Lazarus Tag

The North Korea-linked threat actor tracked as APT37 has been linked to a piece of new malware dubbed M2RAT in attacks targeting its southern counterpart, suggesting continued evolution of the group's features and tactics. APT37, also tracked under the monikers Reaper, RedEyes, Ricochet Chollima, and ScarCruft, is linked to North Korea's Ministry of State Security (MSS) unlike the Lazarus and...

Read More

Suspected Russian threat actors have been targeting Eastern European users in the crypto industry with fake job opportunities as bait to install information-stealing malware on compromised hosts. The attackers "use several highly obfuscated and under-development custom loaders in order to infect those involved in the cryptocurrency industry with Enigma stealer," Trend Micro researchers Aliakbar...

Read More

Sandworm Targets Ukraine and its Supporters   In the last months of 2022, Russian Advanced Persistent Threat (APT) group Sandworm continued its data wiping attacks against Ukrainian organizations, but expanded its efforts to organizations from countries that are strong supporters of Ukraine, such as Poland, according to a new report by cybersecurity firm ESET. Sandworm is believed to operate as a unit inside Russia's military intelligence agency,...

Read More

  Security researchers have uncovered a cyber-attack campaign by the North Korean Lazarus Group targeting medical research, energy, and other organizations in an effort to gain intelligence information.   The incident began at the end of August when attackers exploited unknown vulnerabilities in an unpatched Zimbra mail server, leading to the exfiltration of many gigabytes of data. In the following weeks, the attackers moved laterally across the network...

Read More