The North Korea-linked threat actor known as the Lazarus Group has been attributed to a new global campaign that involves the opportunistic exploitation of security flaws in Log4j to deploy previously undocumented remote access trojans (RATs) on compromised hosts. Investigators are tracking the activity under the name Operation Blacksmith, noting the use of three DLang-based malware families, including a RAT called NineRAT that leverages Telegram for command-and-control (C2), DLRAT, and a downl
lazarus (11)
It is even more diabolical that cyber threat actors target job hunters. Especially those who are out of work and running behind in their bills. Recently, a sub-set within the infamous Lazarus Group has established new infrastructure that impersonates skills assessment portals as part of its social engineering campaigns. Lazarus Group also known by other names such as Guardians of Peace or Whois Team is a legal hacker group made up of an unknown number of individuals run by the government of N
The Lazarus Group is North Korean state sponsored cybercrime group and they have been credited, in one way or another, with a recent social engineering campaign targeting developers on GitHub. They are said to have been created by the North Korean government as early as 2007 and they are a part of the RGB, which is North Korea’s primary foreign intelligence agency. “Lazarus Group” would appear to be the primary identity of the group, but they do have several aliases such as Appleworm, Group 77
North Korea’s BlueNoroff hackers have updated their strategies and delivery techniques in a new wave of attacks targeting banks and venture capital firms according to cyber threat investigators. Part of Lazarus, a hacking group linked to the North Korean government, BlueNoroff is financially motivated and has been blamed for numerous cyber-attacks targeting banks, cryptocurrency firms, and other financial institutions.
The campaign by BlueNoroff has been in operation at least since 2017. It us
LinkedIn has become a popular destination for threat actors trying to communicate with people for a variety of purposes, such as distributing malware, cyberespionage, credential stealing, financial fraud, etc. One common approach to using LinkedIn by cyber criminals is to approach people using fake profile claiming to be a recruiter working at technology, defense, or media companies. The North Korean-sponsored group Lazarus often engaged in these kinds of activities in order to propagate malwa
Activity Summary - Week Ending on 21 October 2022:
- Red Sky Alliance identified 32,517 connections from new IP’s checking in with our Sinkholes
- NoVa hit 17x
- Analysts identified 1,515 new IP addresses participating in various Botnets
- “Alchimist” Attack
- REvil
- Good News from Brazil
- Khan Academy
- Vinomofo
- Japanese Crypto Funds
- Oh Canada
Link to full report: IR-22-295-001_weekly295.pdf
There was once an unwritten moral code among cyber hackers that they would never attack vulnerable businesses like health care. Well, those disingenuous hacker ethics are out the door; have been for awhile. After dealing with the hack of the UK’s NHS controlled ambulance service last week[1], malicious hackers are now holding an IT firm that supplies NHS ‘trusts’ to ransom following a cyber-attack. NHS trusts are public sector bodies established by parliamentary order through the UK Secretary
Activity Summary - Week Ending on 19 November 2021:
- Red Sky Alliance identified 22,393 connections from new IP’s checking in with our Sinkholes
- Analysts identified 5,918 new IP addresses participating in various Botnets
- Firsttheberg.net in France has a Compromised IP
- MBR Attacks
- Abcbot Linux Malware
- FatPipe
- Not Just the CISOs Problem
- Swedish Spoof
- The FBI is Cold?
- Lazarus Still Around
- UK Gamers
Link to full report: IR-21-323-001_weekly323.pdf
As more web merchants accept cryptocurrencies, the possibilities for theft and fraud will increase. There will no protections that consumers and businesses have enjoyed that are standard for purchases via credit card. Hackers with apparent ties to North Korea that hit e-commerce shops in 2019 and 2020 to steal payment card data also tested functionality for stealing cryptocurrency, according to the cybersecurity firm Group-IB. Group-IB's new report builds on findings published in July 2020 by
Activity Summary - Week Ending 16 April 2021:
- Red Sky Alliance observed 58 new unique email accounts compromised with Keyloggers
- Analysts identified 30,373 connections from new unique IP addresses
- 3,512 new IP addresses participating in various Botnets were Observed
- Security Researcher under Attack
- CISA’s New Tool – Aviary
- FormBook Malware
- State Sponsored APT
- Lazarus and Vyvera
- TiT-for-TaT is Never Good
- Myanmar and Taiwan Protests
Link to full report: IR-21-106-001_weekly_106.pdf
Activity Summary - Week Ending 25 November 2020:
- Red Sky Alliance observed 106 unique email accounts compromised with Keyloggers
- Analysts identified 45,355 connections from new unique IP addresses
- Lir Ukraine Llc Compromised C2
- Hezbollah Threat Actors remain as the Top Hacking Group
- Lazarus is Targeting the Supply Chain
- Muhstik Botnet targeting Oracle
- Boom!Mobile – Still not Happy
- Everyone hang in there, add Oil
- To our US Friends – Happy Thanksgiving
Link to full report: IR-20-330-001-Tactical C
