"Kimsuky Distributing Malicious Mobile App via QR Code" published by ENKI. #DocSwap, #Kimsuky, #Mobile, #DPRK, #CTI https://www.enki.co.kr/en/media-center/blog/kimsuky-distributing-malicious-mobile-app-via-qr-code

"QR 코드를 이용해 악성 모바일 앱을 유포하는 Kimsuky" published by ENKI. #DocSwap, #Kimsuky, #Mobile, #DPRK, #CTI https://www.enki.co.kr/media-center/blog/kimsuky-distributing-malicious-mobile-app-via-qr-code

"DPRK threat actors are still rekting way too many of you via their fake Zoom / fake Teams meets" published by Tay. #DPRK, #CTI https://archive.md/vi3Pg

"The Infostealer to APT Pipeline: How Lazarus Group Hijacked a Yemen Disinformation Network" published by HudsonRock. #Lazarus, #DPRK, #CTI https://www.hudsonrock.com/blog/5710

"APT-C-26（Lazarus）组织利用WinRAR漏洞部署Blank Grabber木马的技术分析" published by Qihoo360. #APT-C-26, #BlankGrabber, #CVE-2025-8088, #DPRK, #CTI https://mp.weixin.qq.com/s?__biz=MzUyMjk4NzExMA==&mid=2247507693&idx=1&sn=e73e1cca5af2ee80c3037daa1dbd2ab1

"2025년 11월 APT 공격 동향 보고서(국내)" published by Ahnlab. #LNK, #Trend, #DPRK, #CTI https://asec.ahnlab.com/ko/91529/

"2025년 11월 APT 그룹 동향 보고서" published by Ahnlab. #FamousChollima, #Kimsuky, #Konni, #Trend, #DPRK, #CTI https://asec.ahnlab.com/ko/91524/

"Beyond the Malware: Inside the Digital Empire of a North Korean Threat Actor" published by Flashpoint. #ContagiousInterview, #DPRK, #CTI https://flashpoint.io/blog/beyond-the-malware-digital-empire-north-korean-threat-actor/

"Monthly Threat Actor Group Intelligence Report, November 2025" published by NSHC. #SectorA, #Trend, #DPRK, #CTI https://medium.com/@nshcthreatrecon/monthly-threat-actor-group-intelligence-report-november-2025-2dbb7721adf8

"EtherRAT: DPRK uses novel Ethereum implant in React2Shell attacks" published by Sysdig. #CVE-2025-55182, #EtherRAT, #React2Shell, #DPRK, #CTI https://www.sysdig.com/blog/etherrat-dprk-uses-novel-ethereum-implant-in-react2shell-attacks

"Hunting For North Korean Fiber Optic Cables" published by NKInternet. #DPRK, #CTI https://nkinternet.com/2025/12/08/hunting-for-north-korean-fiber-optic-cables/

"Exclusive Look Inside a Compromised North Korean APT Machine Linked to The Biggest Heist in History" published by HudsonRock. #Bybit, #Lazarus, #DPRK, #CTI https://www.hudsonrock.com/blog/5692

"How We Caught Lazarus's IT Workers Scheme Live on Camera" published by AnyRun. #ITWorker, #FamousChollima, #DPRK, #CTI https://any.run/cybersecurity-blog/lazarus-group-it-workers-investigation/

"North Korean hackers are pushing fake Microsoft Teams Update to macOS users" published by Moonlock. #macOS, #DPRK, #CTI https://archive.md/8xDxT

"Latest Contagious Interview malware campaign abuses Microsoft VSCode Tasks" published by OSM. #ContagiousInterview, #Lazarus, #DPRK, #CTI https://opensourcemalware.com/blog/contagious-interview-vscode

".hta 파일로 유포중인 KimJongRAT 주의!" published by ESTSecurity. #KimjongRAT, #Kimsuky, #DPRK, #CTI https://blog.alyac.co.kr/5682

"Unmasking a new DPRK Front Company DredSoftLabs" published by Wickeren. #Wagemole, #DPRK, #CTI https://medium.com/@meeswicky1100/unmasking-a-new-dprk-front-company-dredsoftlabs-bf9ed544d690

"Inside the GitHub Infrastructure Powering North Korea’s Contagious Interview npm Attacks" published by Socket. #ContagiousInterview, #NPM, #OtterCookie, #DPRK, #CTI https://socket.dev/blog/north-korea-contagious-interview-npm-attacks

"The Korean Leaks – Analyzing the Hybrid Geopolitical Campaign Targeting South Korean Financial Services With Qilin RaaS" published by Bitdefender. #MoonstoneSleet, #Ransomware, #DPRK, #CTI https://www.bitdefender.com/en-us/blog/businessinsights/korean-leaks-campaign-targets-south-korean-financial-services-qilin-ransomware

"FlexibleFerret: macOS Malware Deploys in Fake Job Scams" published by Jamf. #FlexibleFerret, #ContagiousInterview, #DPRK, #CTI https://www.jamf.com/blog/flexibleferret-malware-continues-to-adapt/