| ID | Votes | Profile Description |
|---|---|---|
| ScarCruft | 8 | ScarCruft, also known as APT37, Inky Squid, RedEyes, Reaper, or Group123, is a North Korean threat actor group associated with malicious cyber activities. Their actions have been linked to the execution of targeted attacks against individual Android devices, as outlined in a VB2023 paper titled "Int |
| Reaper | 6 | Reaper, also known as APT37, Inky Squid, RedEyes, or ScarCruft, is a threat actor group attributed to North Korea. It deploys ROKRAT, a malicious tool that has been used in cyber exploitation since the 1970s. This group is also tied to the NOKKI malware family, which originated from research surroun |
| Kimsuky | 4 | Kimsuky is a North Korea-linked advanced persistent threat (APT) group that conducts global cyber-attacks to gather intelligence for the North Korean government. The group has been identified as a significant threat actor, executing actions with malicious intent, and has recently targeted victims vi |
| Group123 | 3 | Group123, also known as Inky Squid or APT37, is a threat actor group suspected of executing malicious cyber activities. They are known for their technical capabilities and innovative intrusion techniques. Over the past 18 months, they have been associated with a series of attacks that utilize shellc |
| Redeyes | 2 | RedEyes, also known as APT37, StarCruft, Reaper, or BadRAT, is a threat actor group known for its malicious cyber activities. This group recently deployed a new malware named FadeStealer to extract information from targeted systems. They have also been observed using CloudMensis, a malware that seek |
| InkySquid | 1 | InkySquid, also known as ScarCruft and APT37, is a threat actor believed to be associated with North Korea. This group has been identified as the exclusive user of RokRAT, a closed-source malware family. The actions of this group are monitored by cybersecurity firms such as Volexity, which uses the |
| HIDDEN COBRA | 1 | Hidden Cobra, also known as the Lazarus Group and Sapphire Sleet, is a North Korean cyberespionage group that has been active since at least 2009. The U.S. Government uses the term Hidden Cobra to refer to malicious cyber activities by the North Korean government, with the BeagleBoyz representing a |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| ROKRAT | Unspecified | 6 | RokRAT is a sophisticated malware that has been used by the cyber-espionage group ScarCruft, primarily to target South Korean media and research organizations. The malware is typically delivered via phishing emails with ZIP file attachments containing LNK files disguised as Word documents. However, |
| KONNI | Unspecified | 4 | Konni is a malware, short for malicious software, that poses a significant threat to computer systems and data. It's designed to infiltrate systems surreptitiously through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, Konni can wreak havoc by stealin |
| Amadey | Unspecified | 3 | Amadey is a malicious software (malware) that has been found to be used in conjunction with other malware such as Remcos, GuLoader, and Formbook. Analysis of the infection chains revealed that the individual behind the sales of Remcos and GuLoader also uses Amadey and Formbook, using GuLoader as a p |
| Dolphin | Unspecified | 1 | Dolphin is a malicious software (malware) that was reportedly used by an unidentified group against South Korea in December 2022. The malware, named after the codenames of Xerox PARC's range of workstations which all began with the letter D, including Dolphin, Dorado, Dicentra, and others, infiltrat |
| Bluelight Malware | Unspecified | 1 | The Bluelight malware is a harmful software program designed to exploit and damage computer systems. It was identified by Volexity in a recent investigation, where it was found being delivered to a victim alongside another malware, RokRAT. The Bluelight malware infiltrates systems through suspicious |
| Inksquid | Unspecified | 1 | None |
| Badrat | Unspecified | 1 | None |
| DOGCALL | Unspecified | 1 | Dogcall, also known as ROKRAT, is a remote access Trojan (RAT) malware first reported by Talos in April 2017. It has consistently been attributed to the Advanced Persistent Threat (APT37) group, also known as Reaper. The malware uses third-party hosting services for data upload and command acceptanc |
| Cloudmensis | Unspecified | 1 | CloudMensis, a form of malware specifically designed to exploit macOS systems, was first brought to light by ESET in July 2022. The software infiltrates devices primarily through email attachments, causing significant security breaches once inside. Once installed, CloudMensis works diligently to ide |
| BLUELIGHT | Unspecified | 1 | The BLUELIGHT malware, first observed in early 2021, was used as the final payload in a multistage attack. This attack involved a watering-hole assault on a South Korean online newspaper, an Internet Explorer exploit, and another ScarCruft backdoor. The attack process included multiple components li |
| Opencarrot | Unspecified | 1 | OpenCarrot is a malicious software (malware) that targets Windows operating systems, enabling unauthorized access and control over infected machines. Identified by IBM XForce, it has been linked to the activities of the Lazarus Group, a North Korean cyber threat operation known for its sophisticated |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Lazarus Group | Unspecified | 3 | The Lazarus Group, a notorious threat actor believed to be linked to North Korea, has been attributed with a series of significant cyber-attacks over the past few years. The group's malicious activities include the exploitation of digital infrastructure, stealing cryptocurrency, and executing large- |
