north-korea

Infrastructure: C2 often based on compromised servers20 Jun 2026

Reference

North Korea

Que es Infrastructure: C2 often based on compromised servers se refiere a una táctica utilizada por actores APT (Advanced Persistent Threat) para esta…

Persistency: tipically launching ransomware after operation to destroy evidences,Threat Recon.nshc.net alias=SectorA01,http://www.mcafee.com/us/resources/white-papers/wp-dissecting-operation-troy.pdf,http://researchcenter.paloaltonetworks.com/2015/11/tdrop2-attacks-suggest-dark-seoul-attackers-return/,https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf,https://www.alienvault.com/open-threat-exchange/blog/operation-blockbuster-unveils-the-actors-behind-the-sony-attacks,https://www.us-cert.gov/ncas/alerts/TA17-164A,http://www.fsec.or.kr/common/proc/fsec/bbs/21/fileDownLoad/1235.do,https://researchcenter.paloaltonetworks.com/2017/08/unit42-blockbuster-saga-continues/,https://www.crowdstrike.com/blog/unprecedented-announcement-fbi-implicates-north-korea-destructive-attacks/,https://www.us-cert.gov/ncas/alerts/TA17-318A,https://www.us-cert.gov/ncas/alerts/TA17-318B,https://www.proofpoint.com/sites/default/files/pfpt-us-wp-north-korea-bitten-by-bitcoin-bug.pdf,https://securingtomorrow.mcafee.com/mcafee-labs/lazarus-resurfaces-targets-global-banks-bitcoin-users/,https://www.darkreading.com/vulnerabilities---threats/lazarus-group-fancy-bear-most-active-threat-groups-in-2017/d/d-id/1330954?print=yes,https://www.us-cert.gov/HIDDEN-COBRA-North-Korean-Malicious-Cyber-Activity, https://securelist.com/operation-applejeus/87553/,https://blogs.microsoft.com/on-the-issues/2017/12/19/microsoft-facebook-disrupt-zinc-malware-attack-protect-customers-internet-ongoing-cyberthreats/,https://www.secureworks.com/about/press/media-alert-secureworks-discovers-north-korean-cyber-threat-group-lazarus-spearphishing,https://threatrecon.nshc.net/2019/01/23/sectora01-custom-proxy-utility-tool-analysis/,https://objective-see.com/blog/blog_0x49.html,https://www.sentinelone.com/blog/lazarus-apt-targets-mac-users-poisoned-word-document/,https://blog.alyac.co.kr/2827,https://www.sentinelone.com/blog/four-distinct-families-of-lazarus-malware-target-apples-macos-platform/,https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/,https://www.welivesecurity.com/2020/06/17/operation-interception-aerospace-military-companies-cyberspies/,https://www.mcafee.com/blogs/other-blogs/mcafee-labs/operation-north-star-a-job-offer-thats-too-good-to-be-true/,https://www.clearskysec.com/operation-dream-job/,https://blogs.jpcert.or.jp/en/2020/08/Lazarus-malware.html,https://medium.com/s2wlab/analysis-of-threatneedle-c-c-communication-feat-google-tag-warning-to-researchers-782aa51cf74,https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/,https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/,https://www.hvs-consulting.de/lazarus-report/,https://blog.chainalysis.com/reports/lazarus-group-kucoin-exchange-hack,https://securelist.com/lazarus-threatneedle/100803/,https://www.clearskysec.com/wp-content/uploads/2021/05/CryptoCore-Lazarus-Clearsky.pdf,https://blog.alyac.co.kr/3814,https://www.cisa.gov/uscert/ncas/alerts/aa22-108a,https://www.sentinelone.com/blog/lazarus-operation-interception-targets-macos-users-dreaming-of-jobs-in-crypto/,https://www.microsoft.com/security/blog/2022/09/29/zinc-weaponizing-open-source-software/,https://securelist.com/dtrack-targeting-europe-latin-america/107798/,https://www.volexity.com/blog/2022/12/01/buyer-beware-fake-cryptocurrency-applications-serving-as-front-for-applejeus-malware/,https://www.microsoft.com/en-us/security/blog/2022/12/06/dev-0139-launches-targeted-attacks-against-the-cryptocurrency-industry/,https://labs.withsecure.com/content/dam/labs/docs/WithSecure-Lazarus-No-Pineapple-Threat-Intelligence-Report-2023.pdf,https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/,https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/,https://www.welivesecurity.com/en/eset-research/lazarus-luring-employees-trojanized-coding-challenges-case-spanish-aerospace-company/20 Jun 2026

