Lazarus APT steals cryptocurrency and user data via a decoy MOBA game
Introduction Lazarus APT and its BlueNoroff subgroup are a highly sophisticated and multifaceted Korean-speaking threat actor. We closely monitor their activities and quite often see them using their signature malware in their attacks — a full-feature backdoor called Manuscrypt. According to our research, Lazarus has been employing this malware since at least 2013 and we’ve documented its usage in
北æœé®®ã®ãƒãƒƒã‚«ãƒ¼ãŒã€ŒInternet Explorerã€ã®ã‚¼ãƒãƒ‡ã‚¤è„†å¼±æ€§ã‚’悪用ã—ã¦ãƒžãƒ«ã‚¦ã‚§ã‚¢æ”»æ’ƒã‚’仕掛ã‘ã‚‹
Internet Explorer(IE)ã¯2022å¹´ã«ã‚µãƒãƒ¼ãƒˆãŒçµ‚了ã—ã¾ã—ãŸãŒã€äº’æ›æ€§ã®ãŸã‚ã«Windows 10ã¾ã§ã®OSã«æ¨™æº–æ載ã•ã‚Œã¦ã„ã‚‹ã»ã‹ã€Windows 11ã«ã‚‚Microsoft Edgeã®IEモードã¨ã—ã¦å˜åœ¨ã—続ã‘ã¦ã„ã¾ã™ã€‚ãã‚“ãªIEã®ã‚¼ãƒãƒ‡ã‚¤è„†å¼±(ãœã„ã˜ã‚ƒã)性をçªã„ãŸæ”»æ’ƒã‚’ã€åŒ—æœé®®ã®ãƒãƒƒã‚«ãƒ¼é›†å›£ãŒè¡Œã£ãŸã“ã¨ãŒæ–°ã—ã確èªã•ã‚ŒãŸã¨ã€éŸ“国ã®ã‚µã‚¤ãƒãƒ¼ã‚»ã‚ュリティ当局ãŒç™ºè¡¨ã—ã¾ã—ãŸã€‚ AhnLab and NCSC Release Joint Report on Microsoft Zero-Day Browser Vulnerability (CVE-2024-38178) - ASEC https://asec.ahnlab.com/en/83877/ Malicious ads exploited Internet Explorer zero day to drop ma
ä¸å›½æ”¿åºœç³»ãƒãƒƒã‚«ãƒ¼ã€Œã‚½ãƒ«ãƒˆãƒ»ã‚¿ã‚¤ãƒ•ãƒ¼ãƒ³ã€ãŒè¤‡æ•°ã®ã‚¤ãƒ³ã‚¿ãƒ¼ãƒãƒƒãƒˆãƒ—ãƒãƒã‚¤ãƒ€ãƒ¼ã«ä¾µå…¥ã—ã¦ã„ãŸã“ã¨ãŒåˆ¤æ˜Ž
ã“ã‚Œã¾ã§å…¬ã«ã•ã‚Œã¦ã“ãªã‹ã£ãŸã€Œã‚½ãƒ«ãƒˆãƒ»ã‚¿ã‚¤ãƒ•ãƒ¼ãƒ³(Salt Typhoon)ã€ã¨ã„ã†æ–°ãŸãªä¸å›½æ”¿åºœã®ãƒãƒƒã‚«ãƒ¼ãŒã€ã‚¢ãƒ¡ãƒªã‚«ã®ã‚¤ãƒ³ã‚¿ãƒ¼ãƒãƒƒãƒˆãƒ»ã‚µãƒ¼ãƒ“ス・プãƒãƒã‚¤ãƒ€ãƒ¼(ISP)ã®ã„ãã¤ã‹ã«ä¾µå…¥ã—ã€ãƒˆãƒ©ãƒ•ã‚£ãƒƒã‚¯åˆ¶å¾¡ã®ä¸æž¢ã‚’æ‹…ã†ãƒ«ãƒ¼ã‚¿ãƒ¼ã«ã‚¢ã‚¯ã‚»ã‚¹ã™ã‚‹ãªã©ã—ã¦æ©Ÿå¯†æƒ…å ±ã®çªƒå–を試ã¿ãŸå¯èƒ½æ€§ãŒé«˜ã„ã¨ã€The Wall Street Journal(WSJ)ãŒå ±ã˜ã¾ã—ãŸã€‚ Exclusive | Chinese-Linked Hackers Breach U.S. Internet Providers in New ‘Salt Typhoon’ Cyberattack - WSJ https://www.wsj.com/politics/national-security/china-cyberattack-internet-providers-260bd835 WSJã¯2024å¹´9月25æ—¥ã«ã€ä¸å›½æ”¿åºœã¨ã¤
