North Korean APT – Threat Note

From Security Week – Lazarus Uses ClickFix Tactics in Fake Cryptocurrency Job Attacks

[[{"value":"North Korea’s Lazarus hackers are using the ClickFix technique for malware deployment in fresh attacks targeting the cryptocurrency ecosystem. The post Lazarus Uses ClickFix Tactics in Fake Cryptocurrency Job Attacks…

shaikh Saqib April 2, 2025

News

From Cyber Security News – Lazarus Group is No Longer Consider a Single APT Group, But Collection of Many Sub Groups

The cybersecurity landscape is witnessing a growing complexity in the attribution of Advanced Persistent Threat (APT) actors, particularly the North Korean-linked Lazarus group. Once considered a singular entity, Lazarus has…

shaikh Saqib April 1, 2025

Vulnerabilities

From Cybersecurity Help – Cyber Security Week in Review: March 14, 2025

In brief: Microsoft, Apple fix zero-days, LockBit ransomware dev extradited to the US, and more. Read More

shaikh Saqib March 14, 2025

News

From The Hacker News – North Korea’s ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps

The North Korea-linked threat actor known as ScarCruft is said to have been behind a never-before-seen Android surveillance tool named KoSpy targeting Korean and English-speaking users. Lookout, which shared details of the malware campaign, said the earliest versions date back to March 2022. The most recent samples were flagged in March 2024. It's not clear how successful these efforts were. "

shaikh Saqib March 13, 2025

News

From Security Week – North Korean Hackers Distributed Android Spyware via Google Play

[[{"value":"The North Korea-linked APT37 has been observed targeting Android users with spyware distributed via Google Play. The post North Korean Hackers Distributed Android Spyware via Google Play appeared first on…

shaikh Saqib March 13, 2025

Vulnerabilities

From Cybersecurity Help – New North Korea-linked Android spyware KoSpy targets Korean and English-speaking users

KoSpy is distributed through fake utility applications, which masquerade as helpful tools. Read More

shaikh Saqib March 13, 2025

News

From Dark Reading – North Korea’s Lazarus Pulls Off Biggest Crypto Heist in History

Cyberattackers believed to be affiliated with the state-sponsored threat group pulled off the largest crypto heist reported to date, stealing $1.5 billion from exchange Bybit. It was carried out by…

shaikh Saqib February 25, 2025

News

From Dark Reading – North Korea’s Kimsuky Taps Trusted Platforms to Attack South Korea

The campaign heavily uses Dropbox folders and PowerShell scripts to evade detection and quickly scrapped infrastructure components after researchers began poking around. Read More

shaikh Saqib February 19, 2025

News

From Cyber Security News – Lazarus Group Infostealer Malwares Attacking Developers In New Campaign

The notorious Lazarus Group, a North Korean Advanced Persistent Threat (APT) group, has been linked to a sophisticated campaign targeting software developers. This campaign involves the use of infostealer malware,…

shaikh Saqib February 15, 2025

News

From The Hacker News – Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks

The North Korean threat actor known as the Lazarus Group has been linked to a previously undocumented JavaScript implant named Marstech1 as part of limited targeted attacks against developers. The active operation has been dubbed Marstech Mayhem by SecurityScorecard, with the malware delivered by means of an open-source repository hosted on GitHub that's associated with a profile named "

shaikh Saqib February 14, 2025