#Kimsuky C2 retailparkderventa[.]com (91[.]234[.]46[.]31) used in active ZIP+LNK+AutoIt campaign. Payloads are fetched via renamed curl.exe with basic header filtering to evade standard tools. The .lnk file contains an XOR-obfuscated decoy .hwp at offset 0x17C2. Short-lived, minimal C2 infrastructure consistent with DPRK TTPs. Targeting NGOs. #APT43 #ThreatIntel
#APT43
"APT PROFILE – APT43" published by Cyfirma. #APT43, #DPRK, #CTI https://www.cyfirma.com/research/apt-profile-apt43/
"Adversarial Misuse of Generative AI" published by Google. #APT43, #ITWorker, #DPRK, #CTI https://cloud.google.com/blog/topics/threat-intelligence/adversarial-misuse-generative-ai
📬 Cyber-Angriff auf Diehl Defence: Hacker nehmen deutsche Militärtechnik ins Visier
#Cyberangriffe #ITSicherheit #APT43 #CyberAngriff #DiehlDefence #Kimsuky #Nordkorea #Spionagesoftware https://sc.tarnkappe.info/5e34ea
Proofpoint has been tracking #TA427, a North Korea-aligned threat actor, for years.
Recently, the team observed changes in the group's tactics and targeting, including exploiting #DMARC and web beacons.
Greg Lesnewich shared his insight with The CyberWire Research Saturday podcast host Dave Bittner.
Stream now at https://thecyberwire.com/podcasts/research-saturday/326/notes.
Proofpoint’s threat research team has been tracking state-aligned actors for years. In a new report, they detail TA427, a group observed using new tactics, including persona spoofing and the incorporation of web beacons.
Get to know advanced persistent threat (APT) #TA427:
👋 Also goes by #EmeraldSleet, #APT43, #THALLIUM, #Kimsuky
🤝 Likely supports #DPRK intelligence on US and ROK foreign policy
🔥 A savvy #socialengineering expert
💬 Likes the long game: builds rapport with targets over weeks/months
🥸 Uses multiple aliases, usually small/under-resourced think tanks and NGOs
😈 Seen abusing #DMARC, spoofing private email accounts, and typosquatting
Explore the blog, and help spread the word about TA427’s prolific activity so potential targets are prepared to protect their people and defend their data.
"APT43 배후의 다단계 드롭박스 명령과 TutorialRAT" published by Genians. #APT43, #TutorialRAT, #LNK, #CTI, #OSINT, #LAZARUS https://www.genians.co.kr/blog/threat_intelligence/dropbox
"North Korean and Chinese Cyber Crime Threats to the HPH" published by USHHS. #APT43, #ThreatNeedle, #Slides, #MATA, #CTI, #OSINT, #LAZARUS https://www.hhs.gov/sites/default/files/dprk-chinese-cyber-crime-threats-us-hph.pdf
Chinese and North Korean nation-state groups target health data, feds warn
https://www.databreachtoday.com/chinese-north-korean-nation-state-groups-target-health-data-a-23141
#APT41 #APT43 #Lazarus
A new report from cybersecurity firm #Mandiant sheds light on a previously unknown threat actor operating on behalf of the North Korean regime and using cybercrime to fund its espionage operations. #apt43 #cybersecurity https://andreafortuna.org/2023/03/29/apt43-a-new-north-korean-espionage-group?utm_source=dlvr.it&utm_medium=mastodon
Good day everyone! Today's #readoftheday is a full-blown intel report by Mandiant (now part of Google Cloud) and focuses on a North Korean #APT43 and their espionage campaigns! Enjoy and Happy Hunting! (link to the report is at the bottom of the article. No paywall or info wall.)
APT43: North Korean Group Uses Cybercrime to Fund Espionage Operations
https://www.mandiant.com/resources/blog/apt43-north-korea-cybercrime-espionage
#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting
Client Info
Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst