ID | Votes | Profile Description |
---|---|---|
Labyrinth Chollima | 5 | Labyrinth Chollima, a threat actor linked to North Korea, has been active since 2009 and is known for conducting operations aimed at collecting political, military, and economic intelligence on North Korea’s foreign adversaries, as well as currency generation campaigns. This group, also known by var |
Andariel | 5 | Andariel, also known as Jumpy Pisces and Onyx Sleet, is a threat actor primarily involved in cyberespionage and ransomware activities. Originating from North Korea, this group has been linked to several malicious cyber activities alongside other groups like Lazarus Group and Bluenoroff. The group's |
Sinbad | 4 | Sinbad is a threat actor suspected to be operated by North Korean operatives, primarily for the purpose of laundering stolen cryptocurrency. According to Chainalysis, Sinbad processed $24 million in December and January, indicating its use as a new mixing service. However, it's effectiveness is yet |
APT38 | 4 | APT38, a threat actor suspected to be backed by the North Korean regime, has been responsible for some of the largest cyber heists observed to date. The group has conducted operations in over 16 organizations across at least 11 countries, primarily targeting financial institutions worldwide. Despite |
Kimsuky | 3 | Kimsuky, also known as Springtail, ARCHIPELAGO, Black Banshee, Thallium, Velvet Chollima, and APT43, is a North Korea-linked threat actor first identified by a Kaspersky researcher in 2013. This cyberespionage group has been associated with various malicious activities, including spear-phishing camp |
Tradertraitor | 3 | TraderTraitor, a threat actor attributed to the North Korean government's APT38 hacking group also known as Lazarus, has been implicated in a series of cyberattacks targeting cryptocurrency platforms. The FBI has recently linked TraderTraitor to the theft of hundreds of millions of dollars in crypto |
ZINC | 3 | Zinc, also known as Diamond Sleet, is a North Korea-based threat actor group that has been active since 2009. This group is notorious for its cyber-attacks aimed at collecting political, military, and economic intelligence on North Korea's foreign adversaries, and executing currency generation campa |
Diamond Sleet | 3 | Diamond Sleet, a threat actor linked to North Korea, has been identified as a significant cybersecurity concern. This group, also known as Selective Pisces, has targeted various sectors including media, defense, and IT organizations. The advanced persistent threat (APT) group is known for its supply |
Operation Dreamjob | 3 | Operation DreamJob is a campaign attributed to the Lazarus group, a North Korea-aligned group infamous for its cyberespionage and financial theft activities. The campaign was first coined in a blog post by ClearSky in August 2020, where it described Lazarus' attempts to target defense and aerospace |
Sapphire Sleet | 2 | Sapphire Sleet is a North Korea-linked Advanced Persistent Threat (APT) group known for its malicious activities. As a threat actor, Sapphire Sleet has been identified as the entity behind the execution of actions with harmful intent. The group's operations are sophisticated and persistent, targetin |
HIDDEN COBRA | 2 | Hidden Cobra, also known as Lazarus Group, TEMP.Hermit, and several other names, is a threat actor attributed to the North Korean government by the U.S. Government. The group has been involved in various malicious cyber activities, including cyberespionage, ransomware attacks, and destructive operat |
Stardust Chollima | 2 | Stardust Chollima is a recognized threat actor in the cybersecurity industry, primarily known for its malicious activities aimed at acquiring funds. This group has been linked to various high-profile cyber-attacks and fraudulent activities since 2015. Stardust Chollima has been associated with the f |
Emerald Sleet | 2 | Emerald Sleet, a threat actor associated with North Korea, has been identified as a significant player in cyber espionage. This group is known for its sophisticated use of artificial intelligence and machine learning models (LLMs), leveraging them to enhance spear-phishing campaigns, research public |