| Apt43 | Unspecified | 2 | APT43, also known as Kimsuky, is a North Korean state-sponsored advanced persistent threat (APT) group that has been actively involved in cybercrime and espionage. The group has been implicated in a series of attacks exploiting vulnerabilities, which have drawn the attention of various cybersecurity |
| Thallium | Unspecified | 1 | Thallium, also known as Kimsuky, Velvet Chollima, and APT43, is a North Korean state-sponsored threat actor or hacking group that has been active since 2012. Tracked by the Cybereason Nocturnus Team and other security researchers, this cyber espionage group is believed to operate on behalf of the No |
| Rgb | Unspecified | 1 | RGB, a threat actor with ties to North Korea, has been involved in a range of malicious cyber activities. The group was designated by the Office of Foreign Assets Control (OFAC) on January 2, 2015, under Executive Order 13687 for being a controlled entity of the North Korean government. In addition |
| Andariel | Unspecified | 1 | Andariel, a notorious threat actor associated with the Lazarus Group and linked to North Korea, is known for its malicious cyber activities. The group has been identified using DTrack malware and Maui ransomware, notably in mid-2022, and has developed a reputation for exploiting ActiveX objects. Res |
| Bluenoroff | Unspecified | 1 | BlueNoroff, a threat actor closely associated with the notorious Lazarus Group, has been actively involved in malicious cyber activities primarily targeting financial institutions and cryptocurrency businesses. Known for its sophisticated attacks on banks, casinos, fintech companies, POST software, |
| Reconnaissance General Bureau Rgb | Unspecified | 1 | The Reconnaissance General Bureau (RGB) is a North Korean military intelligence agency identified as a threat actor responsible for various cyberattacks. RGB is associated with hacking groups known as the "Lazarus Group," "Bluenoroff," and "Andariel," which are recognized as agencies or controlled e |
| Reconnaissance General Bureau | Unspecified | 1 | The Reconnaissance General Bureau (RGB) is a North Korean intelligence agency responsible for clandestine operations abroad, including cyber activities. The RGB has been associated with several threat actors, including the BeagleBoyz, who have likely been active since at least 2014. Other groups lin |
| Konni Group | Unspecified | 1 | The Konni Group, also known as TA406, is a threat actor believed to be associated with North Korean cyberespionage activities. According to cybersecurity firm DuskRise, the group has been involved in sophisticated cyberattacks, including one where they compromised a foreign ministry email account to |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| CVE-2022-41128 | Unspecified | 2 | None |
| CVE-2022-0609 | Unspecified | 1 | CVE-2022-0609 is a zero-day vulnerability discovered in Google Chrome, originating from a flaw in software design or implementation. This security loophole was exploited by North Korean government-backed threat actors in early 2022 to target various US organizations across the media, high-tech, and |
| Source | CreatedAt | Title |
|---|---|---|
| DARKReading | 3 months ago | Microsoft Graph API Emerges as a Top Attacker Tool to Plot Data Theft |
| DARKReading | 3 months ago | DPRK Exploits 2 MITRE Sub-Techniques: Phantom DLL Hijacking, TCC Abuse |
| DARKReading | 3 months ago | DPRK Exploits 2 MITRE Sub-Techniques: Phantom DLL Hijacking, TCC Abuse |
| CERT-EU | 5 months ago | Russia and Belarus targeted by at least 14 nation-state hacker groups, researchers say | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting |
| BankInfoSecurity | 5 months ago | North Korean Group Seen Snooping on Russian Foreign Ministry |
| Recorded Future | 7 months ago | North Korea’s Cyber Strategy | Recorded Future |
| MITRE | 7 months ago | Operation (노스 스타) North Star A Job Offer That’s Too Good to be True? | McAfee Blog |
| CERT-EU | 9 months ago | Trojanized VNC apps leveraged in defense-targeted Lazarus Group attacks |
| CERT-EU | 9 months ago | Lazarus Group Targeting Defense Experts with Fake Interviews via Trojanized VNC Apps |
| CERT-EU | 9 months ago | North Korean defectors' group leader attacked by state-backed hackers |
| CERT-EU | 10 months ago | North Korean Hackers Continue to Refine Their Arsenal of Tactics & Techniques |
| DARKReading | 10 months ago | North Korea's State-Sponsored APTs Organize & Align |
| Recorded Future | 10 months ago | Multi-year Chinese APT Campaign Targets South Korean Academic, Government, and Political Entities | Recorded Future |
| CERT-EU | a year ago | Microsoft: North Korean hackers target Russian govt, defense orgs |
| CERT-EU | a year ago | Russian missile manufacturer subjected to North Korean APT attack |
| CERT-EU | a year ago | Comrades in Arms? | North Korea Compromises Sanctioned Russian Missile Engineering Company |
| CERT-EU | a year ago | North Korean Hackers Targets Russian Missile Engineering Firm |
| BankInfoSecurity | a year ago | North Korean Hackers Phishing With US Army Job Lures |
| BankInfoSecurity | a year ago | N Korean Hackers Phishing With US Army Job Lures |
| CERT-EU | a year ago | Stark#Mule Malware Campaign Targets Koreans, Uses US Army Documents |