| ID | Votes | Profile Description |
|---|---|---|
| Thallium | 6 | Thallium, also known as Kimsuky, Velvet Chollima, and APT43, is a North Korean state-sponsored threat actor or hacking group that has been active since 2012. Tracked by the Cybereason Nocturnus Team and other security researchers, this cyber espionage group is believed to operate on behalf of the No |
| Velvet Chollima | 6 | Velvet Chollima, also known as Kimsuky, APT43, Thallium, Black Banshee, and Emerald Sleet among other names, is a threat actor believed to be based in North Korea. The group has been active since 2012 and is linked to North Korea’s General Reconnaissance Bureau, the country's main military intellige |
| APT37 | 4 | APT37, also known as ScarCruft, Reaper, or Group123, is a threat actor suspected to be linked to North Korea. It primarily targets South Korea but has also extended its activities to Japan, Vietnam, and the Middle East, focusing on various industry verticals such as chemicals, electronics, manufactu |
| Lazarus Group | 3 | The Lazarus Group, a notorious threat actor associated with North Korea, has been implicated in several high-profile cyber attacks and exploitation activities. The group's objective often involves establishing a kernel read/write primitive, which allows them to gain high-level access to systems and |
| KONNI | 3 | Konni is a malware, short for malicious software, that poses a significant threat to computer systems and data. It's designed to infiltrate systems surreptitiously through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, Konni can wreak havoc by stealin |
| Apt43 | 3 | APT43, also known as Kimsuky, is a North Korean state-sponsored advanced persistent threat (APT) group that has been actively involved in cybercrime and espionage. The group has been implicated in a series of attacks exploiting vulnerabilities, which have drawn the attention of various cybersecurity |
| STOLEN PENCIL | 2 | The STOLEN PENCIL operation, first reported in May 2018, was a cyber espionage campaign potentially originating from the Democratic People's Republic of Korea (DPRK). The threat actor, known as Kimsuky, targeted academic institutions using spear-phishing tactics for initial intrusion. This involved |
| Black Banshee | 2 | Black Banshee, also known as Kimsuky, APT43, Emerald Sleet, Velvet Chollima, and TA406, is a threat actor group believed to be operating under the North Korean Reconnaissance General Bureau (RGB), the country's primary intelligence service. The group has been active since at least 2012, according to |
| Reconnaissance General Bureau | 2 | The Reconnaissance General Bureau (RGB) is a North Korean intelligence agency responsible for clandestine operations abroad, and it is believed to coordinate the nation's cyber activities. The RGB has been linked to several advanced persistent threat (APT) groups, including BeagleBoyz, Kimsuky, Anda |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| BabyShark | Unspecified | 5 | BabyShark is a malicious software (malware) that has been linked to the North Korean Advanced Persistent Threat (APT) group known as Kimsuky, also referred to as Thallium and Velvet Chollima. This malware, written in Microsoft Visual Basic script, was first identified in November 2018 and was used p |
| Reconshark | Unspecified | 5 | ReconShark is a new malware variant deployed by the North Korea-linked Advanced Persistent Threat (APT) group, Kimsuky. This tool has been observed in an ongoing campaign, used as an infostealer-downloader and is a new iteration of the group's custom BabyShark malware family. The ReconShark tool is |
| Black Basta | Unspecified | 2 | Black Basta is a notorious malware group known for its ransomware activities. The group has been active since at least early 2022, during which time it has accumulated an estimated $107 million in Bitcoin ransom payments. It leverages malicious software to infiltrate and exploit computer systems, of |
| Toddleshark | Unspecified | 2 | ToddleShark is a new variant of malware, believed to be an evolution of Kimsuky's BabyShark and ReconShark backdoors. It has been identified by Kroll's analysts as being used by the North Korean APT hacking group Kimsuky to target government organizations, research centers, universities, and think t |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Andariel | Unspecified | 5 | Andariel, a state-backed threat group linked to North Korea's Reconnaissance General Bureau, has been identified as a significant cyber threat. The group has demonstrated its capabilities by compromising critical national infrastructure organizations, accessing classified technical information and i |
| Rgb | Unspecified | 2 | RGB is a threat actor group associated with North Korea's Reconnaissance General Bureau (RGB), which has been involved in numerous cyber espionage activities. The RGB 3rd Bureau, based in Pyongyang and Sinuiju, includes state-sponsored cyber groups known as Andariel, Onyx Sleet (formerly PLUTONIUM), |
| ScarCruft | Unspecified | 2 | ScarCruft, also known as APT37, Inky Squid, RedEyes, Reaper, or Group123, is a North Korean threat actor group associated with malicious cyber activities. Their actions have been linked to the execution of targeted attacks against individual Android devices, as outlined in a VB2023 paper titled "Int |
| Preview | Source Link | CreatedAt | Title |
|---|---|---|---|
| DARKReading | 3 days ago | FBI: North Korean Actors Readying Aggressive Cyberattack Wave | |
| Securityaffairs | 17 days ago | North Korea-linked APT used a new RAT called MoonPeak | |
| InfoSecurity-magazine | 17 days ago | New MoonPeak RAT Linked to North Korean Threat Group UAT-5394 | |
| Securityaffairs | a month ago | SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6 | |
| InfoSecurity-magazine | a month ago | North Korea Kimsuky Launch Phishing Attacks on Universities | |
| Securityaffairs | a month ago | North Korea-linked hackers target construction and machinery sectors with watering hole and supply chain attacks | |
| Securityaffairs | a month ago | security-affairs-malware-newsletter-round-5 | |
| Securityaffairs | 2 months ago | Security Affairs Malware Newsletter - Round 3 | |
| Securityaffairs | 2 months ago | Security Affairs Malware Newsletter - Round 3 | |
| Securityaffairs | 2 months ago | Security Affairs Malware Newsletter - Round 2 | |
| BankInfoSecurity | 2 months ago | Breach Roundup: Microsoft Patches Zero-Day Active Since 2023 | |
| Securityaffairs | 2 months ago | Security Affairs Malware Newsletter - Round 1 | |
| Securityaffairs | 2 months ago | Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION | |
| Securityaffairs | 3 months ago | Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION | |
| Securityaffairs | 3 months ago | Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION | |
| Securityaffairs | 3 months ago | Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION | |
| Securityaffairs | 4 months ago | North Korean Kimsuky used a new Linux backdoor in recent attacks | |
| Securityaffairs | 4 months ago | Security Affairs newsletter Round 472 by Pierluigi Paganini – INTERNATIONAL EDITION | |
| Securityaffairs | 4 months ago | North Korea-linked Kimsuky APT attack targets victims via Messenger | |
| BankInfoSecurity | 4 months ago | Breach Roundup: Kimsuky Serves Linux Trojan |