ID | Votes | Profile Description |
---|---|---|
Reconnaissance General Bureau | 6 | The Reconnaissance General Bureau (RGB) is a North Korean intelligence agency responsible for clandestine operations abroad, and it is believed to coordinate the nation's cyber activities. The RGB has been linked to several advanced persistent threat (APT) groups, including BeagleBoyz, Kimsuky, Anda |
Onyx Sleet | 6 | Onyx Sleet, also known as Andariel, DarkSeoul, Silent Chollima, and Stonefly/Clasiopa, is a North Korean state-sponsored cyber group associated with the Democratic People’s Republic of Korea (DPRK)’s Reconnaissance General Bureau (RGB) 3rd Bureau based in Pyongyang and Sinuiju. This threat actor pri |
Lazarus Group | 5 | The Lazarus Group, also known as APT38, is a notorious threat actor believed to be backed by the North Korean regime. This group has been associated with several high-profile cyber attacks and thefts, including the infamous $600 million Ronin sidechain exploit in 2022. Known for their sophisticated |
Rgb | 5 | RGB is a threat actor group, part of North Korea's Reconnaissance General Bureau (RGB), a military intelligence agency under the General Staff Bureau of the Korean People's Army. Over the years, the RGB has revealed at least six threat groups, including Andariel, also known as Onyx Sleet, formerly P |
Stonefly | 4 | The Andariel APT (also known as Stonefly, Silent Chollima, and Onyx Sleet) is a threat actor believed to be associated with the North Korean government. Active since at least 2015, it has been implicated in several cyber attacks, notably using ransomware campaigns to target US Healthcare and Public |
Reconnaissance General Bureau Rgb | 3 | The Reconnaissance General Bureau (RGB) is a key threat actor group associated with North Korea's cyber espionage activities. Known within the global cybersecurity industry as the umbrella organization for hacking groups like "Lazarus Group," "Bluenoroff," and "Andariel," it operates under the Korea |
Silent Chollima | 3 | Silent Chollima, a North Korea-nexus threat actor, is known for its malicious cyber activities. The group, which is part of the 3rd Bureau of the Foreign Intelligence and Reconnaissance General Bureau, North Korea's foreign intelligence agency, has been associated with other groups such as Lazarus, |
APT38 | 2 | APT38, a threat actor suspected to be backed by the North Korean regime, has been responsible for some of the largest cyber heists observed to date. The group has conducted operations in over 16 organizations across at least 11 countries, primarily targeting financial institutions worldwide. Despite |
Bluenoroff | 2 | BlueNoroff, a threat actor closely associated with the Lazarus hacking group, has been identified as a significant cybersecurity risk. Known for their financially motivated attacks, BlueNoroff targets banks, casinos, fintech companies, POST software and cryptocurrency businesses, and ATMs. They have |
ZINC | 2 | Zinc, also known as Diamond Sleet, is a North Korea-based threat actor group that has been active since 2009. This group is notorious for its cyber-attacks aimed at collecting political, military, and economic intelligence on North Korea's foreign adversaries, and executing currency generation campa |
Plutonium | 2 | Plutonium, a threat actor with potentially global implications, has been involved in several critical incidents. The group's activities have been traced back to the 1960s when alleged Israeli scientists visited NUMEC, claiming to obtain plutonium-238 for non-nuclear projects. The lack of stringent r |
ID | Type | Votes | Profile Description |
---|---|---|---|
Earlyrat | Unspecified | 2 | EarlyRat is a previously undocumented malware discovered by Kaspersky researchers in June. The North Korea-linked Advanced Persistent Threat (APT) group Andariel used EarlyRat in attacks exploiting the Log4j Log4Shell vulnerability last year. The malware was first noticed in one of the Log4j cases, |
