| ID | Votes | Profile Description |
|---|---|---|
| APT37 | 8 | APT37, also known as ScarCruft, Reaper, or Group123, is a threat actor suspected to be linked to North Korea. It primarily targets South Korea but has also extended its activities to Japan, Vietnam, and the Middle East, focusing on various industry verticals such as chemicals, electronics, manufactu |
| Reaper | 6 | Reaper, also known as APT37, Inky Squid, RedEyes, or ScarCruft, is a threat actor group attributed to North Korea. It deploys ROKRAT, a malicious tool that has been used in cyber exploitation since the 1970s. This group is also tied to the NOKKI malware family, which originated from research surroun |
| Group123 | 3 | Group123, also known as Inky Squid or APT37, is a threat actor group suspected of executing malicious cyber activities. They are known for their technical capabilities and innovative intrusion techniques. Over the past 18 months, they have been associated with a series of attacks that utilize shellc |
| Redeyes | 2 | RedEyes, also known as APT37, StarCruft, Reaper, or BadRAT, is a threat actor group known for its malicious cyber activities. This group recently deployed a new malware named FadeStealer to extract information from targeted systems. They have also been observed using CloudMensis, a malware that seek |
| Labyrinth Chollima | 1 | Labyrinth Chollima, a threat actor linked to North Korea, has been involved in numerous malicious activities since 2009. Tracked by CrowdStrike and other cybersecurity organizations, Labyrinth Chollima is part of the Lazarus Group, known for stealthy attacks targeting various industries such as acad |
| Ta406 | 1 | TA406, also known as the Konni Group or Kimsuky, is a state-sponsored cybercrime organization based in North Korea. This threat actor has been implicated in numerous cyber espionage activities, targeting entities such as news media organizations, academic institutions, and think tanks. The group gai |
| Cloudmensis | 1 | CloudMensis, a form of malware specifically designed to exploit macOS systems, was first brought to light by ESET in July 2022. The software infiltrates devices primarily through email attachments, causing significant security breaches once inside. Once installed, CloudMensis works diligently to ide |
| InkySquid | 1 | InkySquid, also known as ScarCruft and APT37, is a threat actor believed to be associated with North Korea. This group has been identified as the exclusive user of RokRAT, a closed-source malware family. The actions of this group are monitored by cybersecurity firms such as Volexity, which uses the |
| Inky Squid | 1 | None |
| Ricochet Chollima | 1 | Ricochet Chollima, also known as Ruby Sleet or ScarCruft among other aliases, is a threat actor associated with the Democratic Peoples’ Republic of Korea (DPRK). Active in espionage operations since at least 2016, Ricochet Chollima has primarily targeted South Korean individuals and entities, focusi |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| ROKRAT | Unspecified | 5 | RokRAT is a sophisticated malware that has been used by the cyber-espionage group ScarCruft, primarily to target South Korean media and research organizations. The malware is typically delivered via phishing emails with ZIP file attachments containing LNK files disguised as Word documents. However, |
| Opencarrot | Unspecified | 2 | OpenCarrot is a malicious software (malware) that targets Windows operating systems, enabling unauthorized access and control over infected machines. Identified by IBM XForce, it has been linked to the activities of the Lazarus Group, a North Korean cyber threat operation known for its sophisticated |
| BLUELIGHT | Unspecified | 2 | The BLUELIGHT malware, first observed in early 2021, was used as the final payload in a multistage attack. This attack involved a watering-hole assault on a South Korean online newspaper, an Internet Explorer exploit, and another ScarCruft backdoor. The attack process included multiple components li |
| Updog | Unspecified | 1 | None |
| Inksquid | Unspecified | 1 | None |
| Badrat | Unspecified | 1 | None |
| Dolphin | Unspecified | 1 | Dolphin is a malicious software (malware) that was reportedly used by an unidentified group against South Korea in December 2022. The malware, named after the codenames of Xerox PARC's range of workstations which all began with the letter D, including Dolphin, Dorado, Dicentra, and others, infiltrat |
| KONNI | Unspecified | 1 | Konni is a malware, short for malicious software, that poses a significant threat to computer systems and data. It's designed to infiltrate systems surreptitiously through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, Konni can wreak havoc by stealin |
| Hermit | Unspecified | 1 | Hermit is a malicious software (malware) linked to North Korea, also known as the "Hermit Kingdom" due to its isolationist policies. This malware, along with others like Pegasus and DevilsTongue, targeted Apple users leading to a wave of sophisticated attacks in July 2022. In response, Apple develop |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Kimsuky | Unspecified | 2 | Kimsuky is a North Korea-linked advanced persistent threat (APT) group that conducts global cyber-attacks to gather intelligence for the North Korean government. The group has been identified as a significant threat actor, executing actions with malicious intent, and has recently targeted victims vi |
| Bluenoroff | Unspecified | 2 | BlueNoroff, a threat actor closely associated with the notorious Lazarus Group, has been actively involved in malicious cyber activities primarily targeting financial institutions and cryptocurrency businesses. Known for its sophisticated attacks on banks, casinos, fintech companies, POST software, |
