The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

2023 Recap - Threat Actor Activity Highlights - North Korea

Dec 15, 2023 1:37:07 PM / by The Hivemind posted in Threat Bulletin, North Korea, APAC, 2023 Recap, Chollima

0 Comments

Executive Summary

Several high-profile North Korea nexus threat actor groups have been active in 2023. Reported activities include but are not limited to supply chain attacks, targeting of cryptocurrency, and proliferation of MacOS malware. In this report, PolySwarm highlights cyber activity perpetrated by North Korea nexus threat actor groups in 2023.

Read More

BlueNoroff's RustBucket MacOS Malware

May 12, 2023 3:48:04 PM / by The Hivemind posted in Threat Bulletin, Lazarus, North Korea, Financial, MacOS, Mac, RustBucket, BlueNoroff

0 Comments

Verticals Targeted: Financial

Executive Summary

North Korea nexus threat actor group BlueNoroff was recently observed using malware to target MacOS systems. Dubbed RustBucket, the malware can be used to communicate with the C2 to download and execute additional payloads.

Read More

PolySwarm 2022 Recap - Threat Actor Activity Highlights: North Korea

Dec 21, 2022 1:28:03 PM / by PolySwarm Tech Team posted in Threat Bulletin, North Korea, 2022 Recap, Asia, APAC

0 Comments



Executive Summary

This Threat Bulletin is part of PolySwarm’s 2022 Recap series. This report highlights the activity perpetrated by North Korea-based threat actors in 2022.


Key Takeaways

  • This report provides highlights of activity perpetrated by North Korea-based threat actors in 2022.
  • Threat actors featured in this report include Lazarus Group, BlueNoroff, Reaper, Andariel, Kimsuky, Gwisin, and H0ly Gh0st. 
  • PolySwarm tracked malware associated with multiple North Korea nexus threat actors in 2022.
Read More

North Korean Threat Actors Living Off the Land

Oct 11, 2022 12:47:31 PM / by PolySwarm Tech Team posted in Threat Bulletin, Lazarus, North Korea, LoTL, APT 38, Living off the land, ZataNile, EventHorizon

0 Comments

Related Families: ZetaNile (BlindingCan), EventHorizon

Verticals Targeted: Media, Defense, IT Services, Aerospace

Executive Summary

Microsoft recently reported on North Korean threat actor group Lazarus using living off the land (LOTL) techniques to target multiple verticals. Weaponization of legitimate tools includes SSH clients PuTTY and KiTTY, as well as TightVNC Viewer, Sumatra PDF reader, and muPDF/Subliminal Recording installer.

Read More

Kimsuky GoldDragon C2 Cluster

Sep 19, 2022 2:06:44 PM / by PolySwarm Tech Team posted in Threat Bulletin, Espionage, North Korea, Kimsuky, GoldDragon

0 Comments

Verticals Targeted: Think Tanks, Media, Government

Executive Summary

In early 2022, the North Korean threat actor group Kimsuky targeted a South Korean think tank and media entities. In this campaign, they leveraged what is known as the GoldDragon backdoor and associated C2 cluster.

Key Takeaways

Read More

Recent Ransomware Threats to Healthcare

Jul 21, 2022 1:27:35 PM / by PolySwarm Tech Team posted in Threat Bulletin, North Korea, Ransomware, Iran, IcedID, Healthcare, Maui, Quantum, Hospital

0 Comments



Executive Summary

Multiple ransomware families have been used to target the healthcare vertical in the past year.  In this report, we cover recently reported attacks on the healthcare vertical leveraging Maui and Quantum ransomware families.

Read More

Lazarus Group Targets Crypto With TraderTraitor

Apr 25, 2022 11:26:42 AM / by PolySwarm Tech Team posted in Threat Bulletin, North Korea, Lazarus Group, TraderTraitor, Cryptocurrency

0 Comments



Background

CISA, FBI, and the US Treasury Department recently released a joint advisory on TraderTraitor, a Lazarus group campaign targeting blockchain companies.

Read More

PolySwarm Threat Bulletin: Lazarus APT’s LolZarus Campaign Targets Defense Contractor

Feb 14, 2022 2:18:26 PM / by PolySwarm Team posted in Threat Bulletin, Lazarus, LolZarus, APT, North Korea, LoLbins, Defense Vertical

0 Comments



Background

Qualys Threat Research recently reported on a new Lazarus espionage campaign leveraging employment phishing emails to target the defense sector, primarily targeting those applying for a job at Lockheed Martin. The targeting is similar to previous Lazarus campaigns which targeted Northrop Grumman and BAE Systems. Qualys refers to the current campaign as LolZarus due to the threat actor group’s use of LoLbins in some of the samples, which according to Qualys is the first known use of LoLbins by a well-known threat actor group.

Read More

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts