtherHiding), Target Selection, CDN-Like Beacons" published by eSentire. #ClickFix, #EtherHiding, #EtherRAT, #DPRK, #CTI https://www.esentire.com/blog/etherrat-sys-info-module-c2-on-ethereum-etherhiding-target-selection-cdn-like-beacons

EtherRAT & SYS_INFO Module: C2 on Ethereum (EtherHiding), Target Selection, CDN-Like Beacons

Learn more about the EtherRAT backdoor, which is being used to conduct targeted attacks, and get security recommendations from our TRU team on how to protect your organization from this cyber threat.

eSentire

lazarusholic 6d ago

"M-Trends 2026: Data, Insights, and Strategies From the Frontlines" published by Google. #ITWorker, #Trend, #DPRK, #CTI https://cloud.google.com/blog/topics/threat-intelligence/m-trends-2026

M-Trends 2026: Data, Insights, and Strategies From the Frontlines | Google Cloud Blog

Explore M-Trends 2026 report for frontline data on the latest cyber threats, including ransomware recovery denial and extreme persistence.

Google Cloud Blog

lazarusholic 6d ago

"NICKEL ALLEY strategy: Fake it ‘til you make it" published by Sophos. #NickelAlley, #ClickFix, #ContagiousInterview, #PylangGhost, #DPRK, #CTI https://www.sophos.com/en-us/blog/nickel-alley-strategy-fake-it-til-you-make-it

NICKEL ALLEY strategy: Fake it ‘til you make it

Victimizing software developers via fake companies, jobs, and code repositories to steal cryptocurrency

SOPHOS

lazarusholic 6d ago

"How LevelBlue OTX and Cybereason XDR Detected a North Korea-Linked Remote IT Worker" published by Levelblue. #ITWorker, #DPRK, #CTI https://www.levelblue.com/blogs/spiderlabs-blog/how-levelblue-otx-and-cybereason-xdr-detected-a-north-korea-linked-remote-it-worker

How LevelBlue OTX and Cybereason XDR Detected a North Korea-Linked Remote IT Worker

From August 15 to 25, 2025, the SpiderLabs threat intel team detected a North Korea attempt to infiltrate an organization by replying to a help wanted ad.

lazarusholic Mar 23

"Three men sentenced for facilitating employment of foreign workers in North Korean sanctions evasion scheme" published by USJustice. #ITWorker, #News, #DPRK, #CTI https://www.justice.gov/usao-sdga/pr/three-men-sentenced-providing-computer-access-foreign-workers-potential-espionage-plot

lazarusholic Mar 23

"North Korea’s Crypto Theft Operations: The Role of Lazarus Group in State-Sponsored Financial Warfare" published by Cyble. #Bitrefill, #DPRK, #CTI https://cyble.com/blog/lazarus-group-bitrefill-cyberattack/

Lazarus Group Bitrefill Cyberattack Crypto Threat

Lazarus Group cyberattack on Bitrefill shows how North Korean hackers exploit crypto platforms, credentials, and human error for large-scale theft.

Cyble

lazarusholic Mar 23

"Exposing a Fraudulent DPRK Candidate" published by NISOS. #ITWorker, #DPRK, #CTI https://nisos.com/research/exposing-fraudulent-dprk-candidate/

Exposing a Fraudulent DPRK Candidate

Nisos exposed a fraudulent DPRK candidate in a major employment fraud scheme. Our OSINT investigation uncovered stolen PII, AI-generated resumes, and a hidden laptop farm used to bypass hiring checks.

Nisos

lazarusholic Mar 19

"2026년 2월 APT 공격 동향 보고서(국내)" published by Ahnlab. #LNK, #Phishing, #DPRK, #CTI https://asec.ahnlab.com/ko/92969/

2026년 2월 APT 공격 동향 보고서(국내) - ASEC

2026년 2월 APT 공격 동향 보고서(국내) ASEC

ASEC