| ID | Votes | Profile Description |
|---|---|---|
| Velvet Chollima | 6 | Velvet Chollima, also known as Kimsuky, APT43, Thallium, Black Banshee, and Emerald Sleet among other names, is a threat actor believed to be based in North Korea. The group has been active since 2012 and is linked to North Korea’s General Reconnaissance Bureau, the country's main military intellige |
| Thallium | 6 | Thallium, also known as Kimsuky, Velvet Chollima, and APT43, is a North Korean state-sponsored threat actor or hacking group that has been active since 2012. Tracked by the Cybereason Nocturnus Team and other security researchers, this cyber espionage group is believed to operate on behalf of the No |
| APT37 | 4 | APT37, also known as ScarCruft, Reaper, or Group123, is a threat actor suspected to be linked to North Korea. It primarily targets South Korea but has also extended its activities to Japan, Vietnam, and the Middle East, focusing on various industry verticals such as chemicals, electronics, manufactu |
| Lazarus Group | 3 | The Lazarus Group, a notorious threat actor believed to be linked to North Korea, has been attributed with a series of significant cyber-attacks over the past few years. The group's malicious activities include the exploitation of digital infrastructure, stealing cryptocurrency, and executing large- |
| Apt43 | 3 | APT43, also known as Kimsuky, is a North Korean state-sponsored advanced persistent threat (APT) group that has been actively involved in cybercrime and espionage. The group has been implicated in a series of attacks exploiting vulnerabilities, which have drawn the attention of various cybersecurity |
| KONNI | 3 | Konni is a malware, short for malicious software, that poses a significant threat to computer systems and data. It's designed to infiltrate systems surreptitiously through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, Konni can wreak havoc by stealin |
| STOLEN PENCIL | 2 | The STOLEN PENCIL operation, first reported in May 2018, was a cyber espionage campaign potentially originating from the Democratic People's Republic of Korea (DPRK). The threat actor, known as Kimsuky, targeted academic institutions using spear-phishing tactics for initial intrusion. This involved |
| Black Banshee | 2 | Black Banshee, also known as Kimsuky, APT43, Emerald Sleet, Velvet Chollima, and TA406, is a threat actor group believed to be operating under the North Korean Reconnaissance General Bureau (RGB), the country's primary intelligence service. The group has been active since at least 2012, according to |
| Emerald Sleet | 1 | Emerald Sleet, a North Korea-affiliated advanced persistent threat (APT) group, has emerged as a significant cybersecurity concern. The group leverages OpenAI’s ChatGPT, the same technology that underpins Microsoft's Copilot, to enhance its malicious activities. These activities include spear-phishi |
| Archipelago | 1 | Archipelago, a threat actor identified by Google's Threat Analysis Group, has been implicated in significant cyber activities with potential geopolitical implications. The name 'Archipelago' is derived from the nature of their operations, which span across various regions and involve multiple actors |
| Sharptongue | 1 | SharpTongue, a cybersecurity threat actor also known as Kimsuky, has been identified as the entity behind a series of sophisticated cyber espionage campaigns. These campaigns have been characterized by their unique approach of using Chromium-based browser extensions for malicious purposes. The group |
| Reconnaissance General Bureau Rgb | 1 | The Reconnaissance General Bureau (RGB) is a North Korean military intelligence agency identified as a threat actor responsible for various cyberattacks. RGB is associated with hacking groups known as the "Lazarus Group," "Bluenoroff," and "Andariel," which are recognized as agencies or controlled e |
| Velvetchollima | 1 | None |
| Reconnaissance General Bureau | 1 | The Reconnaissance General Bureau (RGB) is a North Korean intelligence agency responsible for clandestine operations abroad, including cyber activities. The RGB has been associated with several threat actors, including the BeagleBoyz, who have likely been active since at least 2014. Other groups lin |
| HIDDEN COBRA | 1 | Hidden Cobra, also known as the Lazarus Group and Sapphire Sleet, is a North Korean cyberespionage group that has been active since at least 2009. The U.S. Government uses the term Hidden Cobra to refer to malicious cyber activities by the North Korean government, with the BeagleBoyz representing a |
| Ta406 | 1 | TA406, also known as the Konni Group or Kimsuky, is a state-sponsored cybercrime organization based in North Korea. This threat actor has been implicated in numerous cyber espionage activities, targeting entities such as news media organizations, academic institutions, and think tanks. The group gai |
| Konni Group | 1 | The Konni Group, also known as TA406, is a threat actor believed to be associated with North Korean cyberespionage activities. According to cybersecurity firm DuskRise, the group has been involved in sophisticated cyberattacks, including one where they compromised a foreign ministry email account to |
| Ta427 | 1 | TA427, also known as Emerald Sleet, APT43, THALLIUM or Kimsuky, is a threat actor that has been active in the cybersecurity landscape. Known for their malicious intent, TA427 has been directly contacting foreign policy experts since 2023, according to an advisory published by Proofpoint. The group s |
| Shark | 1 | Shark is a type of malware, or malicious software, that was deployed by the cyber group OilRig. In 2021, OilRig updated its DanBot backdoor and began deploying the Shark, Milan, and Marlin backdoors, as highlighted in the T3 2021 issue of the ESET Threat Report. This harmful program can infiltrate s |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Reconshark | Unspecified | 5 | ReconShark is a new malware variant deployed by the North Korea-linked Advanced Persistent Threat (APT) group, Kimsuky. This tool has been observed in an ongoing campaign, used as an infostealer-downloader and is a new iteration of the group's custom BabyShark malware family. The ReconShark tool is |
| BabyShark | Unspecified | 5 | BabyShark is a malicious software (malware) that has been linked to the North Korean Advanced Persistent Threat (APT) group known as Kimsuky, also referred to as Thallium and Velvet Chollima. This malware, written in Microsoft Visual Basic script, was first identified in November 2018 and was used p |
| Black Basta | Unspecified | 2 | Black Basta is a notorious malware entity known for its devastating ransomware attacks. First emerging in June 2022, the group has since been associated with a series of high-profile cyber-attacks worldwide. This malware, like others, infiltrates systems through suspicious downloads, emails, or webs |
| Toddleshark | Unspecified | 2 | ToddleShark is a new variant of malware, believed to be an evolution of Kimsuky's BabyShark and ReconShark backdoors. It has been identified by Kroll's analysts as being used by the North Korean APT hacking group Kimsuky to target government organizations, research centers, universities, and think t |
| Hermit | Unspecified | 1 | Hermit is a malicious software (malware) linked to North Korea, also known as the "Hermit Kingdom" due to its isolationist policies. This malware, along with others like Pegasus and DevilsTongue, targeted Apple users leading to a wave of sophisticated attacks in July 2022. In response, Apple develop |
| Baby Shark | Unspecified | 1 | None |
| Gelsemium | Unspecified | 1 | Gelsemium is a sophisticated malware associated with Advanced Persistent Threat (APT) activities. It is known for its stealthy operations and the use of server-side exploits to deploy a web shell and multiple custom tools on targeted systems. The malware has been used in cyber-attacks against variou |
| AppleSeed | Unspecified | 1 | Appleseed is a sophisticated malware, believed to be affiliated with North Korean nation-state actors, that has been used in various cyber attacks. The malware uses a two-layer command structure to communicate with its command and control server, making it particularly effective at seizing control o |
| Phorpiex | Unspecified | 1 | Phorpiex is a notorious malware that has been identified as a substantial threat in the cyber landscape. This malicious software, designed to exploit and damage systems, infiltrates unsuspecting users' devices through suspicious downloads, emails, or websites. Once inside, it can cause significant h |
| Lockbit Black | Unspecified | 1 | LockBit Black, also known as LockBit 3.0, is a malware that emerged in early 2022, following the release of its predecessor, LockBit 2.0 (or LockBit Red) in mid-2021. This malicious software, designed to exploit and damage computer systems, encrypts files and often holds them hostage for ransom. The |
| Fastspy | Unspecified | 1 | None |
| Fastviewer | Unspecified | 1 | FastViewer, also known as Fastfire or Fastspy DEX, is a malicious software (malware) associated with the Kimsuky hacker group. This malware is particularly dangerous as it is designed to exploit and damage Android devices, potentially leading to significant data breaches and privacy violations. The |
| Amadey | Unspecified | 1 | Amadey is a malicious software (malware) that has been found to be used in conjunction with other malware such as Remcos, GuLoader, and Formbook. Analysis of the infection chains revealed that the individual behind the sales of Remcos and GuLoader also uses Amadey and Formbook, using GuLoader as a p |
| Rftrat | Unspecified | 1 | Rftrat is a type of malware used by the Kimsuky Group in their cyber-attacks. This malicious software infiltrates systems through suspicious downloads, emails, or websites without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for |
| Tinynuke | Unspecified | 1 | TinyNuke is a type of malware, specifically a banking Trojan, used to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold your da |
| ROKRAT | Unspecified | 1 | RokRAT is a sophisticated malware that has been used by the cyber-espionage group ScarCruft, primarily to target South Korean media and research organizations. The malware is typically delivered via phishing emails with ZIP file attachments containing LNK files disguised as Word documents. However, |
| Updog | Unspecified | 1 | None |
| Lockbit | Unspecified | 1 | LockBit is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. It can enter your system through various channels such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt |
| Xmrig | Unspecified | 1 | XMRig is a type of malware that is particularly harmful to computer systems and devices. It infiltrates the system through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold your data hostage for |
| Toddlershark | Unspecified | 1 | ToddlerShark is a new variant of malware that has been linked to the North Korean threat group Kimsuky, also known as APT43, Emerald Sleet, and Velvet Chollima. The malware was named ToddlerShark by researchers at Kroll due to its resemblance to BabyShark, another malware used by the same hacking gr |
| Cactus | Unspecified | 1 | Cactus is a type of malware, specifically ransomware, that has been implicated in several high-profile cyber-attacks. This malicious software infiltrates systems through deceptive methods such as suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, Cactus c |
| Emotet | Unspecified | 1 | Emotet is a highly dangerous and insidious malware that has resurfaced with increased activity this summer. Originally distributed via email attachments, it infiltrates systems often without the user's knowledge, forming botnets under the control of criminals for large-scale attacks. Once infected, |
| KGH_SPY | Unspecified | 1 | The KGH_SPY malware is a modular suite of tools used by threat actors for reconnaissance, keylogging, information stealing, and backdoor capabilities. Cybereason Nocturnus discovered this previously undocumented spyware which provides Kimsuky with stealth capabilities to carry out espionage operatio |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Andariel | Unspecified | 5 | Andariel, a notorious threat actor associated with the Lazarus Group and linked to North Korea, is known for its malicious cyber activities. The group has been identified using DTrack malware and Maui ransomware, notably in mid-2022, and has developed a reputation for exploiting ActiveX objects. Res |
| ScarCruft | Unspecified | 2 | ScarCruft, also known as APT37, Inky Squid, RedEyes, Reaper, or Group123, is a North Korean threat actor group associated with malicious cyber activities. Their actions have been linked to the execution of targeted attacks against individual Android devices, as outlined in a VB2023 paper titled "Int |
| Rgb | Unspecified | 2 | RGB, a threat actor with ties to North Korea, has been involved in a range of malicious cyber activities. The group was designated by the Office of Foreign Assets Control (OFAC) on January 2, 2015, under Executive Order 13687 for being a controlled entity of the North Korean government. In addition |
| Bluenoroff | Unspecified | 1 | BlueNoroff, a threat actor closely associated with the notorious Lazarus Group, has been actively involved in malicious cyber activities primarily targeting financial institutions and cryptocurrency businesses. Known for its sophisticated attacks on banks, casinos, fintech companies, POST software, |
| APT10 | Unspecified | 1 | APT10, also known as the Menupass Team, is a threat actor believed to operate on behalf of the Chinese Ministry of State Security (MSS). The group has been active since 2009 and is suspected to be based in Tianjin, China, according to research by IntrusionTruth in 2018. APT10 has primarily targeted |
| TA505 | Unspecified | 1 | TA505, also known as Cl0p Ransomware Gang and Lace Tempest, is a highly active and sophisticated cybercriminal group. The group has been associated with various high-profile cyber-attacks, demonstrating adaptability through a multi-vector approach to their operations. In June 2023, the U.S. Cybersec |
