SOCRadar LABS - Tests On Your Security Posture

Search Again

Lazarus Group

★ Rank: 1

Get Free Access to Insights

Summary of Actor: Lazarus Group, also known as APT38, is a highly sophisticated, state-sponsored threat actor attributed to North Korea. The group is known for its cyber espionage, financially motivated attacks, and disruptive cyber operations targeting various industries worldwide. Active since at least 2009, Lazarus has been responsible for major financial heists, intellectual property theft, and destructive malware campaigns.

General Features:

Nation-State Backing: Strongly linked to the North Korean government, likely operating under the Reconnaissance General Bureau (RGB).
Advanced Tactics: Utilizes custom malware, zero-day exploits, supply chain attacks, and sophisticated social engineering techniques.
Diverse Targeting: Initially focused on government and military espionage, but now predominantly targeting financial institutions, cryptocurrency exchanges, blockchain-related firms, and high-value enterprises.
Evasion Capabilities: Employs multi-stage attacks, obfuscation techniques, and legitimate tools to evade detection and persistence.

Related Other Groups:

Reaper,imsuky (APT37),Andariel,BlueNoroff (APT38)

Indicators of Attack (IoA):

Spear-Phishing & Social Engineering
Custom Malware & Exploits
Compromise of Supply Chains & Software Updates
Command-and-Control (C2) Infrastructure
Cryptocurrency Theft & Laundering

Recent Activities and Trends:

Latest Campaigns :
- ByBit Cryptocurrency Exchange Attack
- Ransomware & Supply Chain Attacks
- Advanced Blockchain Attacks
Emerging Trends :
- Increased Focus on Financial Cybercrime
- Use of AI for Social Engineering & Phishing
- Use of AI for Social Engineering & Phishing Targeting of Cybersecurity & Threat Intelligence Firms

...

Also Known As:

DEV-0139

Guardians of Peace

ITG03

Hidden Cobra

Gods Disciples

+24

Target Countries

Taiwan

Israel

Japan

USA

Belgium

+23

Target Sectors

Energy & Utilities

Finance

HealthCare & Social Assistance

Public Administration

Electrical&Electronical Manufacturing

Associated Malware/Software

fullhouse

win.hoplight

win.ghost_rat

win.hardrain

win.buffetline

+207

️Related CVEs

ATT&CK IDs:

T1586 - Compromise Accounts

T1547.001 - Registry Run Keys / Startup Folder

T1115 - Clipboard Data

T1001.003 - Protocol Impersonation

T1055.001

+417

Tactic	Id	Technique
Collection	T1005	Data from Local System	Sub Techniques	Detections	Mitigations
Collection	T1113	Screen Capture	Sub Techniques	Detections	Mitigations
Collection	T1074	Data Staged	Sub Techniques	Detections	Mitigations
Collection	T1114	Email Collection	Sub Techniques	Detections	Mitigations
Collection	T1213	Data from Information Repositories	Sub Techniques	Detections	Mitigations
Collection	T1530	Data from Cloud Storage	Sub Techniques	Detections	Mitigations
Collection	T1125	Video Capture	Sub Techniques	Detections	Mitigations
Collection	T1119	Automated Collection	Sub Techniques	Detections	Mitigations
Collection	T1039	Data from Network Shared Drive	Sub Techniques	Detections	Mitigations
Collection	T1056	Input Capture	Sub Techniques	Detections	Mitigations
Collection	T1115	Clipboard Data	Sub Techniques	Detections	Mitigations
Collection	T1025	Data from Removable Media	Sub Techniques	Detections	Mitigations
Collection	T1560	Archive Collected Data	Sub Techniques	Detections	Mitigations
Collection	T1557	Adversary-in-the-Middle	Sub Techniques	Detections	Mitigations
Command And Control	T1071	Application Layer Protocol	Sub Techniques	Detections	Mitigations
Command And Control	T1001	Data Obfuscation	Sub Techniques	Detections	Mitigations
Command And Control	T1024	Custom Cryptographic Protocol	Sub Techniques	Detections	Mitigations
Command And Control	T1105	Ingress Tool Transfer	Sub Techniques	Detections	Mitigations
Command And Control	T1219	Remote Access Software	Sub Techniques	Detections	Mitigations
Command And Control	T1102	Web Service	Sub Techniques	Detections	Mitigations
Command And Control	T1568	Dynamic Resolution	Sub Techniques	Detections	Mitigations
Command And Control	T1572	Protocol Tunneling	Sub Techniques	Detections	Mitigations
Command And Control	T1132	Data Encoding	Sub Techniques	Detections	Mitigations
Command And Control	T1090	Proxy	Sub Techniques	Detections	Mitigations
Command And Control	T1573	Encrypted Channel	Sub Techniques	Detections	Mitigations
Command And Control	T1095	Non-Application Layer Protocol	Sub Techniques	Detections	Mitigations
Command And Control	T1104	Multi-Stage Channels	Sub Techniques	Detections	Mitigations
Command And Control	T1008	Fallback Channels	Sub Techniques	Detections	Mitigations
Command And Control	T1571	Non-Standard Port	Sub Techniques	Detections	Mitigations
Credential Access	T1003	OS Credential Dumping	Sub Techniques	Detections	Mitigations
Credential Access	T1556	Modify Authentication Process	Sub Techniques	Detections	Mitigations
Credential Access	T1040	Network Sniffing	Sub Techniques	Detections	Mitigations
Credential Access	T1187	Forced Authentication	Sub Techniques	Detections	Mitigations
Credential Access	T1139	Bash History	Sub Techniques	Detections	Mitigations
Credential Access	T1111	Multi-Factor Authentication Interception	Sub Techniques	Detections	Mitigations
Credential Access	T1555	Credentials from Password Stores	Sub Techniques	Detections	Mitigations
Credential Access	T1056	Input Capture	Sub Techniques	Detections	Mitigations
Credential Access	T1552	Unsecured Credentials	Sub Techniques	Detections	Mitigations
Credential Access	T1081	Credentials in Files	Sub Techniques	Detections	Mitigations
Credential Access	T1110	Brute Force	Sub Techniques	Detections	Mitigations
Credential Access	T1557	Adversary-in-the-Middle	Sub Techniques	Detections	Mitigations
Defense Evasion	T1556	Modify Authentication Process	Sub Techniques	Detections	Mitigations
Defense Evasion	T1564	Hide Artifacts	Sub Techniques	Detections	Mitigations
Defense Evasion	T1036	Masquerading	Sub Techniques	Detections	Mitigations
Defense Evasion	T1055	Process Injection	Sub Techniques	Detections	Mitigations
Defense Evasion	T1143	Hidden Window	Sub Techniques	Detections	Mitigations
Defense Evasion	T1218	System Binary Proxy Execution	Sub Techniques	Detections	Mitigations
Defense Evasion	T1656	Impersonation	Sub Techniques	Detections	Mitigations
Defense Evasion	T1027	Obfuscated Files or Information	Sub Techniques	Detections	Mitigations
Defense Evasion	T1064	Scripting	Sub Techniques	Detections	Mitigations
Defense Evasion	T1089	Disabling Security Tools	Sub Techniques	Detections	Mitigations
Defense Evasion	T1548	Abuse Elevation Control Mechanism	Sub Techniques	Detections	Mitigations
Defense Evasion	T1220	XSL Script Processing	Sub Techniques	Detections	Mitigations
Defense Evasion	T1014	Rootkit	Sub Techniques	Detections	Mitigations
Defense Evasion	T1553	Subvert Trust Controls	Sub Techniques	Detections	Mitigations
Defense Evasion	T1112	Modify Registry	Sub Techniques	Detections	Mitigations
Defense Evasion	T1497	Virtualization/Sandbox Evasion	Sub Techniques	Detections	Mitigations
Defense Evasion	T1480	Execution Guardrails	Sub Techniques	Detections	Mitigations
Defense Evasion	T1550	Use Alternate Authentication Material	Sub Techniques	Detections	Mitigations
Defense Evasion	T1622	Debugger Evasion	Sub Techniques	Detections	Mitigations
Defense Evasion	T1134	Access Token Manipulation	Sub Techniques	Detections	Mitigations
Defense Evasion	T1078	Valid Accounts	Sub Techniques	Detections	Mitigations
Defense Evasion	T1045	Software Packing	Sub Techniques	Detections	Mitigations
Defense Evasion	T1221	Template Injection	Sub Techniques	Detections	Mitigations
Defense Evasion	T1107	File Deletion	Sub Techniques	Detections	Mitigations
Defense Evasion	T1562	Impair Defenses	Sub Techniques	Detections	Mitigations
Defense Evasion	T1070	Indicator Removal	Sub Techniques	Detections	Mitigations
Defense Evasion	T1542	Pre-OS Boot	Sub Techniques	Detections	Mitigations
Defense Evasion	T1574	Hijack Execution Flow	Sub Techniques	Detections	Mitigations
Defense Evasion	T1127	Trusted Developer Utilities Proxy Execution	Sub Techniques	Detections	Mitigations
Defense Evasion	T1202	Indirect Command Execution	Sub Techniques	Detections	Mitigations
Defense Evasion	T1140	Deobfuscate/Decode Files or Information	Sub Techniques	Detections	Mitigations
Defense Evasion	T1620	Reflective Code Loading	Sub Techniques	Detections	Mitigations
Discovery	T1040	Network Sniffing	Sub Techniques	Detections	Mitigations
Discovery	T1057	Process Discovery	Sub Techniques	Detections	Mitigations
Discovery	T1135	Network Share Discovery	Sub Techniques	Detections	Mitigations
Discovery	T1033	System Owner/User Discovery	Sub Techniques	Detections	Mitigations
Discovery	T1012	Query Registry	Sub Techniques	Detections	Mitigations
Discovery	T1518	Software Discovery	Sub Techniques	Detections	Mitigations
Discovery	T1497	Virtualization/Sandbox Evasion	Sub Techniques	Detections	Mitigations
Discovery	T1217	Browser Information Discovery	Sub Techniques	Detections	Mitigations
Discovery	T1016	System Network Configuration Discovery	Sub Techniques	Detections	Mitigations
Discovery	T1622	Debugger Evasion	Sub Techniques	Detections	Mitigations
Discovery	T1614	System Location Discovery	Sub Techniques	Detections	Mitigations
Discovery	T1046	Network Service Discovery	Sub Techniques	Detections	Mitigations
Discovery	T1087	Account Discovery	Sub Techniques	Detections	Mitigations
Discovery	T1018	Remote System Discovery	Sub Techniques	Detections	Mitigations
Discovery	T1082	System Information Discovery	Sub Techniques	Detections	Mitigations
Discovery	T1007	System Service Discovery	Sub Techniques	Detections	Mitigations
Discovery	T1010	Application Window Discovery	Sub Techniques	Detections	Mitigations
Discovery	T1083	File and Directory Discovery	Sub Techniques	Detections	Mitigations
Discovery	T1049	System Network Connections Discovery	Sub Techniques	Detections	Mitigations
Discovery	T1063	Security Software Discovery	Sub Techniques	Detections	Mitigations
Discovery	T1124	System Time Discovery	Sub Techniques	Detections	Mitigations
Execution	T1072	Software Deployment Tools	Sub Techniques	Detections	Mitigations
Execution	T1059	Command and Scripting Interpreter	Sub Techniques	Detections	Mitigations
Execution	T1064	Scripting	Sub Techniques	Detections	Mitigations
Execution	T1155	AppleScript	Sub Techniques	Detections	Mitigations
Execution	T1203	Exploitation for Client Execution	Sub Techniques	Detections	Mitigations
Execution	T1129	Shared Modules	Sub Techniques	Detections	Mitigations
Execution	T1106	Native API	Sub Techniques	Detections	Mitigations
Execution	T1569	System Services	Sub Techniques	Detections	Mitigations
Execution	T1047	Windows Management Instrumentation	Sub Techniques	Detections	Mitigations
Execution	T1053	Scheduled Task/Job	Sub Techniques	Detections	Mitigations
Execution	T1559	Inter-Process Communication	Sub Techniques	Detections	Mitigations
Execution	T1204	User Execution	Sub Techniques	Detections	Mitigations
Exfiltration	T1048	Exfiltration Over Alternative Protocol	Sub Techniques	Detections	Mitigations
Exfiltration	T1041	Exfiltration Over C2 Channel	Sub Techniques	Detections	Mitigations
Exfiltration	T1022	Data Encrypted	Sub Techniques	Detections	Mitigations
Exfiltration	T1002	Data Compressed	Sub Techniques	Detections	Mitigations
Exfiltration	T1567	Exfiltration Over Web Service	Sub Techniques	Detections	Mitigations
Exfiltration	T1011	Exfiltration Over Other Network Medium	Sub Techniques	Detections	Mitigations
Impact	T1491	Defacement	Sub Techniques	Detections	Mitigations
Impact	T1489	Service Stop	Sub Techniques	Detections	Mitigations
Impact	T1485	Data Destruction	Sub Techniques	Detections	Mitigations
Impact	T1565	Data Manipulation	Sub Techniques	Detections	Mitigations
Impact	T1490	Inhibit System Recovery	Sub Techniques	Detections	Mitigations
Impact	T1486	Data Encrypted for Impact	Sub Techniques	Detections	Mitigations
Impact	T1561	Disk Wipe	Sub Techniques	Detections	Mitigations
Impact	T1499	Endpoint Denial of Service	Sub Techniques	Detections	Mitigations
Impact	T1495	Firmware Corruption	Sub Techniques	Detections	Mitigations
Impact	T1498	Network Denial of Service	Sub Techniques	Detections	Mitigations
Impact	T1496	Resource Hijacking	Sub Techniques	Detections	Mitigations
Impact	T1529	System Shutdown/Reboot	Sub Techniques	Detections	Mitigations
Impact	T1531	Account Access Removal	Sub Techniques	Detections	Mitigations
Initial Access	T1133	External Remote Services	Sub Techniques	Detections	Mitigations
Initial Access	T1195	Supply Chain Compromise	Sub Techniques	Detections	Mitigations
Initial Access	T1192	Spearphishing Link	Sub Techniques	Detections	Mitigations
Initial Access	T1190	Exploit Public-Facing Application	Sub Techniques	Detections	Mitigations
Initial Access	T1199	Trusted Relationship	Sub Techniques	Detections	Mitigations
Initial Access	T1189	Drive-by Compromise	Sub Techniques	Detections	Mitigations
Initial Access	T1078	Valid Accounts	Sub Techniques	Detections	Mitigations
Initial Access	T1091	Replication Through Removable Media	Sub Techniques	Detections	Mitigations
Initial Access	T1566	Phishing	Sub Techniques	Detections	Mitigations
Lateral Movement	T1072	Software Deployment Tools	Sub Techniques	Detections	Mitigations
Lateral Movement	T1021	Remote Services	Sub Techniques	Detections	Mitigations
Lateral Movement	T1550	Use Alternate Authentication Material	Sub Techniques	Detections	Mitigations
Lateral Movement	T1534	Internal Spearphishing	Sub Techniques	Detections	Mitigations
Lateral Movement	T1563	Remote Service Session Hijacking	Sub Techniques	Detections	Mitigations
Lateral Movement	T1570	Lateral Tool Transfer	Sub Techniques	Detections	Mitigations
Lateral Movement	T1017	Application Deployment Software	Sub Techniques	Detections	Mitigations
Lateral Movement	T1091	Replication Through Removable Media	Sub Techniques	Detections	Mitigations
Lateral Movement	T1210	Exploitation of Remote Services	Sub Techniques	Detections	Mitigations
Persistence	T1023	Shortcut Modification	Sub Techniques	Detections	Mitigations
Persistence	T1556	Modify Authentication Process	Sub Techniques	Detections	Mitigations
Persistence	T1133	External Remote Services	Sub Techniques	Detections	Mitigations
Persistence	T1037	Boot or Logon Initialization Scripts	Sub Techniques	Detections	Mitigations
Persistence	T1138	Application Shimming	Sub Techniques	Detections	Mitigations
Persistence	T1176	Browser Extensions	Sub Techniques	Detections	Mitigations
Persistence	T1136	Create Account	Sub Techniques	Detections	Mitigations
Persistence	T1547	Boot or Logon Autostart Execution	Sub Techniques	Detections	Mitigations
Persistence	T1078	Valid Accounts	Sub Techniques	Detections	Mitigations
Persistence	T1060	Registry Run Keys / Startup Folder	Sub Techniques	Detections	Mitigations
Persistence	T1137	Office Application Startup	Sub Techniques	Detections	Mitigations
Persistence	T1098	Account Manipulation	Sub Techniques	Detections	Mitigations
Persistence	T1542	Pre-OS Boot	Sub Techniques	Detections	Mitigations
Persistence	T1574	Hijack Execution Flow	Sub Techniques	Detections	Mitigations
Persistence	T1505	Server Software Component	Sub Techniques	Detections	Mitigations
Persistence	T1053	Scheduled Task/Job	Sub Techniques	Detections	Mitigations
Persistence	T1546	Event Triggered Execution	Sub Techniques	Detections	Mitigations
Persistence	T1031	Modify Existing Service	Sub Techniques	Detections	Mitigations
Persistence	T1543	Create or Modify System Process	Sub Techniques	Detections	Mitigations
Privilege Escalation	T1055	Process Injection	Sub Techniques	Detections	Mitigations
Privilege Escalation	T1068	Exploitation for Privilege Escalation	Sub Techniques	Detections	Mitigations
Privilege Escalation	T1037	Boot or Logon Initialization Scripts	Sub Techniques	Detections	Mitigations
Privilege Escalation	T1548	Abuse Elevation Control Mechanism	Sub Techniques	Detections	Mitigations
Privilege Escalation	T1138	Application Shimming	Sub Techniques	Detections	Mitigations
Privilege Escalation	T1134	Access Token Manipulation	Sub Techniques	Detections	Mitigations
Privilege Escalation	T1547	Boot or Logon Autostart Execution	Sub Techniques	Detections	Mitigations
Privilege Escalation	T1078	Valid Accounts	Sub Techniques	Detections	Mitigations
Privilege Escalation	T1098	Account Manipulation	Sub Techniques	Detections	Mitigations
Privilege Escalation	T1574	Hijack Execution Flow	Sub Techniques	Detections	Mitigations
Privilege Escalation	T1053	Scheduled Task/Job	Sub Techniques	Detections	Mitigations
Privilege Escalation	T1546	Event Triggered Execution	Sub Techniques	Detections	Mitigations
Privilege Escalation	T1543	Create or Modify System Process	Sub Techniques	Detections	Mitigations
Reconnaissance	T1589	Gather Victim Identity Information	Sub Techniques	Detections	Mitigations
Reconnaissance	T1596	Search Open Technical Databases	Sub Techniques	Detections	Mitigations
Reconnaissance	T1592	Gather Victim Host Information	Sub Techniques	Detections	Mitigations
Reconnaissance	T1595	Active Scanning	Sub Techniques	Detections	Mitigations
Reconnaissance	T1593	Search Open Websites/Domains	Sub Techniques	Detections	Mitigations
Reconnaissance	T1591	Gather Victim Org Information	Sub Techniques	Detections	Mitigations
Reconnaissance	T1590	Gather Victim Network Information	Sub Techniques	Detections	Mitigations
Resource Development	T1583	Acquire Infrastructure	Sub Techniques	Detections	Mitigations
Resource Development	T1584	Compromise Infrastructure	Sub Techniques	Detections	Mitigations
Resource Development	T1585	Establish Accounts	Sub Techniques	Detections	Mitigations
Resource Development	T1608	Stage Capabilities	Sub Techniques	Detections	Mitigations
Resource Development	T1586	Compromise Accounts	Sub Techniques	Detections	Mitigations
Resource Development	T1588	Obtain Capabilities	Sub Techniques	Detections	Mitigations
Resource Development	T1587	Develop Capabilities	Sub Techniques	Detections	Mitigations

