"Where did the kelp $292m go? anatomy of a $292m laundering" published by TheSmartApe. #KelpDAO, #MoneyLaundering, #DPRK, #CTI https://archive.md/FUKS5
lazarusholic
- 87 Followers
- 0 Following
- 1.8K Posts
"I got completely owned by the most sophisticated hack I've ever encountered" published by Turshija. #ContagiousInterview, #DPRK, #CTI https://archive.md/eb6sl
"Inside Lazarus: How North Korea uses AI to industrialize attacks on developers" published by Expel. #HexagonalRodent, #DPRK, #CTI https://expel.com/blog/inside-lazarus-how-north-korea-uses-ai-to-industrialize-attacks-on-developers/
"Unmasking DPRK Cyber Threat Actors: Fake IT Worker Infrastructure" published by TeamCymru. #ITWorker, #DPRK, #CTI https://www.team-cymru.com/post/dprk-fake-it-worker-cyber-threat-actors-infrastructure
"KelpDAO Hacker Moving Funds: Attacker Transfers $175M to New Addresses" published by Arkm. #KelpDAO, #Lazarus, #DPRK, #CTI https://info.arkm.com/research/kelpdao-hacker-moving-funds-attacker-transfers-175-41m-to-new-addresses
"Void Dokkaebi Uses Fake Job Interview Lure to Spread Malware via Code Repositories" published by TrendMicro. #DevPopper, #VoidDokkaebi, #DPRK, #CTI https://www.trendmicro.com/en_us/research/26/d/void-dokkaebi-uses-fake-job-interview-lure-to-spread-malware-via-code-repositories.html
Void Dokkaebi Uses Fake Job Interview Lure to Spread Malware via Code Repositories
Our research on Void Dokkaebi’s operations uncovered a campaign that turns infected developer repositories into malware delivery channels. By spreading through trusted workflows, organizational codebases, and open-source projects, the threat can scale from a single compromise to a broader supply chain risk.
"A Third Vultr Seoul Box: 60+ Kimsuky Domains, 18 Months of DDNS Rotation, and a 5-Year Infrastructure Trail" published by BreakGlassIntelligence. #Kimsuky, #DPRK, #CTI https://intel.breakglass.tech/post/kimsuky-third-vultr-seoul-60-domains-ddns-rotation-naver-nts
A Third Vultr Seoul Box: 60+ Kimsuky Domains, 18 Months of DDNS Rotation, and a 5-Year Infrastructure Trail
Passive DNS analysis of a third Vultr Seoul VPS reveals 60+ Kimsuky credential harvesting domains across 18 months, systematically impersonating Naver, the Korean National Tax Service, and Korean government portals. 31 domains still resolve. The VPS has been under actor control since 2020.
"Detection strategies across cloud and identities against infiltrating IT workers" published by Microsoft. #JasperSleet, #DPRK, #CTI https://www.microsoft.com/en-us/security/blog/2026/04/21/detection-strategies-cloud-identities-against-infiltrating-it-workers/
Detection strategies across cloud and identities against infiltrating IT workers | Microsoft Security Blog
The shift to remote and hybrid work since the pandemic expanded global hiring and accelerated digital onboarding, increasing reliance on online identity verification and remote access.
"New Lazarus APT Campaign: “Mach-O Man” macOS Malware Kit Hits Businesses" published by AnyRun. #ClickFix, #Lazarus, #DPRK, #CTI https://any.run/cybersecurity-blog/lazarus-macos-malware-mach-o-man/
"SlowMist on Kelp DAO × LayerZero Systemic Risk" published by Slowmist. #KelpDAO, #DPRK, #CTI https://slowmist.medium.com/techub-news-exclusive-slowmist-on-kelp-dao-layerzero-systemic-risk-df49a5bab538
