"Inside North Korea's Global Cyber Playbook" published by Proofpoint. #ContagiousInterview, #ITWorker, #Podcast, #TA427, #DPRK, #CTI https://podcasts.apple.com/us/podcast/comic-sans-and-cybercrime-inside-north-koreas-global/id1612506550?i=1000715261677
#TA427
"Around the World in 90 Days: State-Sponsored Actors Try ClickFix" published by Proofpoint. #ClickFix, #QuasarRAT, #TA427, #DPRK, #CTI https://www.proofpoint.com/us/blog/threat-insight/around-world-90-days-state-sponsored-actors-try-clickfix
Proofpoint has been tracking #TA427, a North Korea-aligned threat actor, for years.
Recently, the team observed changes in the group's tactics and targeting, including exploiting #DMARC and web beacons.
Greg Lesnewich shared his insight with The CyberWire Research Saturday podcast host Dave Bittner.
Stream now at https://thecyberwire.com/podcasts/research-saturday/326/notes.
Proofpoint’s threat research team has been tracking state-aligned actors for years. In a new report, they detail TA427, a group observed using new tactics, including persona spoofing and the incorporation of web beacons.
Get to know advanced persistent threat (APT) #TA427:
👋 Also goes by #EmeraldSleet, #APT43, #THALLIUM, #Kimsuky
🤝 Likely supports #DPRK intelligence on US and ROK foreign policy
🔥 A savvy #socialengineering expert
💬 Likes the long game: builds rapport with targets over weeks/months
🥸 Uses multiple aliases, usually small/under-resourced think tanks and NGOs
😈 Seen abusing #DMARC, spoofing private email accounts, and typosquatting
Explore the blog, and help spread the word about TA427’s prolific activity so potential targets are prepared to protect their people and defend their data.
From Social Engineering to DMARC Abuse: TA427’s Art of Information Gathering
#TA427
https://www.proofpoint.com/us/blog/threat-insight/social-engineering-dmarc-abuse-ta427s-art-information-gathering
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst