Collaborate Disseminate
We unveil a Lazarus campaign exploiting security company products and examine its intricate connections with other campaigns Continue reading A cascade of compromise: unveiling Lazarus’ new campaign
The Lazarus group is a high-profile Korean-speaking threat actor with multiple sub-campaigns. In this blog, we’ll focus on an active cluster that we dubbed DeathNote. Continue reading Following the Lazarus group by tracking DeathNote campaign
We continue to track the BlueNoroff group’s activities and this October we observed the adoption of new malware strains in its arsenal. Continue reading BlueNoroff introduces new methods bypassing MoTW
Kimsuky (also known as Thallium, Black Banshee and Velvet Chollima) is a prolific and active threat actor primarily targeting Korea-related entities. In early 2022, we observed this group was attacking the media and a think-tank in South Korea. Continue reading Kimsuky’s GoldDragon cluster and its C2 operations
In April 2021, we observed a suspicious Word document with a Korean file name and decoy. It revealed a novel infection scheme and an unfamiliar payload. After a deep analysis, we came to a conclusion: the Andariel group was behind these attacks. Continue reading Andariel evolves to target South Korea with ransomware
As the COVID-19 crisis grinds on, some threat actors are trying to speed up vaccine development by any means available. We have found evidence that actors, such as the Lazarus group, are going after intelligence that could help these efforts by attacking entities related to COVID-19 research. Continue reading Lazarus covets COVID-19-related intelligence