北æœé®®ã®IT労åƒè€…「UNC5267ã€ãŒè¤‡æ•°ã®ã€Œãƒ•ã‚©ãƒ¼ãƒãƒ¥ãƒ³100ã€ä¼æ¥ã«æ½œã‚Šè¾¼ã‚“ã 事例ãŒã‚ã‚‹ã“ã¨ãŒèª¿æŸ»ã«ã‚ˆã‚Šåˆ¤æ˜Ž
æœé®®æ°‘主主義人民共和国(北æœé®®)ã®ãŸã‚ã«åƒã„ã¦ã„ã‚‹IT労åƒè€…ã®è¿½è·¡èª¿æŸ»ã‚’è¡Œã£ã¦ã„る調査会社・MandiantãŒã€çµŒæ¸ˆåˆ¶è£ç‰ã‚’回é¿ã—ã¦å¤–貨ç²å¾—ã®ãŸã‚ã«å¹…広ã„æ¥ç•Œã®çµ„ç¹”ã§é›‡ç”¨ã•ã‚Œã¦ã„ã‚‹å®Ÿæ…‹ã‚’å ±å‘Šã—ã¦ã„ã¾ã™ã€‚ Staying a Step Ahead: Mitigating the DPRK IT Worker Threat | Google Cloud Blog https://cloud.google.com/blog/topics/threat-intelligence/mitigating-dprk-it-worker-threat/ Dozens of Fortune 100 companies have unwittingly hired North Korean IT workers, according to report https://therecord.media/majo
An Offer You Can Refuse: UNC2970 Backdoor Deployment Using Trojanized PDF Reader | Google Cloud Blog
北æœé®®äººãŒæ±‚人ã«å¿œå‹Ÿã—ã¦ããŸã®ã§ã€Œå…ƒCIA工作員ã€ã®å‰µæ¥è€…ãŒæ’ƒé€€ã—ãŸè©±
FBIã¯åŒ—æœé®®äººãŒèº«åˆ†ã‚’å½ã£ã¦ãƒªãƒ¢ãƒ¼ãƒˆãƒ¯ãƒ¼ã‚«ãƒ¼ã¨ã—ã¦åƒã„ã¦ã„ã‚‹ã¨ã—ã¦è¦æˆ’を呼ã³ã‹ã‘ã¦ãŠã‚Šã€2024å¹´7月ã«ã¯å®Ÿéš›ã«ã‚»ã‚ュリティä¼æ¥ã«åŒ—æœé®®ã®ãƒãƒƒã‚«ãƒ¼ãŒæ½œã‚Šè¾¼ã‚“ã§ä¸æ£ã‚’åƒã„ã¦ã„ãŸã¨ç™ºè¦šã—ãŸã“ã¨ãŒã‚ã‚Šã¾ã™ã€‚å…ƒCIAè·å“¡ãŒè¨ç«‹ã—ãŸã‚¢ãƒ¡ãƒªã‚«ã®ãƒ†ã‚¯ãƒŽãƒã‚¸ãƒ¼ä¼æ¥ãƒ»CinderãŒã€ã“ã®å•é¡ŒãŒè¡¨é¢åŒ–ã™ã‚‹ã‚ˆã‚Šå‰ã«åŒ—æœé®®ã®å½è£…を見抜ãã“ã¨ã«æˆåŠŸã—ãŸçµŒç·¯ã‚’公開ã—ã¾ã—ãŸã€‚ We found North Korean engineers in our application pile. Here’s what our ex-CIA co founders did about it. https://www.cinder.co/blog-posts/north-korean-engineers-in-our-application-pile テãƒçµ„織や国家的ãªå½æƒ…å ±ã‚ャンペーンã«å¯¾å¿œã™ã‚‹ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆå‘ã‘ã®ãƒ—ラットフォ
North Korean hackers exploit VPN update flaw to install malware
