Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: A targeted campaign by the North Korean Lazarus Group, dubbed Operation SyncHole, used a combination of watering hole tactics and software exploits to compromise at least six South Korean organizations between November 2024 and February 2025. These were companies engaged in the fields of software, semiconductor manufacturing, IT, finance, and telecommunications. The campaign exploited vulnerabilities …
The post Lazarus Group Breached Semiconductor and Software Firms in South Korea appeared first on CyberInsider.
April 24th, 2025 (about 1 month ago)
|
|
Description: At least six organizations in South Korea have been targeted by the prolific North Korea-linked Lazarus Group as part of a campaign dubbed Operation SyncHole.
The activity targeted South Korea's software, IT, financial, semiconductor manufacturing, and telecommunications industries, according to a report from Kaspersky published today. The earliest evidence of compromise was first detected in
April 24th, 2025 (about 1 month ago)
|
|
Description: The North Korean threat actors behind Contagious Interview have adopted the increasingly popular ClickFix social engineering tactic to lure job seekers in the cryptocurrency sector to deliver a previously undocumented Go-based backdoor called GolangGhost on Windows and macOS systems.
The new activity, assessed to be a continuation of the campaign, has been codenamed ClickFake Interview by
April 3rd, 2025 (about 2 months ago)
|
|
Description: The U.S. Treasury Department has announced that it's removing sanctions against Tornado Cash, a cryptocurrency mixer service that has been accused of aiding the North Korea-linked Lazarus Group to launder their ill-gotten proceeds.
"Based on the Administration's review of the novel legal and policy issues raised by use of financial sanctions against financial and commercial activity occurring
March 22nd, 2025 (2 months ago)
|
|
Description: The North Korean threat actor known as the Lazarus Group has been linked to a previously undocumented JavaScript implant named Marstech1 as part of limited targeted attacks against developers.
The active operation has been dubbed Marstech Mayhem by SecurityScorecard, with the malware delivered by means of an open-source repository hosted on GitHub that's associated with a profile named "
February 14th, 2025 (3 months ago)
|
|
|
Description: The North Korea-linked Lazarus Group has been linked to an active campaign that leverages fake LinkedIn job offers in the cryptocurrency and travel sectors to deliver malware capable of infecting Windows, macOS, and Linux operating systems.
According to cybersecurity company Bitdefender, the scam begins with a message sent on a professional social media network, enticing them with the promise of
February 5th, 2025 (4 months ago)
|
|
|
January 29th, 2025 (4 months ago)
|
|
|
Description: The threat actor is using a sophisticated network of VPNs and proxies to centrally manage command and control servers from Pyongyang.
January 29th, 2025 (4 months ago)
|
|
|
Description: The North Korean threat actor known as the Lazarus Group has been observed leveraging a "web-based administrative platform" to oversee its command-and-control (C2) infrastructure, giving the adversary the ability to centrally supervise all aspects of their campaigns.
"Each C2 server hosted a web-based administrative platform, built with a React application and a Node.js API," SecurityScorecard's
January 29th, 2025 (4 months ago)
|
|
|
Description: The North Korea-linked Lazarus Group has been attributed to a new cyber attack campaign dubbed Operation 99 that targeted software developers looking for freelance Web3 and cryptocurrency work to deliver malware.
"The campaign begins with fake recruiters, posing on platforms like LinkedIn, luring developers with project tests and code reviews," Ryan Sherstobitoff, senior vice president of Threat
January 15th, 2025 (5 months ago)
|