Skip to content
Latest
Ghost Phishing Shows Why Email Security Must Follow the BrowserPakistani Police Intrusions Show Why Public-Sector Data Systems Are Strategic TargetsBad Epoll Shows Linux Kernel LPEs Belong in the Patch Priority QueueFake Payment SDKs Show Why Dependency Risk Is Credential RiskCritical UniFi Flaws Put Network Control Planes Back in the Patch QueueVidar Stealer Campaign Shows Why File Size and Fake Signatures Still Beat Weak ControlsADFS Signing Keys Show Why Federation Servers Are Tier-Zero Identity InfrastructureUAT-7810 Shows Edge Devices Are Becoming China-Nexus Relay InfrastructureFortiBleed Shows Firewall Credentials Are Ransomware FuelNetNut and Popa Takedown Shows Residential Proxies Are Now Attack InfrastructureVect and TeamPCP Show Supply-Chain Credentials Are Ransomware FuelOusaban Shows Banking Trojans Are Learning to Hide From SandboxesNUT upsmon Command Injection Shows UPS Monitoring Belongs in the Patch QueueARToken Shows Microsoft 365 Tokens Are the New BEC Control Plane

Category Archive

North Korean Cyber Threat Intelligence

12 reports · All intelligence

North Korean threat activity, from financially motivated intrusions to espionage — actors, tooling, and the money trail behind them.

AI (General)
Mastra npm Compromise Shows AI Frameworks Are Supply-Chain Targets
AI (General)·

Mastra npm Compromise Shows AI Frameworks Are Supply-Chain Targets

Microsoft linked the Mastra AI npm package compromise to North Korean actor Sapphire Sleet. Here is what SMBs and government contractors should do about AI framework supply-chain risk.

Cyber Security Blog
Void Dokkaebi’s InvisibleFerret Shift Shows Developer Endpoints Are Production Risk
Cyber Security Blog·

Void Dokkaebi’s InvisibleFerret Shift Shows Developer Endpoints Are Production Risk

Trend Micro reports North Korea-aligned Void Dokkaebi has moved InvisibleFerret into Cython-compiled Python extension modules. For SMBs and government contractors, the real risk is developer endpoint access to CI/CD, cloud, and production secrets.

North Korean Cyber Threat Intelligence
DPRK Threat Actors Leverage GitHub as Command and Control Infrastructure in Multi-Stage LNK Attacks
North Korean Cyber Threat Intelligence·

DPRK Threat Actors Leverage GitHub as Command and Control Infrastructure in Multi-Stage LNK Attacks

North Korean state-sponsored threat actors have been observed targeting South Korean organizations with a sophisticated multi-stage attack chain that abuses GitHub as command and control (C2) infrastructure. Fortinet FortiGuard Labs published research on April 2, 2026 detailing t

North Korean Cyber Threat Intelligence
Infostealer Infection Unmasks DPRK Operative Behind Polyfill.io Supply Chain Attack and US Crypto Exchange Infiltration
North Korean Cyber Threat Intelligence·

Infostealer Infection Unmasks DPRK Operative Behind Polyfill.io Supply Chain Attack and US Crypto Exchange Infiltration

In a stunning example of operational security failure, a North Korean cyber operative was unmasked after infecting their own machine with a LummaC2 infostealer—revealing definitive evidence linking them to both the catastrophic Polyfill.io supply chain attack and deep infiltratio

North Korean Cyber Threat Intelligence
APT37 Ruby Jumper Campaign: North Korean Hackers Deploy Malware Arsenal to Bridge Air-Gapped Networks
North Korean Cyber Threat Intelligence·

APT37 Ruby Jumper Campaign: North Korean Hackers Deploy Malware Arsenal to Bridge Air-Gapped Networks

Zscaler ThreatLabz has uncovered a sophisticated campaign by North Korean threat group APT37, introducing five new malware tools designed specifically to infiltrate and exfiltrate data from air-gapped systems through weaponized USB drives. Campaign Overview In December 2025, secu

North Korean Cyber Threat Intelligence
APT37 Deploys Ruby Jumper Campaign to Breach Air-Gapped Networks
North Korean Cyber Threat Intelligence·

APT37 Deploys Ruby Jumper Campaign to Breach Air-Gapped Networks

North Korean threat actor APT37 (Reaper) has expanded its arsenal with sophisticated new malware designed to compromise air-gapped networks — systems physically isolated from the internet that organizations use to protect their most sensitive data. Researchers at Zscaler ThreatLa

North Korean Cyber Threat Intelligence
North Korean Lazarus Group Adopts Medusa Ransomware in Global Extortion Campaign
North Korean Cyber Threat Intelligence·

North Korean Lazarus Group Adopts Medusa Ransomware in Global Extortion Campaign

North Korean cyber operations are crossing a significant threshold into commercial ransomware markets, demonstrating an intensified focus on direct financial gains. Recent intelligence from Symantec and Carbon Black Threat Hunter Team reveals the notorious state-backed Lazarus Gr

North Korean Cyber Threat Intelligence
BlueNoroff’s GhostCall and GhostHire Campaigns Use Stolen Victim Videos to Compromise Crypto Executives
North Korean Cyber Threat Intelligence·

BlueNoroff’s GhostCall and GhostHire Campaigns Use Stolen Victim Videos to Compromise Crypto Executives

North Korean threat actor BlueNoroff (also known as Sapphire Sleet, APT38, Alluring Pisces, Stardust Chollima, and TA444) has launched two sophisticated campaigns—GhostCall and GhostHire—targeting cryptocurrency executives, blockchain developers, and venture capital professionals

North Korean Cyber Threat Intelligence
North Korean Hackers Deploy AI-Generated Deepfakes and Seven Malware Families in Targeted Cryptocurrency Attacks
North Korean Cyber Threat Intelligence·

North Korean Hackers Deploy AI-Generated Deepfakes and Seven Malware Families in Targeted Cryptocurrency Attacks

North Korean threat actor UNC1069 has launched a sophisticated campaign targeting the cryptocurrency and decentralized finance (DeFi) sectors, deploying AI-generated deepfake videos and seven unique malware families to steal credentials and financial data, according to new resear

North Korean Cyber Threat Intelligence
North Korean Konni APT Deploys AI-Generated Malware to Target Blockchain Developers
North Korean Cyber Threat Intelligence·

North Korean Konni APT Deploys AI-Generated Malware to Target Blockchain Developers

The North Korean threat group Konni has launched a new campaign using AI-generated PowerShell malware to target blockchain developers across the APAC region, marking a significant shift toward technical targets and cryptocurrency infrastructure.

North Korean Cyber Threat Intelligence
The Updated APT Playbook: Tales from the Kimsuky threat actor group
North Korean Cyber Threat Intelligence·

The Updated APT Playbook: Tales from the Kimsuky threat actor group

READ ARTICLE Last updated at Thu, 21 Mar 2024 13:20:04 GMT Co-authors are Christiaan Beek and Raj Samani Within Rapid7 Labs we continually track and monitor threat groups. This is one of our key areas of focus as we work to ensure that our ability to protect customers remains con

North Korean Cyber Threat Intelligence
North Korea Debuts ‘SpectralBlur’ Malware Amid macOS Onslaught
North Korean Cyber Threat Intelligence·

North Korea Debuts ‘SpectralBlur’ Malware Amid macOS Onslaught

https://www.darkreading.com/threat-intelligence/north-korea-debuts-spectralblur-malware-amid-macos-onslaught