Collectionrat | Unspecified | 2 | CollectionRAT is a malicious software (malware) first identified in a Cisco Talos report in 2023, with samples dating as far back as 2021. This Windows-based Remote Access Trojan (RAT) is believed to be connected to the Jupiter/EarlyRAT malware family, which has previously been linked to a Lazarus s |
Ninerat | Unspecified | 2 | NineRAT is a malicious software, or malware, that was first built in May 2022 and initially used in the Operation Blacksmith campaign against a South American agricultural organization in March. It is one of two Remote Access Trojans (RATs) utilized by Lazarus, a notorious Advanced Persistent Threat |
ID | Type | Votes | Profile Description |
---|---|---|---|
Kimsuky | Unspecified | 5 | Kimsuky, a threat actor linked to North Korea, has been increasingly active in conducting cyber espionage and malicious attacks. This group, also known as Springtail, ARCHIPELAGO, Black Banshee, Thallium, Velvet Chollima, and APT43, was first identified by Kaspersky researchers in 2013. In recent de |
temp.hermit | Unspecified | 2 | Temp.Hermit, also known as Selective Pisces or Diamond Sleet, is a cyber threat actor linked to North Korea. This group has been active since 2013 and targets governments, defense, telecommunications, and financial services sectors with cyberespionage operations. Temp.Hermit's activities often overl |
ID | Type | Votes | Profile Description |
---|---|---|---|
Log4Shell | Unspecified | 4 | Log4Shell is a significant software vulnerability, specifically a flaw in the design or implementation of Log4j, a popular Java-based logging utility. This vulnerability, officially known as CVE-2021-44228, allows malicious actors to execute arbitrary code on affected systems, providing an avenue fo |
CVE-2023-42793 | Unspecified | 4 | CVE-2023-42793 is a critical security vulnerability identified in JetBrains TeamCity build management and continuous integration server. This flaw, characterized by an authentication bypass, was exploited by multiple threat actors throughout 2023 and into 2024. The first notable exploitation occurre |
Preview | Source Link | CreatedAt | Title |
---|---|---|---|
Unit42 | 4 days ago | Threat Assessment: North Korean Threat Groups | |
InfoSecurity-magazine | a month ago | South Korea Warns Pyongyang Has Stolen Spy Plane Details | |
Securityaffairs | a month ago | North Korea-linked hackers target construction and machinery sectors with watering hole and supply chain attacks | |
DARKReading | a month ago | Feds Warn of North Korean Cyberattacks on US Critical Infrastructure | |
DARKReading | a month ago | US Offers $10M Reward for Information on North Korean Hacker | |
Flashpoint | a month ago | COURT DOC: North Korean Government Hacker Charged for Involvement in Ransomware Attacks Targeting U.S. Hospitals and Health Care Providers | |
CISA | a month ago | North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs | CISA | |
CISA | a month ago | FBI, CISA, and Partners Release Advisory Highlighting North Korean Cyber Espionage Activity | CISA | |
DARKReading | 3 months ago | LilacSquid APT Employs Open Source Tools, QuasarRAT | |
Securityaffairs | 3 months ago | LilacSquid APT targeted orgs in the U.S., Europe, and Asia | |
Securelist | 4 months ago | APT trends report Q1 2024 – Securelist | |
Checkpoint | 5 months ago | 29th April – Threat Intelligence Report - Check Point Research | |
DARKReading | 5 months ago | 3 DPRK APTs Spied on South Korea Defense Industry | |
InfoSecurity-magazine | 5 months ago | North Korean Hackers Target Dozens of Defense Companies | |
Securityaffairs | 5 months ago | North Korea-linked APT groups target South Korean defense contractors | |
CERT-EU | 6 months ago | Critical JetBrains TeamCity flaws come under active attacks | |
CERT-EU | 6 months ago | JetBrain urges to fix critical TeamCity On-Premises vulnerabilities | |
CERT-EU | 9 months ago | Cyber Security Week In Review: December 29, 2023 | |
CERT-EU | 9 months ago | Apache ActiveMQ Vulnerability: The Threat That Cannot Be Ignored | |
DARKReading | 9 months ago | Global TeamCity Exploitation Opens Door to SolarWinds-Style Nightmare |