North Korean Cyber Threat Intelligence Archives

DPRK Threat Actors Leverage GitHub as Command and Control Infrastructure in Multi-Stage LNK Attacks

acint3 weeks ago03 mins

North Korean state-sponsored threat actors have been observed targeting South Korean organizations with a sophisticated multi-stage attack chain that abuses GitHub as command and control (C2) infrastructure. Fortinet FortiGuard Labs published research on April 2, 2026 detailing the campaign, which leverages malicious LNK (shortcut) files, encoded payloads, and living-off-the-land (LOTL) techniques to maintain persistence while…

Infostealer Infection Unmasks DPRK Operative Behind Polyfill.io Supply Chain Attack and US Crypto Exchange Infiltration

acint1 month ago03 mins

In a stunning example of operational security failure, a North Korean cyber operative was unmasked after infecting their own machine with a LummaC2 infostealer—revealing definitive evidence linking them to both the catastrophic Polyfill.io supply chain attack and deep infiltration of a US cryptocurrency exchange. Key Findings According to a detailed forensic analysis by Hudson Rock…

APT37 Ruby Jumper Campaign: North Korean Hackers Deploy Malware Arsenal to Bridge Air-Gapped Networks

acint2 months ago04 mins

Zscaler ThreatLabz has uncovered a sophisticated campaign by North Korean threat group APT37, introducing five new malware tools designed specifically to infiltrate and exfiltrate data from air-gapped systems through weaponized USB drives. Campaign Overview In December 2025, security researchers at Zscaler discovered the Ruby Jumper campaign, orchestrated by APT37 (also known as ScarCruft, Ruby Sleet,…

APT37 Deploys Ruby Jumper Campaign to Breach Air-Gapped Networks

acint2 months ago02 mins

North Korean threat actor APT37 (Reaper) has expanded its arsenal with sophisticated new malware designed to compromise air-gapped networks — systems physically isolated from the internet that organizations use to protect their most sensitive data. Researchers at Zscaler ThreatLabz have uncovered the “Ruby Jumper” campaign, which employs a complex infection chain featuring multiple novel malware…

North Korean Lazarus Group Adopts Medusa Ransomware in Global Extortion Campaign

acint2 months ago03 mins

North Korean cyber operations are crossing a significant threshold into commercial ransomware markets, demonstrating an intensified focus on direct financial gains. Recent intelligence from Symantec and Carbon Black Threat Hunter Team reveals the notorious state-backed Lazarus Group has begun deploying Medusa ransomware against targets in the Middle East while simultaneously attempting to breach healthcare organizations…

BlueNoroff’s GhostCall and GhostHire Campaigns Use Stolen Victim Videos to Compromise Crypto Executives

acint2 months ago03 mins

North Korean threat actor BlueNoroff (also known as Sapphire Sleet, APT38, Alluring Pisces, Stardust Chollima, and TA444) has launched two sophisticated campaigns—GhostCall and GhostHire—targeting cryptocurrency executives, blockchain developers, and venture capital professionals, according to research published by Kaspersky. GhostCall: Fake Investment Meetings with Real Victim Recordings In the GhostCall campaign, attackers impersonate venture capitalists on…

North Korean Hackers Deploy AI-Generated Deepfakes and Seven Malware Families in Targeted Cryptocurrency Attacks

acint2 months ago2 months ago03 mins

North Korean threat actor UNC1069 has launched a sophisticated campaign targeting the cryptocurrency and decentralized finance (DeFi) sectors, deploying AI-generated deepfake videos and seven unique malware families to steal credentials and financial data, according to new research from Google Cloud’s Mandiant threat intelligence team. AI-Enabled Social Engineering: The New Frontier The attack begins with a…

North Korean Konni APT Deploys AI-Generated Malware to Target Blockchain Developers

acint3 months ago3 months ago02 mins

The North Korean threat group Konni has launched a new campaign using AI-generated PowerShell malware to target blockchain developers across the APAC region, marking a significant shift toward technical targets and cryptocurrency infrastructure.

The Updated APT Playbook: Tales from the Kimsuky threat actor group

bulwarkblack2 years ago2 years ago04 mins

READ ARTICLE Last updated at Thu, 21 Mar 2024 13:20:04 GMT Co-authors are Christiaan Beek and Raj Samani Within Rapid7 Labs we continually track and monitor threat groups. This is one of our key areas of focus as we work to ensure that our ability to protect customers remains constant. As part of this process, we routinely…

North Korea Debuts ‘SpectralBlur’ Malware Amid macOS Onslaught

bulwarkblack2 years ago2 years ago01 mins

https://www.darkreading.com/threat-intelligence/north-korea-debuts-spectralblur-malware-amid-macos-onslaught