| Lazarus Group | Unspecified | 2 | The Lazarus Group, a notorious threat actor believed to be linked to North Korea, has been attributed with a series of significant cyber-attacks over the past few years. The group's malicious activities include the exploitation of digital infrastructure, stealing cryptocurrency, and executing large- |
| Diamond Sleet | Unspecified | 1 | Diamond Sleet, a North Korea-linked Advanced Persistent Threat (APT), has been identified as a significant threat actor in the cybersecurity landscape. This group is known for its sophisticated supply chain attacks, specifically leveraging CyberLink software to execute their malicious activities. Th |
| Ruby Sleet | Unspecified | 1 | Ruby Sleet, also known as Ricochet Chollima and CERIUM, is a North Korean threat actor that has been actively targeting governmental and defense sectors across several countries. According to a Microsoft report, from November 2022 to January 2023, Ruby Sleet, in conjunction with another threat actor |
| Rgb | Unspecified | 1 | RGB, a threat actor with ties to North Korea, has been involved in a range of malicious cyber activities. The group was designated by the Office of Foreign Assets Control (OFAC) on January 2, 2015, under Executive Order 13687 for being a controlled entity of the North Korean government. In addition |
| Apt43 | Unspecified | 1 | APT43, also known as Kimsuky, is a North Korean state-sponsored advanced persistent threat (APT) group that has been actively involved in cybercrime and espionage. The group has been implicated in a series of attacks exploiting vulnerabilities, which have drawn the attention of various cybersecurity |
| Andariel | Unspecified | 1 | Andariel, a notorious threat actor associated with the Lazarus Group and linked to North Korea, is known for its malicious cyber activities. The group has been identified using DTrack malware and Maui ransomware, notably in mid-2022, and has developed a reputation for exploiting ActiveX objects. Res |
| Reconnaissance General Bureau Rgb | Unspecified | 1 | The Reconnaissance General Bureau (RGB) is a North Korean military intelligence agency identified as a threat actor responsible for various cyberattacks. RGB is associated with hacking groups known as the "Lazarus Group," "Bluenoroff," and "Andariel," which are recognized as agencies or controlled e |
| Osmium | Unspecified | 1 | None |
| MuddyWater | Unspecified | 1 | MuddyWater is an advanced persistent threat (APT) group, also known as Earth Vetala, MERCURY, Static Kitten, Seedworm, and TEMP.Zagros. This threat actor has been linked to the Iranian Ministry of Intelligence and Security (MOIS) according to a joint advisory from cybersecurity firms. The group empl |
| Turla | Unspecified | 1 | Turla, also known as Pensive Ursa, is a sophisticated threat actor linked to Russia that has been active for many years. The group is known for its advanced cyber-espionage capabilities and has been associated with numerous high-profile breaches. According to the MITRE ATT&CK and MITRE Ingenuity dat |
| Darkhotel | Unspecified | 1 | DarkHotel, also known as DUBNIUM, is a cyber threat actor that has been active since at least 2018. This group has been observed primarily targeting Japanese organizations and has recently been linked to a campaign utilizing unique Tactics, Techniques, and Procedures (TTPs). The campaign involved a |
| TEMP.Reaper | Unspecified | 1 | None |
| Winnti | Unspecified | 1 | Winnti is a sophisticated threat actor group, first identified by Kaspersky in 2013, with activities dating back to at least 2007. The group has been associated with the Chinese nation-state and is part of a collective known as APT41, which also includes subgroups like Wicked Panda, Suckfly, and Bar |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| CVE-2018-4878 | Unspecified | 2 | None |
| CVE-2018-4876 | Unspecified | 1 | None |
| Source | CreatedAt | Title |
|---|---|---|
| DARKReading | 3 months ago | DPRK Exploits 2 MITRE Sub-Techniques: Phantom DLL Hijacking, TCC Abuse |
| DARKReading | 3 months ago | DPRK Exploits 2 MITRE Sub-Techniques: Phantom DLL Hijacking, TCC Abuse |
| BankInfoSecurity | 5 months ago | North Korean Group Seen Snooping on Russian Foreign Ministry |
| CERT-EU | 5 months ago | Konni RAT deployed via backdoored Russian government tool installer |
| Checkpoint | 6 months ago | 29th January – Threat Intelligence Report - Check Point Research |
| DARKReading | 6 months ago | North Korea's ScarCruft Attackers Gear Up to Target Cybersecurity Pros |
| CERT-EU | 8 months ago | Konni Malware Alert: Uncovering The Russian-Language Threat |
| CERT-EU | 8 months ago | Russian analysts point finger at China, North Korea over cyber activity |
| CERT-EU | 9 months ago | Understanding Advanced Persistent Threats |
| CERT-EU | 9 months ago | Trojanized VNC apps leveraged in defense-targeted Lazarus Group attacks |
| CERT-EU | 9 months ago | Lazarus Group Targeting Defense Experts with Fake Interviews via Trojanized VNC Apps |
| CERT-EU | 9 months ago | APT trends report Q3 2023 |
| DARKReading | 10 months ago | North Korea's State-Sponsored APTs Organize & Align |
| CERT-EU | 10 months ago | Virus Bulletin :: Teasing the secrets from threat actors: malware configuration extractors |
| CERT-EU | a year ago | North Korean Hackers Exploit Zero-Day Bug to Target Cybersecurity Researchers |
| CERT-EU | a year ago | FBI: DPRK cyber crooks may try to cash out $40m in crypto |
| CERT-EU | a year ago | North Korean Attackers Penetrated Russian Rocket Designer's Systems |
| CERT-EU | a year ago | Elite North Korean Hackers Breach Russian Missile Developer |
| CERT-EU | a year ago | Russian Missile Manufacturer Breached By North Korean Hackers |
| CERT-EU | a year ago | The Week in Security: Cloudflare Tunnels abuse ramps up, U.K. voter data exposed |