Kimsuky APT continues to target South Korean government using AppleSeed backdoor

Kimsuky, the North Korean threat actor active since 2012, is still targeting the South Korean government. We take a look at the phishing infrastructure and command and control mechanisms of this APT.

Read more

Lazarus APT conceals malicious code within BMP image to drop its RAT

The North Korean APT uses a clever technique to bypass security products by embedding one of its payload as a BMP image.

Read more

Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat

A North Korean threat group has swapped the usual Hangul Office lures for a cleverly packed Office macro.

Read more

New LNK attack tied to Higaisa APT discovered

We describe a new spearphishing campaign tied to the potential North Korean Higaisa APT group.

Read more

Enemy at the gates: Reviewing the Magnitude exploit kit redirection chain

This post shines some light on a ‘gate’ belonging to the geo-targeted Magnitude exploit kit.

Read more

Select your language