Lmst

"Demystifying the North Korean Threat" published by Paradigm. #AppleJeus, #ITWorker, #Lazarus, #Trend, #DangerousPassword, #TraderTraitor, #DPRK, #CTI https://www.paradigm.xyz/2025/03/demystifying-the-north-korean-threat

🚨 New Malware Report 🚨

AppleJeus malware is hijacking wallets & stealing funds. Don't be the next victim!

Read the report! 🔗 https://bit.ly/3QoD5hp

#CryptoSecurity #LazarusGroup #AppleJeus #WRAVEN

"Beware of Contacts through LinkedIn: They Target Your Organization’s Property, Not Yours" published by JPCERT. #AppleJeus, #DangerousPassword, #DreamJob, #Lazarus, #DPRK, #CTI https://blogs.jpcert.or.jp/en/2025/01/initial_attack_vector.html

"あなたではなく組織の財産を狙うLinkedIn経由のコンタクトにご用心" published by JPCERT. #AppleJeus, #DangerousPassword, #DreamJob, #Lazarus, #DPRK, #CTI https://blogs.jpcert.or.jp/ja/2025/01/initial_attack_vector.html

Crypto hacks now seem like daily occurrences - one recent example:

Radiant Capital says North Korean threat actors are behind the $50M cryptocurrency heist that occurred after hackers breached its systems on Oct 16.

Hackers spoofed a former software contractor tricking a staffer to download a malicious ZIP file containing a decoy PDF file and a malware payload named "'InletDrift". https://www.bleepingcomputer.com/news/security/radiant-links-50-million-crypto-heist-to-north-korean-hackers/

#cyberattack #NorthKorea #UNC4736 #AppleJeus #Crypto #DiFi #Ethereum #blockchain #InletDrift

"Radiant Capital Incident Update" published by RadiantCapital. #AppleJeus, #Radiant, #UNC4736, #DPRK, #CTI https://medium.com/@RadiantCapital/radiant-capital-incident-update-e56d8c23829e

Originally posted by The Hacker News / @TheHackersNews: http://nitter.platypush.tech/TheHackersNews/status/1643101750553899008#m

R to @TheHackersNews: The link to North Korea comes from Gopuram's co-existence with #AppleJeus, a backdoor attributed to the Lazarus Group.

This group has a recurring focus on the financial industry, which aligns with the targeting of #crypto companies.

Microsoft’s Security Threat Intel team described an attack where a threat actor was targeting cryptocurrency investment companies. Thanks to Microsoft for sharing their analysis and referencing our research about a recent #AppleJeus campaign!

https://www.microsoft.com/en-us/security/blog/2022/12/06/dev-0139-launches-targeted-attacks-against-the-cryptocurrency-industry/

#Lazarus #APT uses fake #cryptocurrency apps to spread #AppleJeus #Malware
https://securityaffairs.co/wordpress/139290/apt/lazarus-apt-bloxholder-campaign.html
#securityaffairs #hacking

We published a blog #post about #Lazarus. They are still abusing fake cryptocurrency applications but we also identified #maldoc with #macro (an inception of macros). The purpose is to deploy #AppleJeus variants.

From #reverse point of view, they implemented an uncommon side-loading technique. The malicious DLL is not directly loaded by the IAT of a legit binary, but via a legitimate DLL from the System32 repository. More details on the @volexity blog : https://www.volexity.com/blog/2022/12/01/buyer-beware-fake-cryptocurrency-applications-serving-as-front-for-applejeus-malware/
#CTI #threatintel #threatintelligence