temp.hermit | 2 | Temp.Hermit, also known as Selective Pisces or Diamond Sleet, is a cyber threat actor linked to North Korea. This group has been active since 2013 and targets governments, defense, telecommunications, and financial services sectors with cyberespionage operations. Temp.Hermit's activities often overl |
Apt43 | 2 | APT43, also known as Kimsuky, Sparkling Pisces, Emerald Sleet, and Velvet Chollima among other names, is a North Korean state-sponsored advanced persistent threat (APT) group involved in cybercrime and espionage. This threat actor conducts intelligence collection and uses cybercrime to fund its espi |
Unc4736 | 2 | UNC4736, a threat actor suspected to have North Korean connections, has been implicated in a series of cybersecurity breaches. The group gained initial access to the 3CX environment when an employee downloaded a financial trading package named X_TRADER from Trading Technologies' website. Unbeknownst |
TA444 | 2 | TA444, also known as BlueNoroff, APT28, Nickel Gladstone, Sapphire Sleet, Stardust Chollima, and other monikers, is a prolific North Korean state-backed threat actor known for its malicious cyber activities. The group has been continuously generating proprietary malware, distinguishing it from other |
ID | Type | Votes | Profile Description |
---|---|---|---|
Quiterat | Unspecified | 4 | QuiteRAT is a new type of malware associated with the North Korea-linked Lazarus Group, known for their use of custom malware. Built using the Qt framework, QuiteRAT is smaller in size compared to MagicRAT, another malware linked to the group, due to its incorporation of fewer Qt libraries and lack |
Magicrat | Unspecified | 4 | MagicRAT is a type of malware, first observed by Cisco Talos in 2022, that was used by the Lazarus Group to exploit vulnerabilities in publicly exposed VMWare Horizon platforms, primarily targeting energy companies worldwide. This malicious software, which can infiltrate systems through suspicious d |
WannaCry | Unspecified | 4 | WannaCry is a type of malware, specifically ransomware, that emerged as one of the most significant cybersecurity threats in 2017. It exploited Windows' SMBv1 Remote Code Execution Vulnerabilities (CVE-2017-0144, CVE-2017-0145, CVE-2017-0143), allowing it to spread across networks and encrypt files, |
Kandykorn | Unspecified | 4 | KandyKorn is a type of malware, first discovered in 2023, that targets macOS systems. Developed by the Lazarus hacking group, this malicious software specifically aims at blockchain engineers. The known infection process begins with social engineering tactics, tricking the victim into downloading a |
AppleJeus | Unspecified | 3 | AppleJeus is a potent malware designed to infiltrate systems and steal cryptocurrency-related assets. It was first identified by the Cybersecurity and Infrastructure Security Agency (CISA) in 2021 as part of a cryptocurrency-themed Kupay Wallet macOS malware package during an AppleJeus campaign. The |
Dtrack | Unspecified | 3 | Dtrack is a type of malware, or malicious software, that infiltrates systems to steal personal information, disrupt operations, and potentially hold data for ransom. The Andariel group, a subset of the Lazarus Group, is known for its utilization of Dtrack malware and Maui ransomware. In mid-2022, An |
Earlyrat | Unspecified | 3 | EarlyRat is a previously undocumented malware discovered by Kaspersky researchers in June. The North Korea-linked Advanced Persistent Threat (APT) group Andariel used EarlyRat in attacks exploiting the Log4j Log4Shell vulnerability last year. The malware was first noticed in one of the Log4j cases, |
Collectionrat | Unspecified | 3 | CollectionRAT is a malicious software (malware) first identified in a Cisco Talos report in 2023, with samples dating as far back as 2021. This Windows-based Remote Access Trojan (RAT) is believed to be connected to the Jupiter/EarlyRAT malware family, which has previously been linked to a Lazarus s |
