Category Archive
North Korean Cyber Threat Intelligence
12 reports · All intelligence
North Korean threat activity, from financially motivated intrusions to espionage — actors, tooling, and the money trail behind them.
Mastra npm Compromise Shows AI Frameworks Are Supply-Chain Targets
Microsoft linked the Mastra AI npm package compromise to North Korean actor Sapphire Sleet. Here is what SMBs and government contractors should do about AI framework supply-chain risk.
Void Dokkaebi’s InvisibleFerret Shift Shows Developer Endpoints Are Production Risk
Trend Micro reports North Korea-aligned Void Dokkaebi has moved InvisibleFerret into Cython-compiled Python extension modules. For SMBs and government contractors, the real risk is developer endpoint access to CI/CD, cloud, and production secrets.
DPRK Threat Actors Leverage GitHub as Command and Control Infrastructure in Multi-Stage LNK Attacks
North Korean state-sponsored threat actors have been observed targeting South Korean organizations with a sophisticated multi-stage attack chain that abuses GitHub as command and control (C2) infrastructure. Fortinet FortiGuard Labs published research on April 2, 2026 detailing t
Infostealer Infection Unmasks DPRK Operative Behind Polyfill.io Supply Chain Attack and US Crypto Exchange Infiltration
In a stunning example of operational security failure, a North Korean cyber operative was unmasked after infecting their own machine with a LummaC2 infostealer—revealing definitive evidence linking them to both the catastrophic Polyfill.io supply chain attack and deep infiltratio
APT37 Ruby Jumper Campaign: North Korean Hackers Deploy Malware Arsenal to Bridge Air-Gapped Networks
Zscaler ThreatLabz has uncovered a sophisticated campaign by North Korean threat group APT37, introducing five new malware tools designed specifically to infiltrate and exfiltrate data from air-gapped systems through weaponized USB drives. Campaign Overview In December 2025, secu
APT37 Deploys Ruby Jumper Campaign to Breach Air-Gapped Networks
North Korean threat actor APT37 (Reaper) has expanded its arsenal with sophisticated new malware designed to compromise air-gapped networks — systems physically isolated from the internet that organizations use to protect their most sensitive data. Researchers at Zscaler ThreatLa
North Korean Lazarus Group Adopts Medusa Ransomware in Global Extortion Campaign
North Korean cyber operations are crossing a significant threshold into commercial ransomware markets, demonstrating an intensified focus on direct financial gains. Recent intelligence from Symantec and Carbon Black Threat Hunter Team reveals the notorious state-backed Lazarus Gr
BlueNoroff’s GhostCall and GhostHire Campaigns Use Stolen Victim Videos to Compromise Crypto Executives
North Korean threat actor BlueNoroff (also known as Sapphire Sleet, APT38, Alluring Pisces, Stardust Chollima, and TA444) has launched two sophisticated campaigns—GhostCall and GhostHire—targeting cryptocurrency executives, blockchain developers, and venture capital professionals
North Korean Hackers Deploy AI-Generated Deepfakes and Seven Malware Families in Targeted Cryptocurrency Attacks
North Korean threat actor UNC1069 has launched a sophisticated campaign targeting the cryptocurrency and decentralized finance (DeFi) sectors, deploying AI-generated deepfake videos and seven unique malware families to steal credentials and financial data, according to new resear
North Korean Konni APT Deploys AI-Generated Malware to Target Blockchain Developers
The North Korean threat group Konni has launched a new campaign using AI-generated PowerShell malware to target blockchain developers across the APAC region, marking a significant shift toward technical targets and cryptocurrency infrastructure.
The Updated APT Playbook: Tales from the Kimsuky threat actor group
READ ARTICLE Last updated at Thu, 21 Mar 2024 13:20:04 GMT Co-authors are Christiaan Beek and Raj Samani Within Rapid7 Labs we continually track and monitor threat groups. This is one of our key areas of focus as we work to ensure that our ability to protect customers remains con
North Korea Debuts ‘SpectralBlur’ Malware Amid macOS Onslaught
https://www.darkreading.com/threat-intelligence/north-korea-debuts-spectralblur-malware-amid-macos-onslaught