Total Count : 669

https://sites.temple.edu/care/ci-rw-attacks/

https://www.theguardian.com/world/2009/jul/08/south-korea-cyber-attack

https://www.welivesecurity.com/2018/04/03/lazarus-killdisk-central-american-casino/

https://therecord.media/coinex-cryptocurrency-heist-north-korea

https://news.sophos.com/en-us/2022/03/17/the-ransomware-threat-intelligence-center/

https://blog.malwarebytes.com/cybercrime/2017/05/how-did-wannacry-ransomworm-spread/

https://www.bleepingcomputer.com/news/security/dprk-hacking-groups-breach-south-korean-defense-contractors/

https://www.crowdstrike.com/blog/the-anatomy-of-wiper-malware-part-1/

https://www.elliptic.co/blog/how-the-lazarus-group-is-stepping-up-crypto-hacks-and-changing-its-tactics

https://mp.weixin.qq.com/s/nnLqUBPX8xZ3hCr5u-iSjQ

https://web.archive.org/web/20170311192337/http://download01.norman.no:80/documents/ThemanyfacesofGh0stRat.pdf

https://www.darkreading.com/remote-workforce/dprk-using-unpatched-zimbra-devices-to-spy-on-researchers-

https://www.fireeye.com/content/dam/fireeye-www/current-threats/pdfs/pf/apt/rpt-apt38-2018.pdf

https://www.cfr.org/interactive/cyber-operations/lazarus-group

https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/

https://www.mcafee.com/blogs/other-blogs/mcafee-labs/operation-north-star-behind-the-scenes/

https://blog.comae.io/wannacry-new-variants-detected-b8908fefea7e

https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/clasiopa-materials-research

https://securelist.com/my-name-is-dtrack/93338/

https://therecord.media/coinex-confirms-hack-after-31-million-allegedly-stolen

https://www.youtube.com/watch?v=Q90uZS3taG0

https://www.group-ib.com/blog/apt-lazarus-python-scripts/

https://slowmist.medium.com/slowmist-our-in-depth-investigation-of-north-korean-apts-large-scale-phishing-attack-on-nft-users-362117600519

https://www.flashpoint-intel.com/blog/disclosure-chilean-redbanc-intrusion-lazarus-ties/

https://threatpost.com/lazarus-apt-spinoff-linked-to-banking-hacks/124746/

https://www.fireeye.com/content/dam/fireeye-www/global/en/blog/threat-research/FireEye_HWP_ZeroDay.pdf

https://twitter.com/BitsOfBinary/status/1321488299932983296

https://blog.cylance.com/the-ghost-dragon

https://www.zscaler.com/security-research/3CX-supply-chain-attack-analysis-march-2023

https://www.symantec.com/connect/blogs/attackers-target-dozens-global-banks-new-malware-0

https://www.cyberscoop.com/north-korea-hackers-lazarus-group-israel-defense/

https://blog.malwarebytes.com/malwarebytes-news/2021/04/lazarus-apt-conceals-malicious-code-within-bmp-file-to-drop-its-rat/

https://asec.ahnlab.com/en/34461/

https://www.secureworks.com/research/threat-profiles/bronze-globe

https://www.bloomberg.com/news/articles/2018-05-29/mexico-foiled-a-110-million-bank-heist-then-kept-it-a-secret

https://cofense.com/blog/open-source-gh0st-rat-still-haunting-inboxes-15-years-after-release/

https://vblocalhost.com/uploads/VB2021-Lee-etal.pdf

https://web.archive.org/web/20131123012339/https://www.symantec.com/connect/blogs/trojankoredos-comes-unwelcomed-surprise

https://web.archive.org/web/20130607233212/https://www.symantec.com/connect/blogs/south-korean-financial-companies-targeted-castov

https://app.box.com/s/xyyord0b806e6or2nh92coxw2areyyx4

https://asec.ahnlab.com/ko/56256/

https://www.us-cert.gov/HIDDEN-COBRA-North-Korean-Malicious-Cyber-Activity

https://www.fbi.gov/news/press-releases/fbi-identifies-lazarus-group-cyber-actors-as-responsible-for-theft-of-41-million-from-stakecom

http://baesystemsai.blogspot.de/2017/10/taiwan-heist-lazarus-tools.html

https://www.sentinelone.com/wp-content/uploads/2022/02/Modified-Elephant-APT-and-a-Decade-of-Fabricating-Evidence-SentinelLabs.pdf

https://www.sysnet.ucsd.edu/sysnet/miscpapers/darkmatter-www20.pdf

https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/

https://asec.ahnlab.com/en/60792/

https://www.welivesecurity.com/en/eset-research/lazarus-luring-employees-trojanized-coding-challenges-case-spanish-aerospace-company/

https://sansec.io/research/north-korea-magecart

https://www.us-cert.gov/ncas/analysis-reports/ar20-133a

https://blog.netlab.360.com/dacls-the-dual-platform-rat/

https://decoded.avast.io/luigicamastra/apt-group-planted-backdoors-targeting-high-profile-networks-in-central-asia

https://blog.google/threat-analysis-group/update-campaign-targeting-security-researchers/

https://attack.mitre.org/groups/G0026

https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/the-hack-of-sony-pictures-what-you-need-to-know

https://securingtomorrow.mcafee.com/mcafee-labs/hidden-cobra-targets-turkish-financial-sector-new-bankshot-implant/

https://blog.trendmicro.com/trendlabs-security-intelligence/new-macos-dacls-rat-backdoor-show-lazarus-multi-platform-attack-capability

https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=5b9850b9-0fdd-48a9-b595-9234207ae7df&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments

https://www.proofpoint.com/us/threat-insight/post/north-korea-bitten-bitcoin-bug-financially-motivated-campaigns-reveal-new

https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/how-cybercriminals-abuse-cloud-tunneling-services

https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-inside-a-highly-specialized-espionage-infrastructure/

https://www.bleepingcomputer.com/news/cryptocurrency/coinstats-says-north-korean-hackers-breached-1-590-crypto-wallets/

https://unit42.paloaltonetworks.com/unit42-blockbuster-saga-continues/

https://asec.ahnlab.com/ko/40495/

https://tccontre.blogspot.com/2021/02/gh0strat-anti-debugging-nested-seh-try.html

https://github.com/Hildaboo/Unidentified081Server

https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lazarus-north-korea-indictment

https://www.darkreading.com/attacks-breaches/north-korean-hacking-group-steals-$135-million-from-indian-bank-/d/d-id/1332678

http://www.intezer.com/lazarus-group-targets-more-cryptocurrency-exchanges-and-fintech-companies/

https://blogs.blackberry.com/en/2023/03/initial-implants-and-network-analysis-suggest-the-3cx-supply-chain-operation-goes-back-to-fall-2022

https://www.rapid7.com/blog/post/2023/03/30/backdoored-3cxdesktopapp-installer-used-in-active-threat-campaign/

https://securelist.com/blog/incidents/78351/wannacry-ransomware-used-in-widespread-attacks-all-over-the-world/

https://www.bankinfosecurity.com/vietnamese-bank-blocks-1-million-online-heist-a-9105

https://www.bitdefender.com/en-us/blog/labs/lazarus-group-targets-organizations-with-sophisticated-linkedin-recruiting-scam

https://twitter.com/ESETresearch/status/1559553324998955010

https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/a-look-into-the-lazarus-groups-operations

https://www.us-cert.gov/ncas/alerts/TA17-318B

https://blog.trendmicro.com/trendlabs-security-intelligence/lazarus-continues-heists-mounts-attacks-on-financial-organizations-in-latin-america/

https://www.youtube.com/watch?v=uakw2HMGZ-I

https://www.proofpoint.com/us/threat-insight/post/new-version-azorult-stealer-improves-loading-features-spreads-alongside

https://www.us-cert.gov/ncas/analysis-reports/ar20-045f

https://global.ahnlab.com/global/upload/download/techreport/%5BAhnLab%5DAndariel_a_Subgroup_of_Lazarus%20(3).pdf

https://www.youtube.com/watch?v=LUxOcpIRxmg

https://community.broadcom.com/symantecenterprise/viewdocument/attackers-target-dozens-of-global-b

https://baesystemsai.blogspot.de/2017/05/wanacrypt0r-ransomworm.html

https://www.anomali.com/blog/evidence-of-stronger-ties-between-north-korea-and-swift-banking-attacks

https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Tools-Report.pdf

https://www.trendmicro.com/en_us/research/21/d/water-pamola-attacked-online-shops-via-malicious-orders.html

https://lifars.com/wp-content/uploads/2021/09/Lazarus.pdf

https://blog.comae.io/wannacry-decrypting-files-with-wanakiwi-demo-86bafb81112d

https://exchange.xforce.ibmcloud.com/threat-group/0c0c39d309b5c7f00a0a7edd54bb025e

https://www.us-cert.gov/ncas/analysis-reports/AR19-100A

https://www.flashpoint-intel.com/blog/linguistic-analysis-wannacry-ransomware/

https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-F.pdf

https://www.riskiq.com/blog/labs/lazarus-group-cryptocurrency/

https://www.us-cert.gov/ncas/analysis-reports/ar20-045e

https://www.seqrite.com/blog/rat-used-by-chinese-cyberspies-infiltrating-indian-businesses/

https://www.bankinfosecurity.com/south-korea-sanctions-pyongyang-hackers-a-21193

https://public.intel471.com/blog/partners-in-crime-north-koreans-and-elite-russian-speaking-cybercriminals/

https://www.trmlabs.com/post/north-korean-hackers-stole-600-million-in-crypto-in-2023

https://twitter.com/VK_Intel/status/1182730637016481793

https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-RAT-and-Staging-Report.pdf

https://global.ahnlab.com/global/upload/download/techreport/[AhnLab]Andariel_a_Subgroup_of_Lazarus%20(3).pdf

https://www.sentinelone.com/blog/the-blindingcan-rat-and-malicious-north-korean-activity/

https://sansorg.egnyte.com/dl/3P3HxFiNgL

https://www.us-cert.gov/ncas/analysis-reports/AR18-149A

https://www.us-cert.gov/ncas/current-activity/2020/05/12/north-korean-malicious-cyber-activity

https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-040a

https://www.pwc.co.uk/cyber-security/pdf/pwc-cyber-threats-2020-a-year-in-retrospect.pdf

https://twitter.com/X__Junior/status/1743193763000828066

https://web.archive.org/web/20160527050022/https://www.symantec.com/connect/blogs/swift-attackers-malware-linked-more-financial-attacks

https://drive.google.com/file/d/1XoGQFEJQ4nFAUXSGwcnTobviQ_ms35mG/view

https://threatpost.com/banco-de-chile-wiper-attack-just-a-cover-for-10m-swift-heist/132796/

https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2023/10/18092216/Updated-MATA-attacks-Eastern-Europe_full-report_ENG.pdf

https://twitter.com/ccxsaber/status/1277064824434745345

https://krebsonsecurity.com/2017/05/u-k-hospitals-hit-in-widespread-ransomware-attack/

https://www.dropbox.com/s/hpr9fas9xbzo2uz/Whitepaper WannaCry Ransomware.pdf?dl=0

http://download01.norman.no/documents/ThemanyfacesofGh0stRat.pdf

https://securelist.com/unveiling-lazarus-new-campaign/110888/

https://unit42.paloaltonetworks.com/unit42-the-blockbuster-sequel/

https://blog.sekoia.io/the-dprk-delicate-sound-of-cyber/

https://www.slideshare.net/codeblue_jp/cb19-cyber-threat-landscape-in-japan-revealing-threat-in-the-shadow-by-chi-en-shen-ashley-oleg-bondarenko

https://www.us-cert.gov/ncas/analysis-reports/AR18-221A

https://www.microsoft.com/en-us/security/blog/2024/08/30/north-korean-threat-actor-citrine-sleet-exploiting-chromium-zero-day/

https://usa.kaspersky.com/about/press-releases/2021_apt-actor-lazarus-attacks-defense-industry-develops-supply-chain-attack-capabilities

https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07180231/LazarusUnderTheHood_PDF_final_for_securelist.pdf

https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/

https://www.newyorker.com/magazine/2021/04/26/the-incredible-rise-of-north-koreas-hacking-army

https://attack.mitre.org/groups/G0082

https://brandefense.io/blog/apt-groups/lazarus-apt-group-apt38/

https://cloud.google.com/blog/topics/threat-intelligence/unc2970-backdoor-trojanized-pdf-reader

https://www.computing.co.uk/ctg/news/3074007/lazarus-rises-warning-over-new-hoplight-malware-linked-with-north-korea

https://objective-see.com/blog/blog_0x5F.html

https://www.cisecurity.org/insights/blog/top-10-malware-march-2022

https://www.cisa.gov/uscert/ncas/alerts/TA18-275A

https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-G.PDF

https://www.acalvio.com/lateral-movement-technique-employed-by-hidden-cobra/

https://unit42.paloaltonetworks.com/unit42-operation-blockbuster-goes-mobile/

https://www.bleepingcomputer.com/news/security/north-korean-hackers-linked-to-defense-sector-supply-chain-attack/

https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/

https://www.welivesecurity.com/2021/02/01/operation-nightscout-supply-chain-attack-online-gaming-asia/

https://blog.gdatasoftware.com/2017/05/29751-wannacry-ransomware-campaign

https://mp.weixin.qq.com/s/2sV-DrleHiJMSpSCW0kAMg

https://jsac.jpcert.or.jp/archive/2024/pdf/JSAC2024_1_6_dongwook-kim_seulgi-lee_en.pdf

https://cloud.google.com/blog/topics/threat-intelligence/apt45-north-korea-digital-military-machine

https://www.secureworks.com/research/threat-profiles/bronze-edison

https://blogs.microsoft.com/on-the-issues/2017/12/19/microsoft-facebook-disrupt-zinc-malware-attack-protect-customers-internet-ongoing-cyberthreats/

https://www.virusbulletin.com/uploads/pdf/conference/vb2024/papers/Sugarcoating-KANDYKORN-a-sweet-dive-into-a-sophisticated-MacOS-backdoor.pdf

https://securityintelligence.com/posts/direct-kernel-object-manipulation-attacks-etw-providers/

https://us-cert.cisa.gov/ncas/analysis-reports/ar21-048c

https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html

https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/

https://objective-see.org/blog/blog_0x74.html

https://brandefense.io/blog/apt-groups/mythic-leopard-apt-group/

https://github.com/xl7dev/WebShell/blob/master/Asp/RedHat%20Hacker.asp

https://us-cert.cisa.gov/ncas/analysis-reports/ar21-048f

https://blogs.jpcert.or.jp/en/2021/03/Lazarus_malware3.html

https://www.microsoft.com/security/blog/2022/09/29/zinc-weaponizing-open-source-software/

https://www.secureworks.com/research/threat-profiles/copper-fieldstone

https://www.welivesecurity.com/2017/01/05/killdisk-now-targeting-linux-demands-250k-ransom-cant-decrypt

https://www.microsoft.com/en-us/security/blog/2022/12/06/dev-0139-launches-targeted-attacks-against-the-cryptocurrency-industry/

https://media.ccc.de/v/froscon2021-2670-der_cyber-bankraub_von_bangladesch

https://blog.malwarebytes.com/threat-analysis/2020/05/new-mac-variant-of-lazarus-dacls-rat-distributed-via-trojanized-2fa-app/

https://swanleesec.github.io/posts/Malware-Lazarus-group's-Brambul-worm-of-the-former-Wannacry-1

https://www.clearskysec.com/wp-content/uploads/2020/08/Dream-Job-Campaign.pdf

https://stairwell.com/wp-content/uploads/2022/07/Stairwell-Threat-Report-Maui-Ransomware.pdf

https://securelist.com/operation-applejeus/87553/

https://web.archive.org/web/20140816135909/https://www.symantec.com/connect/blogs/inside-back-door-attack

https://www.us-cert.gov/ncas/analysis-reports/AR18-165A

https://www.us-cert.gov/ncas/analysis-reports/ar19-252a

http://www.malware-traffic-analysis.net/2018/01/04/index.html

https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07170728/Guerrero-Saade-Raiu-VB2017.pdf

https://www.bleepingcomputer.com/news/security/us-seizes-sinbad-crypto-mixer-used-by-north-korean-lazarus-hackers/

https://asec.ahnlab.com/en/54195/

https://securelist.com/lazarus-trojanized-defi-app/106195/

https://www.virusbulletin.com/uploads/pdf/conference/vb2022/papers/VB2022-Lazarus-and-BYOVD-evil-to-the-Windows-core.pdf

https://www.sygnia.co/mata-framework

https://www.secrss.com/articles/18635

https://objective-see.com/blog/blog_0x51.html

https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_Operation_Interception.pdf

https://blog.trendmicro.com/trendlabs-security-intelligence/ratankba-watering-holes-against-enterprises/

https://research.checkpoint.com/north-korea-turns-against-russian-targets/

https://unit42.paloaltonetworks.com/operation-diplomatic-specter/

https://any.run/cybersecurity-blog/darkcomet-rat-technical-analysis/

https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/dark-river-you-can-t-see-them-but-they-re-there/

https://www.welivesecurity.com/wp-content/uploads/2020/07/ESET_Threat_Report_Q22020.pdf

https://www.mcafee.com/blogs/other-blogs/mcafee-labs/operation-north-star-a-job-offer-thats-too-good-to-be-true/

https://www.bitdefender.com/files/News/CaseStudies/study/185/Bitdefender-Business-2017-WhitePaper-PZCHAO-crea2452-en-EN-GenericUse.pdf

https://www.nytimes.com/2013/03/21/world/asia/south-korea-computer-network-crashes.html

https://www.secureworks.com/research/threat-profiles/nickel-gladstone

https://www.blackberry.com/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-bb-2021-threat-report.pdf

https://blog.talosintelligence.com/lazarus-quiterat/

https://eromang.zataz.com/tag/agentbase-exe/

https://news.sophos.com/en-us/2021/03/15/dearcry-ransomware-attacks-exploit-exchange-server-vulnerabilities/

https://asec.ahnlab.com/wp-content/uploads/2022/09/Analysis-Report-on-Lazarus-Groups-Rootkit-Attack-Using-BYOVD_Sep-22-2022.pdf

https://cybergeeks.tech/a-detailed-analysis-of-lazarus-malware-disguised-as-notepad-shell-extension/

https://www.sentinelone.com/blog/bluenoroff-how-dprks-macos-rustbucket-seeks-to-evade-analysis-and-detection/

https://www.prevailion.com/the-gh0st-remains-the-same-2/

https://www.ibtimes.sg/covid-19-relief-north-korea-hackers-lazarus-planning-massive-attack-us-uk-japan-singapore-47072

https://blog.reversinglabs.com/blog/hidden-cobra

https://securityscorecard.com/wp-content/uploads/2025/02/Operation-Marstech-Mayhem-Report_021025_03.pdf

https://securelist.com/it-threat-evolution-q2-2023/110355/

https://cn.ahnlab.com/global/upload/download/asecreport/ASEC%20REPORT_vol.102_ENG%20(4).pdf

https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

https://attack.mitre.org/groups/G0032

https://swanleesec.github.io/posts/Malware-Lazarus-group's-Brambul-worm-of-the-former-Wannacry-2

http://contagiodump.blogspot.com/2012/06/rat-samples-from-syrian-targeted.html

https://blog.trendmicro.com/trendlabs-security-intelligence/new-killdisk-variant-hits-financial-organizations-in-latin-america/

https://vxhive.blogspot.com/2020/11/deep-dive-into-hermes-ransomware.html

https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDF

https://www.us-cert.gov/sites/default/files/publications/MAR-10135536.11.WHITE.pdf

https://attack.mitre.org/groups/G0096

https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-108a

https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/lazarus-resurfaces-targets-global-banks-bitcoin-users/

https://www.reversinglabs.com/blog/red-flags-fly-over-supply-chain-compromised-3cx-update

https://blogs.vmware.com/security/2020/09/detecting-threats-in-real-time-with-active-c2-information.html

https://www.secureworks.com/research/wcry-ransomware-analysis

https://www.us-cert.gov/ncas/alerts/TA14-353A

https://www.justice.gov/opa/pr/north-korean-regime-backed-programmer-charged-conspiracy-conduct-multiple-cyber-attacks-and

https://www.proofpoint.com/us/blog/threat-insight/above-fold-and-your-inbox-tracing-state-aligned-activity-targeting-journalists

https://www.fbi.gov/news/press-releases/fbi-identifies-cryptocurrency-funds-stolen-by-dprk

https://baesystemsai.blogspot.com/2017/02/lazarus-false-flag-malware.html

https://blogs.vmware.com/security/2023/03/investigating-3cx-desktop-application-attacks-what-you-need-to-know.html

https://securelist.com/lazarus-threatneedle/100803/

https://unit42.paloaltonetworks.com/gleaming-pisces-applejeus-poolrat-and-pondrat/

https://labs.f-secure.com/assets/BlogFiles/f-secureLABS-tlp-white-lazarus-threat-intel-report2.pdf

https://www.bleepingcomputer.com/news/security/debridge-finance-crypto-platform-targeted-by-lazarus-hackers/

https://www.us-cert.gov/ncas/analysis-reports/AR19-129A

https://www.zdnet.com/article/north-korean-hackers-infiltrate-chiles-atm-network-after-skype-job-interview/

https://st.drweb.com/static/new-www/news/2021/april/drweb_research_attacks_on_russian_research_institutes_en.pdf

https://www.virusbulletin.com/uploads/pdf/conference/vb2023/papers/Lazarus-campaigns-and-backdoors-in-2022-2023.pdf

https://thehackernews.com/2023/03/lazarus-group-exploits-zero-day.html

https://www.kaspersky.com/about/press-releases/2017_chasing-lazarus-a-hunt-for-the-infamous-hackers-to-prevent-large-bank-robberies

https://www.bleepingcomputer.com/news/security/us-sanctions-crypto-mixer-tornado-cash-used-by-north-korean-hackers/

https://blog.talosintelligence.com/2019/05/10-years-of-virtual-dynamite.html

https://us-cert.cisa.gov/ncas/analysis-reports/ar20-239b

https://www.us-cert.gov/ncas/analysis-reports/ar19-304a

https://www.bleepingcomputer.com/news/security/lazarus-hackers-target-researchers-with-trojanized-ida-pro/

https://blog.cyble.com/2023/03/31/a-comprehensive-analysis-of-the-3cx-attack

https://www.mandiant.com/resources/blog/lightshift-and-lightshow

https://www.youtube.com/watch?v=fTX-vgSEfjk

https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/april/decoding-network-data-from-a-gh0st-rat-variant/

https://asec.ahnlab.com/ko/58215/

https://youtu.be/_kzFNQySEMw?t=789

https://research.nccgroup.com/2018/04/17/decoding-network-data-from-a-gh0st-rat-variant/

https://www.symantec.com/connect/blogs/south-korean-financial-companies-targeted-castov

https://securingtomorrow.mcafee.com/mcafee-labs/lazarus-resurfaces-targets-global-banks-bitcoin-users/

https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/591/original/062521_SideCopy_%281%29.pdf?1625657388

https://www.us-cert.gov/ncas/analysis-reports/ar20-045c

https://blog.talosintelligence.com/lazarus-three-rats/

http://blog.nsfocus.net/stumbzarus-apt-lazarus/

https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/operation-sharpshooter-targets-global-defense-critical-infrastructure/

https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344

http://researchcenter.paloaltonetworks.com/2017/04/unit42-the-blockbuster-sequel/

https://drive.google.com/file/d/1lq0Sjw4FKBxf017Ss7W7uGMvs7CgFzcA/view

https://norfolkinfosec.com/dprk-malware-targeting-security-researchers/

https://ti.qianxin.com/uploads/2020/02/13/cb78386a082f465f259b37dae5df4884.pdf

https://docs.huihoo.com/rsaconference/usa-2014/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries-final.pdf

https://medium.com/s2wlab/analysis-of-lazarus-malware-abusing-non-activex-module-in-south-korea-7d52b9539c12

https://blog.talosintelligence.com/2019/09/panda-evolution.html

https://www.cisa.gov/uscert/sites/default/files/publications/aa22-187a-north-korean%20state-sponsored-cyber-actors-use-maui-ransomware-to-target-the-hph-sector.pdf

https://www.symantec.com/connect/blogs/duuzer-back-door-trojan-targets-south-korea-take-over-computers

https://www.justice.gov/opa/pr/three-north-korean-military-hackers-indicted-wide-ranging-scheme-commit-cyberattacks-and

https://asec.ahnlab.com/ko/53832/

https://www.nttsecurity.com/docs/librariesprovider3/default-document-library/craftypanda-analysis-report

https://thehackernews.com/2022/04/chinese-hackers-target-vmware-horizon.html

https://i.blackhat.com/USA-20/Wednesday/us-20-Perlow-FASTCash-And-INJX_Pure-How-Threat-Actors-Use-Public-Standards-For-Financial-Fraud.pdf

https://apt.etda.or.th/cgi-bin/showcard.cgi?u=f04ded49-5b0e-4422-9c6c-4c6e2ed7d3d3

https://threatray.com/wp-content/uploads/2021/12/threatray-establishing-the-tigerrat-and-tigerdownloader-malware-families.pdf

https://blogs.blackberry.com/en/2021/10/drawing-a-dragon-connecting-the-dots-to-find-apt41

https://risky.biz/whatiswinnti/

https://twitter.com/KevinPerlow/status/1160766519615381504

https://blog.sekoia.io/bluenoroffs-rustbucket-campaign/

https://www.trendmicro.com/en_us/research/22/d/new-apt-group-earth-berberoka-targets-gambling-websites-with-old.html

https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07180244/Lazarus_Under_The_Hood_PDF_final.pdf

https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/webworm-espionage-rats

https://i.blackhat.com/eu-20/Wednesday/eu-20-Rivera-From-Zero-To-Sixty-The-Story-Of-North-Koreas-Rapid-Ascent-To-Becoming-A-Global-Cyber-Superpower.pdf

https://securelist.com/apt-trends-report-q1-2021/101967/

https://www.malwarebytes.com/blog/news/2018/03/hermes-ransomware-distributed-to-south-koreans-via-recent-flash-zero-day

http://www.documentcloud.org/documents/7038686-US-Army-report-on-North-Korean-military.html

https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/592/original/Hashes_IOCs_for_coverage.txt

https://www.youtube.com/watch?v=9nuo-AGg4p4

https://labs.k7computing.com/index.php/lazarus-apts-operation-interception-uses-signed-binary/

https://www.group-ib.com/blog/stealthy-attributes-of-apt-lazarus/

https://blog.trendmicro.com/trendlabs-security-intelligence/lazarus-campaign-targeting-cryptocurrencies-reveals-remote-controller-tool-evolved-ratankba/

https://decoded.avast.io/luiginocamastra/from-byovd-to-a-0-day-unveiling-advanced-exploits-in-cyber-recruiting-scams/

https://www.secureworks.com/research/threat-profiles/aluminum-saratoga

https://www.volexity.com/blog/2023/03/30/3cx-supply-chain-compromise-leads-to-iconic-incident/

https://www.secureworks.com/research/threat-profiles/iron-viking

https://www.symantec.com/connect/blogs/four-years-darkseoul-cyberattacks-against-south-korea-continue-anniversary-korean-war

https://asec.ahnlab.com/en/56405/

https://blog.malwarebytes.com/threat-analysis/2012/06/you-dirty-rat-part-1-darkcomet/

https://www.secureworks.com/research/threat-profiles/bronze-fleetwood

https://threatbook.cn/ppt/The%2520Nightmare%2520of%2520Global%2520Cryptocurrency%2520Companies%2520-%2520Demystifying%2520the%2520%25E2%2580%259CDangerousPassword%25E2%2580%259D%2520of%2520the%2520APT%2520Organization.pdf

https://securelist.com/lazarus-covets-covid-19-related-intelligence/99906/

https://us-cert.cisa.gov/ncas/alerts/aa22-108a

http://blog.emsisoft.com/2017/05/12/wcry-ransomware-outbreak/

https://unit42.paloaltonetworks.com/tdrop2-attacks-suggest-dark-seoul-attackers-return/

https://us-cert.cisa.gov/ncas/alerts/aa21-048a

https://labs.withsecure.com/content/dam/labs/docs/WithSecure-Lazarus-No-Pineapple-Threat-Intelligence-Report-2023.pdf

https://securelist.com/apt-trends-report-q3-2020/99204/

https://blog.trendmicro.com/trendlabs-security-intelligence/operation-endtrade-finding-multi-stage-backdoors-that-tick/

https://www.3cx.com/blog/news/mandiant-initial-results/

https://mp.weixin.qq.com/s?__biz=MzUyMjk4NzExMA%3D%3D&mid=2247499462&idx=1&sn=7cc55f3cc2740e8818648efbec21615f

http://report.threatbook.cn/LS.pdf

https://www.microsoft.com/security/blog/2019/12/12/gallium-targeting-global-telecom/

https://objective-see.com/blog/blog_0x57.html

https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/591/original/062521_SideCopy_%281%29.pdf

https://us-cert.cisa.gov/ncas/analysis-reports/ar20-232a

https://blogs.jpcert.or.jp/en/2020/08/Lazarus-malware.html

https://www.group-ib.com/blog/btc_changer

https://blog.comae.io/wannacry-the-largest-ransom-ware-infection-in-history-f37da8e30a58

https://asec.ahnlab.com/en/57685/

https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise

https://www.elastic.co/security-labs/elastic-users-protected-from-suddenicon-supply-chain-attack

https://twitter.com/RedDrip7/status/1595365451495706624

https://twitter.com/kucher1n/status/1642886340105601029?t=3GCn-ZhDjqWEMXya_PKseg

https://blogs.vmware.com/security/2022/11/threat-analysis-active-c2-discovery-using-protocol-emulation-part4-dacls-aka-mata.html

http://www.welivesecurity.com/2016/12/13/rise-telebots-analyzing-disruptive-killdisk-attacks/

https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/the-hermit-kingdoms-ransomware-play.html

https://www.us-cert.gov/ncas/alerts/TA17-164A

https://blogs.jpcert.or.jp/en/2022/07/vsingle.html

https://asec.ahnlab.com/ko/22975/

https://www.cyberbit.com/dtrack-apt-malware-found-in-nuclear-power-plant/

https://eng.nis.go.kr/common/download.do?type=&seq=8E464392CD0485169FA97278AEE8B607

https://securelist.com/apt-trends-report-q2-2019/91897/

https://www.mandiant.com/resources/blog/north-korea-cyber-structure-alignment-2023

https://symantec-blogs.broadcom.com/blogs/threat-intelligence/elfin-apt33-espionage

https://unit42.paloaltonetworks.com/north-korean-threat-group-play-ransomware/

https://therecord.media/north-korea-accused-of-orchestrating-100-million-harmony-crypto-hack/

https://blog.talosintelligence.com/2020/12/2020-year-in-malware.html

https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lazarus-dream-job-chemical

https://www.microsoft.com/en-us/security/blog/2023/10/18/multiple-north-korean-threat-actors-exploiting-the-teamcity-cve-2023-42793-vulnerability/