Lightlesscan | Unspecified | 3 | LightlessCan is a new and advanced malware, discovered by ESET, that has been added to North Korea's Lazarus group's arsenal. The malware is a successor to the group's flagship HTTP(S) Lazarus Remote Access Trojan (RAT) named BlindingCan. LightlessCan represents a significant advancement in maliciou |
Spectralblur | Unspecified | 2 | SpectralBlur is a newly detected malware, identified as a macOS backdoor, that has been making headlines since the start of 2024. It was first spotted by cybersecurity experts who have tentatively attributed its creation and deployment to the Bluenoroff group. This malicious software, like others of |
ID | Type | Votes | Profile Description |
---|---|---|---|
Technical Reconnaissance Bureau | Unspecified | 4 | The Technical Reconnaissance Bureau (TRB), also known as the Fourteenth Bureau, is a North Korea-based threat actor that leads the Democratic People's Republic of Korea's (DPRK) development of offensive cyber tactics and tools. The TRB conducts mail inspection, telecommunications inspection and cont |
Bluenoroff | is related to | 4 | BlueNoroff, a threat actor closely associated with the Lazarus hacking group, has been identified as a significant cybersecurity risk. Known for their financially motivated attacks, BlueNoroff targets banks, casinos, fintech companies, POST software and cryptocurrency businesses, and ATMs. They have |
APT37 | Unspecified | 3 | APT37, also known as ScarCruft, Reaper, or Group123, is a threat actor suspected to be linked to North Korea. It primarily targets South Korea but has also extended its activities to Japan, Vietnam, and the Middle East, focusing on various industry verticals such as chemicals, electronics, manufactu |
Onyx Sleet | Unspecified | 3 | Onyx Sleet, also known as Andariel, DarkSeoul, Silent Chollima, and Stonefly/Clasiopa, is a North Korean state-sponsored cyber group associated with the Democratic People’s Republic of Korea (DPRK)’s Reconnaissance General Bureau (RGB) 3rd Bureau based in Pyongyang and Sinuiju. This threat actor pri |
sinbad.io | Unspecified | 3 | Sinbad.io, a threat actor identified as a popular money-laundering outlet for state-sponsored crypto thieves, emerged as a significant player in the cybercrime landscape over the past few years. Following U.S. sanctions on Tornado Cash, a previously favored service by North Korean hackers to obfusca |
Reconnaissance General Bureau | Unspecified | 2 | The Reconnaissance General Bureau (RGB) is a North Korean intelligence agency responsible for clandestine operations abroad, and it is believed to coordinate the nation's cyber activities. The RGB has been linked to several advanced persistent threat (APT) groups, including BeagleBoyz, Kimsuky, Anda |
Wicked Panda | Unspecified | 2 | Wicked Panda, also known as APT41, Double Dragon, and Bronze Atlas, is a state-sponsored threat actor originating from China. The Department of Health and Human Services' Health Sector Cybersecurity Coordination Center has identified it as one of the top cyber threats. Over the years, security resea |
Thallium | Unspecified | 2 | Thallium, also known as Kimsuky, APT43, Velvet Chollima, and Black Banshee, is a significant threat actor that has been active since at least 2012. This group, believed to be operating on behalf of the North Korean regime, conducts intelligence collection and uses cybercrime to fund espionage activi |
APT41 | Unspecified | 2 | APT41, a threat actor attributed to China, has been actively targeting organizations in at least 14 countries since 2012. The group is known for its use of an extensive range of malware, with at least 46 different code families and tools observed in their operations. They are associated with various |
ScarCruft | Unspecified | 2 | ScarCruft, also known as APT37, Inky Squid, RedEyes, Reaper, or Group123, is a North Korean threat actor group associated with malicious cyber activities. Their actions have been linked to the execution of targeted attacks against individual Android devices, as outlined in a VB2023 paper titled "Int |