| Sidewinder | Unspecified | 1 | The Sidewinder threat actor group, also known as Rattlesnake, BabyElephant, APT Q4, APT Q39, Hardcore Nationalist, HN2, RAZOR Tiger, and GroupA21, is a significant cybersecurity concern with a history of malicious activities dating back to 2012. This report investigates a recent campaign by Sidewind |
| APT34 | Unspecified | 1 | APT34, also known as OilRig, EUROPIUM, Hazel Sandstorm, and Crambus among other names, is a threat actor believed to be operating on behalf of the Iranian government. Operational since at least 2014, APT34 has been involved in long-term cyber espionage operations primarily focused on reconnaissance |
| APT36 | Unspecified | 1 | APT36, also known as Transparent Tribe and Earth Karkaddan, is a notorious threat actor believed to be based in Pakistan. The group has been involved in cyberespionage activities primarily targeting India, with a focus on government, military, defense, aerospace, and education sectors. Their campaig |
| APT29 | Unspecified | 1 | APT29, also known as Cozy Bear, SVR group, BlueBravo, Nobelium, Midnight Blizzard, and The Dukes, is a threat actor linked to Russia. This group is notorious for its malicious activities in the cybersecurity realm, executing actions with harmful intent. It has been associated with several high-profi |
| OceanLotus | Unspecified | 1 | OceanLotus, also known as APT32, is a threat actor suspected to be linked with Vietnam. It primarily targets foreign companies involved in manufacturing, consumer products, consulting, and hospitality sectors that are investing or planning to invest in Vietnam. The group's recent activities indicate |
| APT33 | Unspecified | 1 | APT33, an Iran-linked threat actor, has been identified as a significant cyber threat to the Defense Industrial Base sector. The group is known for its sophisticated and malicious activities, which primarily involve executing actions with harmful intent. APT33, like other threat actors, could be a s |
| Turla | Unspecified | 1 | Turla, also known as Pensive Ursa, is a sophisticated threat actor linked to Russia that has been active for many years. The group is known for its advanced cyber-espionage capabilities and has been associated with numerous high-profile breaches. According to the MITRE ATT&CK and MITRE Ingenuity dat |
| Evil Corp | Unspecified | 1 | Evil Corp, a threat actor group based in Russia, has been identified as a significant cybercrime entity responsible for the execution of malicious actions. The alleged leader of this group is Maksim Yakubets, who is notably associated with Dridex malware operations. The U.S. Treasury imposed sanctio |
| NOBELIUM | Unspecified | 1 | Nobelium, a threat actor linked to Russia's SVR, has been actively targeting French diplomatic entities as part of its cyber-espionage activities. The Advanced Persistent Threat (APT) group has utilized sophisticated techniques such as phishing and attempts to install Cobalt Strike, an advanced malw |
| BITTER | Unspecified | 1 | Bitter, also known as T-APT-17, is a suspected South Asian threat actor that has been involved in various cyber campaigns. The group has been active since at least August 2021, with its operations primarily targeting government personnel in Bangladesh through spear-phishing emails. The similarities |
| FIN12 | Unspecified | 1 | FIN12, also known as DEV-0237 and Pistachio Tempest, is a threat actor group notorious for its malicious cyber activities. Tracked by Microsoft, this group is primarily engaged in the distribution of Hive, Conti, and Ryuk ransomware. The group has been responsible for several high-profile ransomware |
| OilRig | Unspecified | 1 | OilRig is a well-known threat actor in the cybersecurity landscape, notorious for its sophisticated attacks on various targets, including Middle Eastern telecommunications organizations and Israel's critical infrastructure sector. This entity has been linked to several high-profile campaigns such as |
| Tornado Cash | Unspecified | 1 | Tornado Cash, a known threat actor in the cybersecurity landscape, has been under the spotlight for its illicit activities. The group is associated with various malicious intents and actions, ranging from a single person to a private company or even part of a government entity. In recent times, it h |
| Lapsus | Unspecified | 1 | Lapsus is a significant threat actor that has been active since its inception in early 2022. The group gained notoriety for its cyberattacks, including a high-profile breach of Nvidia, an American multinational technology company, in the same year. This attack led to the leak of thousands of passwor |