https://blog.trendmicro.com/trendlabs-security-intelligence/new-macos-dacls-rat-backdoor-show-lazarus-multi-platform-attack-capability/

https://asec.ahnlab.com/wp-content/uploads/2021/11/Lazarus-%EA%B7%B8%EB%A3%B9%EC%9D%98-NukeSped-%EC%95%85%EC%84%B1%EC%BD%94%EB%93%9C-%EB%B6%84%EC%84%9D-%EB%B3%B4%EA%B3%A0%EC%84%9C.pdf

https://blog.alyac.co.kr/2105

https://www.us-cert.gov/ncas/alerts/TA17-318A

https://www.cisa.gov/news-events/analysis-reports/ar18-165a

https://cybersecurity.att.com/blogs/labs-research/lazarus-campaign-ttps-and-evolution

https://technical.nttsecurity.com/post/102fnog/targeted-trickbot-activity-drops-powerbrace-backdoor

https://www.secureworks.com/research/a-peek-into-bronze-unions-toolbox

https://ics-cert.kaspersky.com/media/Kaspersky-ICS-CERT-Lazarus-targets-defense-industry-with-Threatneedle-En.pdf

https://cloud.google.com/blog/topics/threat-intelligence/cyber-threats-targeting-brazil

https://www.pwc.co.uk/cyber-security/assets/cyber-threats-2019-retrospect.pdf

https://www.threatray.com/blog/establishing-the-tigerrat-and-tigerdownloader-malware-families

https://www.sentinelone.com/labs/modifiedelephant-apt-and-a-decade-of-fabricating-evidence/

https://www.carbonblack.com/2020/04/16/vmware-carbon-black-tau-threat-analysis-the-evolution-of-lazarus/

https://www.youtube.com/watch?v=1NkzTKkEM2k

https://securingtomorrow.mcafee.com/mcafee-labs/android-malware-appears-linked-to-lazarus-cybercrime-group/#sf174581990

https://blog.prevailion.com/2020/06/the-gh0st-remains-same8.html

https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

https://www.bleepingcomputer.com/news/security/coinspaid-blames-lazarus-hackers-for-theft-of-37-300-000-in-crypto/

https://www.trmlabs.com/post/inside-north-koreas-crypto-heists

https://norfolkinfosec.com/osint-reporting-on-dprk-and-ta505-overlap/

https://www.trendmicro.com/en_us/research/21/l/collecting-in-the-dark-tropic-trooper-targets-transportation-and-government-organizations.html

https://blog.cyble.com/2022/07/12/new-ransomware-groups-on-the-rise/

https://securelist.com/mata-multi-platform-targeted-malware-framework/97746/

https://www.bleepingcomputer.com/news/security/north-korean-hackers-linked-to-15-billion-bybit-crypto-heist/

https://www.symantec.com/connect/blogs/trojankoredos-comes-unwelcomed-surprise

https://businessinsights.bitdefender.com/tech-advisory-manageengine-cve-2022-47966

https://posts.specterops.io/introducing-venator-a-macos-tool-for-proactive-detection-34055a017e56

https://blogs.jpcert.or.jp/en/2022/07/yamabot.html

https://www.symantec.com/connect/blogs/wannacry-ransomware-attacks-show-strong-links-lazarus-group

https://www.youtube.com/watch?v=mrTdSdMMgnk

https://www.bleepingcomputer.com/news/security/lazarus-hackers-linked-to-60-million-alphapo-cryptocurrency-heist/

https://medium.com/s2wlab/analysis-of-threatneedle-c-c-communication-feat-google-tag-warning-to-researchers-782aa51cf74

https://resources.malwarebytes.com/files/2020/02/2020_State-of-Malware-Report.pdf

https://www.bleepingcomputer.com/news/security/north-korean-hackers-are-up-to-no-good-again/

https://logrhythm.com/blog/a-technical-analysis-of-wannacry-ransomware/

https://objective-see.com/blog/blog_0x49.html

https://apt.etda.or.th/cgi-bin/showcard.cgi?u=41dcfaff-d5f0-484d-8649-ef8c61588eec

https://thehackernews.com/2023/10/north-koreas-lazarus-group-launders-900.html

https://gist.github.com/rain-1/989428fa5504f378b993ee6efbc0b168

https://www.secureworks.com/about/press/media-alert-secureworks-discovers-north-korean-cyber-threat-group-lazarus-spearphishing

https://www.welivesecurity.com/2023/04/20/linux-malware-strengthens-links-lazarus-3cx-supply-chain-attack/

https://www.proofpoint.com/sites/default/files/pfpt-us-wp-north-korea-bitten-by-bitcoin-bug.pdf

https://www.3cx.com/blog/news/mandiant-security-update2/

https://attack.mitre.org/groups/G0001/

https://i.blackhat.com/USA-20/Wednesday/us-20-Perlow-FASTCash-And-INJX_Pure-How-Threat-Actors-Use-Public-Standards-For-Financial-Fraud-wp.pdf

https://ti.qianxin.com/blog/articles/Analysis-of-attacks-by-Lazarus-using-Daewoo-shipyard-as-bait/

https://www.symantec.com/blogs/threat-intelligence/fastcash-lazarus-atm-malware

https://blog.macnica.net/blog/2020/11/dtrack.html

https://objective-see.org/blog/blog_0x73.html

https://mega.nz/file/lkh1gY5C#93FUlwTwl0y27cfM0jtm4SYnWbtk06d0qoDg1e4eQ6s

https://www.elliptic.co/blog/north-korean-hackers-return-to-tornado-cash-despite-sanctions

https://dissectingmalwa.re/third-times-the-charm-analysing-wannacry-samples.html

https://blog.qualys.com/vulnerabilities-threat-research/2022/02/08/lolzarus-lazarus-group-incorporating-lolbins-into-campaigns

https://securelist.com/blog/sas/77908/lazarus-under-the-hood/

https://www.cfr.org/interactive/cyber-operations/covellite

https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/594/original/Network_IOCs_list_for_coverage.txt?1625657479

https://research.nccgroup.com/2022/05/05/north-koreas-lazarus-and-their-initial-access-trade-craft-using-social-media-and-social-engineering/

https://blog.talosintelligence.com/2020/11/crat-and-plugins.html

https://www.cisa.gov/uscert/ncas/alerts/aa20-239a

https://www.splunk.com/en_us/blog/security/splunk-insights-investigating-the-3cxdesktopapp-supply-chain-compromise.html

https://www.us-cert.gov/ncas/analysis-reports/ar20-045b

https://www.us-cert.gov/ncas/analysis-reports/ar20-045a

https://www.zscaler.com/blogs/security-research/analysis-lilithbot-malware-and-eternity-threat-group

https://symantec-blogs.broadcom.com/blogs/threat-intelligence/fastcash-lazarus-atm-malware

https://www.mandiant.com/resources/blog/lightshow-north-korea-unc2970

https://securelist.com/andariel-deploys-dtrack-and-maui-ransomware/107063/

https://www.mandiant.com/resources/blog/dprk-whatsapp-phishing

https://blog.google/threat-analysis-group/countering-threats-north-korea/

https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/

https://twitter.com/greglesnewich/status/1742575613834084684

https://unit42.paloaltonetworks.com/atoms/iron-taurus/

https://securelist.com/dtrack-targeting-europe-latin-america/107798/

https://asec.ahnlab.com/en/55369/

https://www.telsy.com/download/5394/?uid=28b0a4577e

https://media.defense.gov/2023/Feb/09/2003159161/-1/-1/0/CSA_RANSOMWARE_ATTACKS_ON_CI_FUND_DPRK_ACTIVITIES.PDF

https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/hidden-cobra-targets-turkish-financial-sector-new-bankshot-implant/

https://www.intezer.com/blog/malware-analysis/chinaz-relations/

https://cloud.google.com/blog/topics/threat-intelligence/unc4393-goes-gently-into-silentnight

http://www.mcafee.com/us/resources/white-papers/wp-dissecting-operation-troy.pdf

https://labs.sentinelone.com/the-deadly-planeswalker-how-the-trickbot-group-united-high-tech-crimeware-apt/

https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/

https://www.mandiant.com/resources/blog/apt29-evolving-diplomatic-phishing

https://www.vkremez.com/2019/10/lets-learn-dissecting-lazarus-windows.html

https://securelist.com/lazarus-andariel-mistakes-and-easyrat/110119/

https://www.securonix.com/blog/securonix-threat-labs-monthly-intelligence-insights-june-2023/

https://mandiant.widen.net/s/pkffwrbjlz/m-trends-2023

https://www.reuters.com/article/us-cyber-heist-swift-specialreport-idUSKCN0YB0DD

https://www.symantec.com/security-center/writeup/2018-021216-4405-99#technicaldescription

https://attack.mitre.org/groups/G0032/

https://securityscorecard.com/wp-content/uploads/2025/01/Operation-Phantom-Circuit-Report_012725_03.pdf

https://baesystemsai.blogspot.com/2017/10/taiwan-heist-lazarus-tools.html

https://baesystemsai.blogspot.com/2017/02/lazarus-watering-hole-attacks.html

https://dragos.com/media/2017-Review-Industrial-Control-System-Threats.pdf

https://www.virusbulletin.com/uploads/pdf/magazine/2018/VB2018-Kalnai-Poslusny.pdf

https://www.sentinelone.com/blog/lazarus-operation-interception-targets-macos-users-dreaming-of-jobs-in-crypto/

https://labs.sentinelone.com/dprk-hidden-cobra-update-north-korean-malicious-cyber-activity/

https://youtu.be/8hJyLkLHH8Q?t=1208

https://www.cisa.gov/uscert/ncas/alerts/aa22-108a

https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2021GTR.pdf

https://securelist.com/the-lazarus-group-deathnote-campaign/109490/

https://www.welivesecurity.com/2020/11/16/lazarus-supply-chain-attack-south-korea/

https://download.hauri.net/DownSource/down/dwn_detail_down.html?uid=55

https://blog.bushidotoken.net/2020/06/deep-dive-darkhotel-apt.html

https://securelist.com/big-threats-using-code-similarity-part-1/97239/

https://www.group-ib.com/blog/3cx-supply-chain-attack/?utm_source=twitter&utm_campaign=3cx-blog&utm_medium=social