APT28 | Unspecified | 2 | APT28, also known as Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM, is a threat actor linked to Russia that has been active since at least 2007. The group has targeted governments, militaries, and security organizations worldwide, including the German Social Democratic Party |
Double Dragon | Unspecified | 2 | Double Dragon, also known as APT41, Winnti, or Barium, is a prominent Advanced Persistent Threat (APT) group believed to have originated from China. As a threat actor, Double Dragon represents a human entity with the intent to execute actions of a malicious nature. The group has been identified by t |
APT33 | Unspecified | 2 | APT33, an Iran-linked threat actor also known as Peach Sandstorm, Holmium, Elfin, Refined Kitten, and Magic Hound, has been involved in a series of cyber espionage activities targeting various sectors. The group's primary targets include the government, defense, satellite, oil, and gas sectors in th |
Rgb | Unspecified | 2 | RGB is a threat actor group, part of North Korea's Reconnaissance General Bureau (RGB), a military intelligence agency under the General Staff Bureau of the Korean People's Army. Over the years, the RGB has revealed at least six threat groups, including Andariel, also known as Onyx Sleet, formerly P |
ID | Type | Votes | Profile Description |
---|---|---|---|
Log4Shell | Unspecified | 4 | Log4Shell is a significant software vulnerability, specifically a flaw in the design or implementation of Log4j, a popular Java-based logging utility. This vulnerability, officially known as CVE-2021-44228, allows malicious actors to execute arbitrary code on affected systems, providing an avenue fo |
CVE-2023-42793 | Unspecified | 3 | CVE-2023-42793 is a critical security vulnerability identified in JetBrains TeamCity build management and continuous integration server. This flaw, characterized by an authentication bypass, was exploited by multiple threat actors throughout 2023 and into 2024. The first notable exploitation occurre |
Preview | Source Link | CreatedAt | Title |
---|---|---|---|
Unit42 | a day ago | Threat Assessment: North Korean Threat Groups | |
BankInfoSecurity | 6 days ago | Cryptohack Roundup: Focus on Pig Butchering | |
BankInfoSecurity | 13 days ago | Cryptohack Roundup: SEC Sends Wells Notice to OpenSea | |
Securityaffairs | 18 days ago | Russian national arrested in Argentina for laundering money of crooks and Lazarus APT | |
DARKReading | 20 days ago | 'Styx Stealer' Blows Its Own Cover With Sloppy OpSec Mistake | |
Securityaffairs | 23 days ago | Microsoft Zero-Day CVE-2024-38193 was exploited by North Korea-linked Lazarus APT | |
CERT-EU | 9 months ago | Specialist lawyers lead cyber counterattack | |
CERT-EU | 8 months ago | North Korean Hacking Group Lazarus Withdraws $1.2M of Bitcoin From Coin Mixer | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | |
CERT-EU | 8 months ago | North Korean hackers, criminals share money laundering networks | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | |
CERT-EU | 6 months ago | Beware of Typos that May lead to malicious PyPI Package Installation | |
BankInfoSecurity | 2 months ago | Cryptohack Roundup: $230M WazirX Exploit in India | |
DARKReading | 2 months ago | Euro 2024 Becomes Latest Sporting Event to Attract Cyberattacks | |
BankInfoSecurity | 2 months ago | Cryptohack Roundup: Conviction in Home Invasions Case | |
BankInfoSecurity | 3 months ago | Cryptohack Roundup: Norway Freezes Hacked Ronin Funds | |
DARKReading | 3 months ago | Russia Aims Cyber Operations at Summer Olympics | |
DARKReading | 3 months ago | LilacSquid APT Employs Open Source Tools, QuasarRAT | |
BankInfoSecurity | 3 months ago | RedTail Cryptomining Malware Exploits PAN-OS Vulnerability | |
BankInfoSecurity | 3 months ago | Microsoft Warns of North Korea's 'Moonstone Sleet' | |
Fortinet | 4 months ago | Key Findings from the 2H 2023 FortiGuard Labs Threat Report | FortiGuard Labs | |
BankInfoSecurity | 4 months ago | Cryptohack Roundup: Geosyn Fraud Lawsuit |