| Silent Librarian | Unspecified | 1 | Silent Librarian, also known as Cobalt Dickens and TA407, is a persistent threat actor operating out of Iran. Despite indictments and public disclosures of its campaigns, the group continues to engage in malicious activities, with no signs of cessation as of this publication. This cyber-espionage na |
| temp.hermit | Unspecified | 1 | Temp.Hermit, also known as Lazarus Group or Hidden Cobra, is a threat actor group associated with North Korea's Reconnaissance General Bureau (RGB). The group has been operational since 2013 and is known for its cyberespionage activities targeting governments and sectors such as defense, telecommuni |
| Passcv | Unspecified | 1 | PassCV is a threat actor, or hacking team, that has been identified as part of the Chinese intelligence apparatus. This group has operated under various names including Winnti, APT17, Axiom, LEAD, BARIUM, Wicked Panda, and GREF, indicating a broad and complex network of cyber operations. The group i |
| Osmium | Unspecified | 1 | None |
| Bl00dy | Unspecified | 1 | Bl00dy is a threat actor known for its malicious activities in the cyber world. The group, along with another threat actor called Black Basta, have recently been identified as exploiting bugs in ConnectWise ScreenConnect, a popular remote management tool. This exploitation has led to a significant i |
| SideCopy | Unspecified | 1 | SideCopy is a Pakistani threat actor that has been operational since at least 2019, primarily targeting South Asian countries, specifically India and Afghanistan. The Advanced Persistent Threat (APT) group uses lures such as archive files embedded with Lnk, Microsoft Publisher or Trojanized Applicat |
| Darkhotel | Unspecified | 1 | DarkHotel, also known as DUBNIUM, is a cyber threat actor that has been active since at least 2018. This group has been observed primarily targeting Japanese organizations and has recently been linked to a campaign utilizing unique Tactics, Techniques, and Procedures (TTPs). The campaign involved a |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| CVE-2024-1708 | Unspecified | 1 | CVE-2024-1708 is a high-severity software vulnerability found in ConnectWise's ScreenConnect software, specifically targeting versions 23.9.7 and earlier. The flaw was officially disclosed by ConnectWise on February 19, 2024. This vulnerability, alongside another (CVE-2024-1709), presents significan |
| CVE-2024-1709 | Unspecified | 1 | CVE-2024-1709 is a critical vulnerability in the ConnectWise ScreenConnect software that allows for an authentication bypass. This flaw can enable a remote non-authenticated attacker to bypass the system's authentication process and gain full access. The issue was identified by Sophos Rapid Response |
| Source | CreatedAt | Title |
|---|---|---|
| Securityaffairs | 5 days ago | Security Affairs Malware Newsletter - Round 3 |
| Securityaffairs | 6 days ago | Security Affairs Malware Newsletter - Round 3 |
| Securityaffairs | 12 days ago | Security Affairs Malware Newsletter - Round 2 |
| BankInfoSecurity | 15 days ago | Breach Roundup: Microsoft Patches Zero-Day Active Since 2023 |
| Securityaffairs | 20 days ago | Security Affairs Malware Newsletter - Round 1 |
| Securityaffairs | a month ago | Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION |
| Securityaffairs | a month ago | Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION |
| Securityaffairs | a month ago | Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION |
| Securityaffairs | 2 months ago | Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION |
| Securityaffairs | 2 months ago | North Korean Kimsuky used a new Linux backdoor in recent attacks |
| Securityaffairs | 2 months ago | Security Affairs newsletter Round 472 by Pierluigi Paganini – INTERNATIONAL EDITION |
| Securityaffairs | 2 months ago | North Korea-linked Kimsuky APT attack targets victims via Messenger |
| BankInfoSecurity | 2 months ago | Breach Roundup: Kimsuky Serves Linux Trojan |
| DARKReading | 3 months ago | 'The Mask' Espionage Group Resurfaces After 10-Year Hiatus |
| Securelist | 3 months ago | APT trends report Q1 2024 – Securelist |
| DARKReading | 3 months ago | CISO Corner: Verizon DBIR Lessons; Workplace Microaggression; Shadow APIs |
| InfoSecurity-magazine | 3 months ago | North Korean Hackers Spoofing Journalist Emails to Spy on Experts |
| BankInfoSecurity | 3 months ago | Breach Roundup: REvil Hacker Gets Nearly 14-Year Sentence |
| DARKReading | 3 months ago | DPRK's Kimsuky APT Abuses Weak DMARC Policies, Feds Warn |
| Checkpoint | 3 months ago | 29th April – Threat Intelligence Report - Check Point Research |