https://krebsonsecurity.com/2021/08/ransomware-gangs-and-the-name-game-distraction/

https://blog.talosintelligence.com/2022/09/lazarus-three-rats.html?m=1

https://www.linkedin.com/posts/alessio-di-santo-712348197_iocs-ttps-lazarusgroup-activity-7263976334807220224-N6Ue/

https://vb2020.vblocalhost.com/conference/presentations/unveiling-the-cryptomimic/

https://asec.ahnlab.com/en/53132/

https://storage.googleapis.com/pub-tools-public-publication-data/pdf/ce44cbda9fdc061050c1d2a5dec0270874a9dc85.pdf

https://github.com/hvs-consulting/ioc_signatures/tree/main/Lazarus_APT37

https://www.bleepingcomputer.com/news/security/north-korean-hackers-stole-research-data-in-two-month-long-breach/

https://st.drweb.com/static/new-www/news/2020/october/Study_of_the_ShadowPad_APT_backdoor_and_its_relation_to_PlugX_en.pdf

https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf

https://www.microsoft.com/security/blog/2017/05/12/wannacrypt-ransomware-worm-targets-out-of-date-systems/

https://www.cfr.org/interactive/cyber-operations/compromise-cryptocurrency-exchanges-south-korea

https://blog.naver.com/checkmal/223416580495

https://www.welivesecurity.com/2017/02/16/demystifying-targeted-malware-used-polish-banks/

https://www.symantec.com/connect/blogs/attackers-target-dozens-global-banks-new-malware

https://www.welivesecurity.com/2023/04/20/linux-malware-strengthens-links-lazarus-3cx-supply-chain-attack

https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/stonefly-north-korea-espionage

https://www.theregister.co.uk/2019/04/10/lazarus_group_malware/

https://www.boho.or.kr/filedownload.do?attach_file_seq=2612&attach_file_id=EpF2612.pdf

https://yoroi.company/research/a-deep-dive-into-eternity-group-a-new-emerging-cyber-threat/

http://www.nartv.org/mirror/ghostnet.pdf

https://www.justice.gov/opa/pr/justice-department-announces-court-authorized-action-disrupt-illicit-revenue-generation

https://www.cisa.gov/news-events/analysis-reports/ar20-232a

https://norfolkinfosec.com/dprk-targeting-researchers-ii-sys-payload-and-registry-hunting/

https://www.krcert.or.kr/filedownload.do?attach_file_seq=3277&attach_file_id=EpF3277.pdf

https://documents.trendmicro.com/assets/white_papers/wp-operation-earth-berberoka.pdf

https://www.cyberbit.com/endpoint-security/dtrack-apt-malware-found-in-nuclear-power-plant/

https://www.cisa.gov/uscert/sites/default/files/publications/AA22-108A-TraderTraitor-North_Korea_APT_Targets_Blockchain_Companies.pdf

https://objective-see.com/blog/blog_0x53.html

https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/covid-19-and-new-year-greetings-the-higaisa-group/

https://www.reversinglabs.com/blog/fake-recruiter-coding-tests-target-devs-with-malicious-python-packages

https://www.consilium.europa.eu/en/press/press-releases/2020/07/30/eu-imposes-the-first-ever-sanctions-against-cyber-attacks/

https://twitter.com/h2jazi/status/1681426768597778440

https://cocomelonc.github.io/tutorial/2021/09/06/simple-malware-av-evasion-2.html

https://www.secureworks.com/research/threat-profiles/bronze-union

https://malwareandstuff.com/peb-where-magic-is-stored/

https://blogs.vmware.com/security/2021/12/tigerrat-advanced-adversaries-on-the-prowl.html

https://securelist.com/operation-applejeus-sequel/95596/

https://us-cert.cisa.gov/ncas/analysis-reports/ar21-048b

https://therecord.media/3cx-attack-north-korea-lazarus-group

https://www.elastic.co/security-labs/DPRK-strikes-using-a-new-variant-of-rustbucket

https://content.fireeye.com/apt/rpt-apt38

https://blog.malwarebytes.com/threat-intelligence/2022/01/north-koreas-lazarus-apt-leverages-windows-update-client-github-in-latest-campaign/

https://home.treasury.gov/news/press-releases/sm924

https://blogs.jpcert.or.jp/en/2021/10/gh0sttimes.html

https://securityscorecard.com/wp-content/uploads/2025/01/Report_011325_Strike_Operation99.pdf

https://us-cert.cisa.gov/ncas/analysis-reports/ar21-048d

https://blog.talosintelligence.com/lazarus-collectionrat/

https://blog.lexfo.fr/ressources/Lexfo-WhitePaper-The_Lazarus_Constellation.pdf

https://news.sophos.com/en-us/2019/09/18/the-wannacry-hangover/

https://summit.fireeye.com/content/dam/fireeye-www/summit/cds-2019/presentations/cds19-executive-s08-achievement-unlocked.pdf

https://securelist.com/apt-trends-report-q2-2020/97937/

https://www.fireeye.com/blog/threat-research/2016/06/apt_group_sends_spea.html

https://blogs.jpcert.or.jp/en/2021/01/Lazarus_malware2.html

https://securelist.com/cryptocurrency-businesses-still-being-targeted-by-lazarus/90019/

https://asec.ahnlab.com/wp-content/uploads/2023/10/20231013_Lazarus_OP.Dream_Magic.pdf

https://blog.nviso.eu/2022/02/24/threat-update-ukraine-russia-tensions/

https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Cyber-Sicherheitslage/Analysen-und-Prognosen/Threat-Intelligence/Aktive_APT-Gruppen/aktive-apt-gruppen_node.html

https://researchcenter.paloaltonetworks.com/2017/08/unit42-blockbuster-saga-continues/

https://blog.trendmicro.com/trendlabs-security-intelligence/new-killdisk-variant-hits-latin-american-financial-organizations-again/

https://web-assets.esetstatic.com/wls/en/papers/threat-reports/eset-apt-activity-report-q2-2023-q3-2023.pdf

https://asec.ahnlab.com/en/57736/

https://github.com/jeFF0Falltrades/IoCs/blob/master/APT/dtrack_lazarus_group.md

https://www.sentinelone.com/blog/four-distinct-families-of-lazarus-malware-target-apples-macos-platform/

https://www.clearskysec.com/wp-content/uploads/2020/06/CryptoCore_Group.pdf

https://blog.malwarebytes.com/threat-analysis/2019/03/the-advanced-persistent-threat-files-lazarus-group/

https://www.boho.or.kr/filedownload.do?attach_file_seq=2452&attach_file_id=EpF2452.pdf

https://www.proofpoint.com/sites/default/files/pfpt-us-wp-north-korea-bitten-by-bitcoin-bug-180129.pdf

https://github.com/fboldewin/FastCashMalwareDissected/

https://us-cert.cisa.gov/ncas/alerts/aa20-345a

https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/sophoslabs-cloud-snooper-report.pdf

https://marcoramilli.com/2019/11/04/is-lazarus-apt38-targeting-critical-infrastructures/

https://www.malwarebytes.com/blog/threat-intelligence/2021/04/lazarus-apt-conceals-malicious-code-within-bmp-file-to-drop-its-rat

https://www.microsoft.com/en-us/security/blog/2022/09/29/zinc-weaponizing-open-source-software/

https://us-cert.cisa.gov/ncas/analysis-reports/ar20-239a

https://www.theverge.com/2022/3/29/23001620/sky-mavis-axie-infinity-ronin-blockchain-validation-defi-hack-nft

https://asec.ahnlab.com/en/32572/

https://www.secureworks.com/research/threat-profiles/nickel-academy

https://www.botconf.eu/wp-content/uploads/2022/05/Botconf2022-40-LunghiHorejsi.pdf

https://www.anquanke.com/post/id/223817

https://www.bleepingcomputer.com/news/security/radiant-links-50-million-crypto-heist-to-north-korean-hackers/

https://threatpost.com/operation-blockbuster-coalition-ties-destructive-attacks-to-lazarus-group/116422/

https://www.welivesecurity.com/2022/09/30/amazon-themed-campaigns-lazarus-netherlands-belgium/

https://github.blog/2023-07-18-security-alert-social-engineering-campaign-targets-technology-industry-employees/

https://www.trendmicro.com/en_us/research/23/b/earth-kitsune-delivers-new-whiskerspy-backdoor.html

https://blog.malwarebytes.com/threat-analysis/2012/10/dark-comet-2-electric-boogaloo/

https://asec.ahnlab.com/ko/47751/

https://www.hvs-consulting.de/lazarus-report/

https://go.recordedfuture.com/hubfs/reports/cta-2023-1130.pdf

https://www.youtube.com/watch?v=nUjxH1gW53s

https://twitter.com/ShadowChasing1/status/1399369260577681426?s=20

http://www.issuemakerslab.com/research3/

https://blogs.jpcert.or.jp/en/2024/02/lazarus_pypi.html

https://www.trendmicro.com/en_us/research/23/c/information-on-attacks-involving-3cx-desktop-app.html

https://blog.talosintelligence.com/2022/09/lazarus-magicrat.html

https://www.bleepingcomputer.com/news/security/fbi-links-largest-crypto-hack-ever-to-north-korean-hackers/

https://www.mcafee.com/enterprise/en-us/assets/white-papers/wp-dissecting-operation-troy.pdf

https://www.mandiant.com/resources/blog/north-korea-supply-chain

https://securelist.com/lazarus-apt-steals-crypto-with-a-tank-game/114282/

https://web.archive.org/web/20200922165625/https://dcso.de/2019/03/18/enterprise-malware-as-a-service/

https://suspected.tistory.com/269

https://www.welivesecurity.com/2021/04/08/are-you-afreight-dark-watch-out-vyveva-new-lazarus-backdoor/

https://medium.com/insomniacs/what-happened-between-the-bigbadwolf-and-the-tiger-925549a105b2

https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/WannaCry-Aftershock.pdf

https://blogs.jpcert.or.jp/en/2020/09/BLINDINGCAN.html

https://www.il-pib.pl/czasopisma/JTIT/2019/1/113.pdf

https://www.huntress.com/blog/3cx-voip-software-compromise-supply-chain-threats

http://www.independent.co.uk/news/uk/home-news/wannacry-malware-hack-nhs-report-cybercrime-north-korea-uk-ben-wallace-a8022491.html

