Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
April 29th, 2025 (about 1 month ago)
|
|
Description: North Korea-linked threat actors behind the Contagious Interview have set up front companies as a way to distribute malware during the fake hiring process.
"In this new campaign, the threat actor group is using three front companies in the cryptocurrency consulting industry—BlockNovas LLC (blocknovas[.] com), Angeloper Agency (angeloper[.]com), and SoftGlide LLC (softglide[.]co)—to spread
April 25th, 2025 (about 1 month ago)
|
|
Description: In a recent espionage campaign, the infamous North Korean threat group Lazarus targeted multiple organizations in the software, IT, finance, and telecommunications sectors in South Korea. [...]
April 24th, 2025 (about 1 month ago)
|
|
Description: North Korean IT workers illicitly gaining employment at U.S. and European tech companies are increasingly using generative artificial intelligence in a variety of ways to assist them throughout the job application and interview process.
April 24th, 2025 (about 1 month ago)
|
|
Description: A targeted campaign by the North Korean Lazarus Group, dubbed Operation SyncHole, used a combination of watering hole tactics and software exploits to compromise at least six South Korean organizations between November 2024 and February 2025. These were companies engaged in the fields of software, semiconductor manufacturing, IT, finance, and telecommunications. The campaign exploited vulnerabilities …
The post Lazarus Group Breached Semiconductor and Software Firms in South Korea appeared first on CyberInsider.
April 24th, 2025 (about 1 month ago)
|
|
Description: At least six organizations in South Korea have been targeted by the prolific North Korea-linked Lazarus Group as part of a campaign dubbed Operation SyncHole.
The activity targeted South Korea's software, IT, financial, semiconductor manufacturing, and telecommunications industries, according to a report from Kaspersky published today. The earliest evidence of compromise was first detected in
April 24th, 2025 (about 1 month ago)
|
|
Description: Multiple threat activity clusters with ties to North Korea (aka Democratic People's Republic of Korea or DPRK) have been linked to attacks targeting organizations and individuals in the Web3 and cryptocurrency space.
"The focus on Web3 and cryptocurrency appears to be primarily financially motivated due to the heavy sanctions that have been placed on North Korea," Google-owned Mandiant said in
April 23rd, 2025 (about 1 month ago)
|
|
Description: Cybersecurity researchers have flagged a new malicious campaign related to the North Korean state-sponsored threat actor known as Kimsuky that exploits a now-patched vulnerability impacting Microsoft Remote Desktop Services to gain initial access.
The activity has been named Larva-24005 by the AhnLab Security Intelligence Center (ASEC).
"In some systems, initial access was gained through
April 21st, 2025 (about 2 months ago)
|
|
Description: ClickFix attacks are being increasingly adopted by threat actors of all levels, with researchers now seeing multiple advanced persistent threat (APT) groups from North Korea, Iran, and Russia utilizing the tactic to breach networks. [...]
April 21st, 2025 (about 2 months ago)
|
|
Description: North Korean IT workers are reportedly using real-time deepfakes to secure remote work, raising serious security concerns. We explore the implications.
The post False Face: Unit 42 Demonstrates the Alarming Ease of Synthetic Identity Creation appeared first on Unit 42.
April 21st, 2025 (about 2 months ago)
|