Reference

North Korea Gov

Que es Threat Recon.nshc.net alias=SectorA01 es un actor APT del grupo regional de North Korea asociado a operaciones de ransomware. Este grupo ha sid…

APT3720 Jun 2026

Reference

North Korea

Que es APT37 APT37 es un actor de alto nivel (Advanced Persistent Threat) vinculado al Grupo de Corea del Norte, conocido por su actividad en ciberseg…

(금성121),THALLIUM,,,,,G0067,Reaper,Erebus,Golden Time,Evil New Year,Are you Happy?,FreeMilk,North Korean Human Rights,Evil New Year 2018,Operation Earth Kitsune,KARAE20 Jun 2026

Reference

North Korea

Que es (금성121) es un actor APT asociado al grupo regional de Corea del Norte. Este grupo está vinculado a múltiples alias, incluyendo THALLIUM, G0067,…

TEMP.Hermit20 Jun 2026

Reference

North Korea

Que es TEMP.Hermit TEMP.Hermit es un actor APT (Advanced Persistent Threat) asociado al grupo regional de North Korea. Con alias como APT38, G0082, VO…

OnionDog20 Jun 2026

Reference

North Korea Transportation

Que es OnionDog es un actor APT (Advanced Persistent Threat) del grupo regional North Korea, asociado a actividades de ciberataques dirigidos principa…

Stardust Chollima20 Jun 2026

Reference

North Korea

Que es Stardust Chollima es un actor APT (Advanced Persistent Threat) atribuido al grupo regional de North Korea. Con alias como APT38, ElectricFish, …

(Proofpoint),COPERNICIUM20 Jun 2026

Reference

North Korea

Que es COPERNICIUM (también conocido como Proofpoint) es un actor APT asociado al grupo regional de Corea del Norte. Este grupo ha sido identificado e…

(Microsoft),TAG-71,,,,G0082,,Far Eastern International Bank,,,,,,,,Dimens20 Jun 2026

Reference

North Korea

Que es Microsoft se asocia con un actor APT regional vinculado al grupo North Korea, conocido como Far Eastern International Bank y Dimens. Este actor…

APT4320 Jun 2026

Reference

North Korea

Que es APT43 es un actor de ciberseguridad asociado al grupo regional North Korea, reconocido como un actor APT (Advanced Persistent Threat) con múlti…

WASSONITE20 Jun 2026

Reference

North Korea

Que es WASSONITE es un actor APT (Advanced Persistent Threat) asociado al grupo regional de North Korea, con alias como FASTCash y DTrack. Este grupo …

WASSONITE operations rely on deploying DTrack malware for remote access to victim machines20 Jun 2026

Reference

India

Que es WASSONITE es un grupo de ciberdelincuencia asociado a Corea del Norte, conocido por su uso de malware como DTrack para obtener acceso remoto a …

Third-party security firms associate DTrack and its related malware to the Lazarus Group. Dragos also associates the activity group COVELLITE to Lazarus Group. However20 Jun 2026

Reference

North Korea

Que es DTrack y su malware relacionado se asocian a la Lazarus Group, un grupo de ciberataques apuntado a Corea del Norte. Este grupo, identificado co…

RansomLook pivots

TTPs observadas

Paises afectados

Sectores atacados

URLs nuevas detectadas en IntelTracker

Victimas (13)