Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: The notorious North Korean Lazarus hacking group has reportedly adopted 'ClickFix' tactics to deploy malware targeting job seekers in the cryptocurrency industry, particularly centralized finance (CeFi). [...]
March 31st, 2025 (17 days ago)
|
|
Description: The U.S. Treasury Department has announced that it's removing sanctions against Tornado Cash, a cryptocurrency mixer service that has been accused of aiding the North Korea-linked Lazarus Group to launder their ill-gotten proceeds.
"Based on the Administration's review of the novel legal and policy issues raised by use of financial sanctions against financial and commercial activity occurring
March 22nd, 2025 (27 days ago)
|
|
Description: The U.S. Department of Treasury announced today that it has removed sanctions against the Tornado Cash cryptocurrency mixer, which North Korean Lazarus hackers used to launder hundreds of millions stolen in multiple crypto heists. [...]
March 21st, 2025 (27 days ago)
|
|
Description: At least 11 state-backed hacking groups from North Korea, Iran, Russia, and China have been exploiting a new Windows vulnerability in data theft and cyber espionage zero-day attacks since 2017. [...]
March 18th, 2025 (about 1 month ago)
|
|
Description: An unpatched security flaw impacting Microsoft Windows has been exploited by 11 state-sponsored groups from China, Iran, North Korea, and Russia as part of data theft, espionage, and financially motivated campaigns that date back to 2017.
The zero-day vulnerability, tracked by Trend Micro's Zero Day Initiative (ZDI) as ZDI-CAN-25373, refers to an issue that allows bad actors to execute hidden
March 18th, 2025 (about 1 month ago)
|
|
Description: OKX said it detected a coordinated effort by one of North Korea’s most prolific hacking outfits to misuse its decentralized finance (DeFi) services.
March 17th, 2025 (about 1 month ago)
|
|
Description: OKX Web3 has decided to suspend its DEX aggregator services to implement security upgrades following reports of abuse by the notorious North Korean Lazarus hackers, who recently conducted a $1.5 billion crypto heist. [...]
March 17th, 2025 (about 1 month ago)
|
|
Description: The North Korea-linked threat actor known as ScarCruft is said to have been behind a never-before-seen Android surveillance tool named KoSpy targeting Korean and English-speaking users.
Lookout, which shared details of the malware campaign, said the earliest versions date back to March 2022. The most recent samples were flagged in March 2024. It's not clear how successful these efforts were.
"
March 13th, 2025 (about 1 month ago)
|
|
Description: Tenable Research examines DeepSeek R1 and its capability to develop malware, such as a keylogger and ransomware. We found it provides a useful starting point, but requires additional prompting and debugging.BackgroundAs generative artificial intelligence (GenAI) has increased in popularity since the launch of ChatGPT, cybercriminals have become quite fond of GenAI tools to aid in their various activities. However, most traditional GenAI tools have various guardrails in place to combat attempts to use them for malicious purposes. In fact, cybercriminal usage of tools like OpenAI’s ChatGPT and Google’s Gemini have been documented by both OpenAI (“Disrupting malicious uses of AI by state-affiliated threat actors”) and Google (“Adversarial Misuse of Generative AI”). OpenAI recently removed accounts of Chinese and North Korean users caught using ChatGPT for malicious purposes.Cybercriminals have also developed their own malicious large language models (LLMs) like WormGPT, FraudGPT, Evil-GPT and, most recently, GhostGPT. These malicious LLMs can be accessed via a one-time payment or subscription fee. However, with the recent open source release of DeepSeek’s local LLMs, like DeepSeek V3 and DeepSeek R1, we anticipate cybercriminals will seek to utilize these freely accessible models.Tenable Research is conducting ongoing analysis of GenAI as we seek to better understand various LLMs, including DeepSeek. In this blog, we explore how DeepSeek responds to requests to generate malwa...
March 13th, 2025 (about 1 month ago)
|
|
Description: Six malicious packages have been identified on npm (Node package manager) linked to the notorious North Korean hacking group Lazarus. [...]
March 11th, 2025 (about 1 month ago)
|