https://www.bleepingcomputer.com/news/security/fbi-links-north-korean-hackers-to-308-million-crypto-heist/

https://home.treasury.gov/index.php/news/press-releases/sm774

https://mp.weixin.qq.com/s?__biz=MzUyMjk4NzExMA==&mid=2247505438&idx=1&sn=cf1947c7af6581f4a66460ae6d14dc2f

https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020OverWatchNowheretoHide.pdf

https://www.sentinelone.com/blog/lazarus-operation-interception-targets-macos-users-dreaming-of-jobs-in-crypto

https://us-cert.cisa.gov/ncas/analysis-reports/ar21-048e

https://github.com/dodo-sec/Malware-Analysis/blob/main/SmoothOperator/SmoothOperator.md

https://securelist.com/the-bluenoroff-cryptocurrency-hunt-is-still-on/105488/

https://us-cert.cisa.gov/ncas/analysis-reports/ar21-048a

https://therecord.media/eu-sanctions-north-korea-ukraine-war-lazarus-group

https://github.com/0xZuk0/rules-of-yaras/blob/main/reports/Wannacry%20Ransomware%20Report.pdf

https://adeo.com.tr/wp-content/uploads/2020/05/ADEO-Lazarus-APT38.pdf

https://asec.ahnlab.com/en/33801/

https://medium.com/ax1al/reversing-ryuk-eef8ffd55f12

https://blog.talosintelligence.com/2019/01/fake-korean-job-posting.html

https://securelist.com/lazarus-new-malware/115059/

https://securelist.com/lazarus-under-the-hood/77908/

https://www.anquanke.com/post/id/230161

https://www.attackiq.com/2023/01/05/emulating-the-highly-sophisticated-north-korean-adversary-lazarus-group/

https://www.cfr.org/interactive/cyber-operations/operation-ghostsecret

https://www.tgsoft.it/files/report/download.asp?id=7481257469

https://cocomelonc.github.io/tutorial/2021/09/04/simple-malware-av-evasion.html

https://vipyrsec.com/research/elf64-rat-malware/

http://www.welivesecurity.com/2016/12/13/rise-telebots-analyzing-disruptive-killdisk-attacks

https://www.proofpoint.com/us/blog/threat-insight/ta444-apt-startup-aimed-at-your-funds

https://attack.mitre.org/groups/G0011

https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/lazarus-recruitment/

https://www.gendigital.com/blog/news/innovation/lazarus-fudmodule-v3

https://marcoramilli.com/2021/01/09/c2-traffic-patterns-personal-notes/

https://securelist.com/andariel-evolves-to-target-south-korea-with-ransomware/102811/

https://operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Loaders-Installers-and-Uninstallers-Report.pdf

https://raw.githubusercontent.com/yt0ng/cracking_softcell/main/Cracking_SOFTCLL_TLP_WHITE.pdf

https://www.microsoft.com/security/blog/2020/03/05/human-operated-ransomware-attacks-a-preventable-disaster/

https://research.openanalysis.net/3cx/northkorea/apt/triage/2023/03/30/3cx-malware.html#Functionality

https://www.hhs.gov/sites/default/files/manage-engine-vulnerability-sector-alert-tlpclear.pdf

https://malverse.it/analisi-bankshot-copperhedge

https://blog.netlab.360.com/dacls-the-dual-platform-rat-en/

https://www.datanet.co.kr/news/articleView.html?idxno=133346

https://www.reversinglabs.com/blog/vmconnect-supply-chain-campaign-continues

https://www.mcafee.com/blogs/other-blogs/mcafee-labs/operation-north-star-summary-of-our-latest-analysis/

https://raw.githubusercontent.com/eric-erki/APT_CyberCriminal_Campagin_Collections/master/2017/2017.05.30.Lazarus_Arisen/Group-IB_Lazarus.pdf

https://www.akamai.com/blog/security-research/2024-php-exploit-cve-one-day-after-disclosure

https://www.intezer.com/wp-content/uploads/2021/02/Intezer-2020-Go-Malware-Round-Up.pdf

https://www.zdnet.com/article/google-north-korean-hackers-have-targeted-security-researchers-via-social-media/

https://blog.avast.com/ransomware-that-infected-telefonica-and-nhs-hospitals-is-spreading-aggressively-with-over-50000-attacks-so-far-today

https://www.us-cert.gov/ncas/analysis-reports/ar20-045g

https://www.documentcloud.org/documents/4834259-Park-Jin-Hyok-Complaint.html

https://blog.talosintelligence.com/lazarus_new_rats_dlang_and_telegram/

https://threatrecon.nshc.net/2019/01/23/sectora01-custom-proxy-utility-tool-analysis/

https://blog.trendmicro.com/trendlabs-security-intelligence/what-we-can-learn-from-the-bangladesh-central-bank-cyber-heist/

https://www.hvs-consulting.de/media/downloads/ThreatReport-Lazarus.pdf

https://www.comae.com/posts/pandorabox-north-koreans-target-security-researchers/

https://blogs.jpcert.or.jp/en/2021/01/Lazarus_tools.html

https://us-cert.cisa.gov/ncas/analysis-reports/ar21-048g

https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344/

https://www.bleepingcomputer.com/news/security/lazarus-group-deploys-its-first-mac-malware-in-cryptocurrency-exchange-hack/

https://doubleagent.net/fastcash-for-linux/

https://www.clearskysec.com/wp-content/uploads/2021/05/CryptoCore-Lazarus-Clearsky.pdf

https://www.us-cert.gov/ncas/alerts/aa20-106a

https://medium.com/@DCSO_CyTec/andariels-jupiter-malware-and-the-case-of-the-curious-c2-dbfe29f57499

https://www.elastic.co/security-labs/elastic-catches-dprk-passing-out-kandykorn

https://github.com/werkamsus/Lilith

https://www.microsoft.com/en-us/security/blog/2023/11/22/diamond-sleet-supply-chain-compromise-distributes-a-modified-cyberlink-installer/

https://securityintelligence.com/posts/defensive-considerations-lazarus-fudmodule/

https://www.mcafee.com/blogs/other-blogs/mcafee-labs/lazarus-resurfaces-targets-global-banks-bitcoin-users/

https://themoscowtimes.com/news/wcry-virus-reportedly-infects-russian-interior-ministrys-computer-network-57984

https://github.com/649/APT38-DYEPACK

https://blog.talosintelligence.com/2022/09/lazarus-three-rats.html

https://decoded.avast.io/janvojtesek/lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day/

https://www.symantec.com/connect/blogs/swift-attackers-malware-linked-more-financial-attacks

https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/xtrader-3cx-supply-chain

https://www.fortinet.com/blog/threat-research/deep-panda-log4shell-fire-chili-rootkits

https://www.cisa.gov/uscert/ncas/alerts/aa22-187a

https://www.youtube.com/watch?v=zGvQPtejX9w

https://blogs.jpcert.or.jp/ja/2023/05/dangerouspassword.html

https://www.us-cert.gov/ncas/alerts/TA18-149A

https://blog.talosintelligence.com/2022/06/avoslocker-new-arsenal.html

https://www.jamf.com/blog/bluenoroff-apt-targets-macos-rustbucket-malware/

https://www.us-cert.gov/ncas/analysis-reports/ar20-045d

https://operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Destructive-Malware-Report.pdf

https://dragos.com/resource/covellite/

https://hub.elliptic.co/analysis/north-korea-s-lazarus-group-likely-responsible-for-35-million-atomic-crypto-theft/

https://global.ahnlab.com/global/upload/download/asecreport/ASEC%20REPORT_vol.102_ENG%20(4).pdf

https://securelist.com/bluenoroff-methods-bypass-motw/108383/

https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/3cx-supply-chain-attack

https://norfolkinfosec.com/a-lazarus-keylogger-pslogger/

https://s.tencent.com/research/report/836.html

https://www.crowdstrike.com/blog/the-anatomy-of-wiper-malware-part-3/

https://attack.mitre.org/groups/G0034

https://vblocalhost.com/uploads/VB2021-Park.pdf

https://medium.com/threat-intel/lazarus-attacks-wannacry-5fdeddee476c

https://web.archive.org/web/20130701021735/https://www.symantec.com/connect/blogs/four-years-darkseoul-cyberattacks-against-south-korea-continue-anniversary-korean-war

https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols

https://www.symantec.com/blogs/threat-intelligence/elfin-apt33-espionage

http://www.hexblog.com/?p=1248

http://baesystemsai.blogspot.de/2016/05/cyber-heist-attribution.html

https://www.youtube.com/watch?v=rjA0Vf75cYk

https://www.fortinet.com/blog/threat-research/3cx-desktop-app-compromised

https://www.us-cert.gov/ncas/alerts/TA18-275A

https://intel471.com/blog/china-cybercrime-undergrond-deepmix-tea-horse-road-great-firewall/

https://www.crowdstrike.com/blog/big-game-hunting-with-ryuk-another-lucrative-targeted-ransomware/

https://hackcon.org/uploads/327/05%20-%20Kwak.pdf

https://twitter.com/BitsOfBinary/status/1337330286787518464

https://objective-see.com/blog/blog_0x54.html

https://www.telsy.com/lazarus-gate/

https://www.sentinelone.com/blog/dprk-crypto-theft-macos-rustbucket-droppers-pivot-to-deliver-kandykorn-payloads/

https://securelist.com/bluenoroff-new-macos-malware/111290/

https://github.com/monoxgas/sRDI

https://www.brighttalk.com/webcast/18282/493986

https://www.intezer.com/blog-chinaz-relations/

https://dragos.com/adversaries.html

https://asec.ahnlab.com/en/48223/

https://www.picussecurity.com/resource/blog/fbi-north-korean-lazarus-group-bybit-crypto-heist

https://blog.talosintelligence.com/2022/02/threat-roundup-0204-0211.html

https://cyware.com/news/lazarus-hacking-group-expand-their-attack-horizon-by-targeting-an-israeli-defense-company-02e2ec77

https://cocomelonc.github.io/tutorial/2022/05/09/malware-pers-4.html

https://www.fireeye.com/blog/threat-research/2017/05/wannacry-malware-profile.html

https://www.cadosecurity.com/forensic-triage-of-a-windows-system-running-the-backdoored-3cx-desktop-app/

Threat Reports

Threat Reports