HomeNewsSecurityNorth Korean hackers exploit VPN update flaw to install malware South Korea's National Cyber Security Center (NCSC) warns that state-backed DPRK hackers hijacked flaws in a VPN's software update to deploy malware and breach networks. The advisory connects this activity with a nationwide industrial factories modernization project Kim Jong-un, the North Korean president, announced in
ã‚»ã‚ュリティä¼æ¥ãŒé›‡ã£ãŸãƒªãƒ¢ãƒ¼ãƒˆãƒ¯ãƒ¼ã‚«ãƒ¼ãŒå®Ÿã¯åŒ—æœé®®ã®ãƒãƒƒã‚«ãƒ¼ã ã£ãŸ
ã‚»ã‚ュリティソフトウェアを開発ã™ã‚‹ã€ŒKnowBe4ã€ã§ã€ã‚½ãƒ•ãƒˆã‚¦ã‚§ã‚¢ã‚¨ãƒ³ã‚¸ãƒ‹ã‚¢ã¨ã—ã¦æŽ¡ç”¨ã—ãŸäººç‰©ãŒå®Ÿã¯åŒ—æœé®®ã®ãƒãƒƒã‚«ãƒ¼ã ã£ãŸã“ã¨ãŒå ±å‘Šã•ã‚Œã¦ã„ã¾ã™ã€‚ How a North Korean Fake IT Worker Tried to Infiltrate Us https://blog.knowbe4.com/how-a-north-korean-fake-it-worker-tried-to-infiltrate-us Security Firm Discovers Remote Worker Is Really a North Korean Hacker | PCMag https://www.pcmag.com/news/security-firm-discovers-remote-worker-is-really-a-north-korean-hacker フィッシング攻撃やサイ
日本ã®çµ„織を狙ã£ãŸæ”»æ’ƒã‚°ãƒ«ãƒ¼ãƒ—Kimsukyã«ã‚ˆã‚‹æ”»æ’ƒæ´»å‹• - JPCERT/CC Eyes
JPCERT/CCã§ã¯ã€2024å¹´3月ã«Kimsukyã¨å‘¼ã°ã‚Œã‚‹æ”»æ’ƒã‚°ãƒ«ãƒ¼ãƒ—ã«ã‚ˆã‚‹æ—¥æœ¬ã®çµ„織を狙ã£ãŸæ”»æ’ƒæ´»å‹•ã‚’確èªã—ã¾ã—ãŸã€‚今回ã¯ã€ãã®æ”»æ’ƒæ‰‹æ³•ã«ã¤ã„ã¦ç´¹ä»‹ã—ã¾ã™ã€‚ 攻撃ã®æ¦‚è¦ ç¢ºèªã—ãŸæ”»æ’ƒã§ã¯ã€å®‰å…¨ä¿éšœãƒ»å¤–交関係ã®çµ„織をã‹ãŸã£ã¦æ¨™çš„型攻撃メールãŒé€ä¿¡ã•ã‚Œã¦ã„ã¾ã—ãŸã€‚メールã«ã¯åœ§ç¸®ãƒ•ã‚¡ã‚¤ãƒ«ãŒæ·»ä»˜ã•ã‚Œã¦ãŠã‚Šã€å±•é–‹ã™ã‚‹ã¨ä»¥ä¸‹ã®ã‚ˆã†ãª2é‡æ‹¡å¼µåã«ãªã£ã¦ã„る複数ã®ãƒ•ã‚¡ã‚¤ãƒ«ãŒæ ¼ç´ã•ã‚Œã¦ã„ã¾ã™ã€‚(ファイルåã¯çœç•¥ï¼‰ (1) [çœç•¥].docx[大é‡ã®ã‚¹ãƒšãƒ¼ã‚¹].exe (2) [çœç•¥].docx[大é‡ã®ã‚¹ãƒšãƒ¼ã‚¹].docx (3) [çœç•¥].docx[大é‡ã®ã‚¹ãƒšãƒ¼ã‚¹].docx 末尾ã®æ‹¡å¼µåã‚’éš è”½ã™ã‚‹ãŸã‚ã«ã€ãƒ•ã‚¡ã‚¤ãƒ«åã«ã¯å¤§é‡ã®ã‚¹ãƒšãƒ¼ã‚¹ãŒå«ã¾ã‚Œã¦ãŠã‚Šã€æœ€çµ‚çš„ã«(1)ã®EXEファイルを実行ã™ã‚‹ã“ã¨ã§ãƒžãƒ«ã‚¦ã‚§ã‚¢ã«æ„ŸæŸ“ã—ã¾ã™ã€‚図1ã¯ã€EXEファイル実行後ã®æµã‚Œã§ã™ã€‚ 図1: EXEファイル実行後ã®æµã‚Œ ãªãŠ
北æœé®®ã®ã‚¤ãƒ³ã‚¿ãƒ¼ãƒãƒƒãƒˆã‚’1週間ダウンã•ã›ãŸãƒãƒƒã‚«ãƒ¼ãŒãƒãƒƒãƒˆæŽ²ç¤ºæ¿ã«é¡”写真付ãã§é™è‡¨ã—ã¦ã€ŒåŒ—æœé®®ã¸ã®æ”»æ’ƒæ–¹æ³•ã€ã‚’ä¼æŽˆ
北æœé®®ã®ã‚¤ãƒ³ã‚¿ãƒ¼ãƒãƒƒãƒˆã‚’1週間ダウンã•ã›ãŸçµŒæ´ã‚’æŒã¤ãƒãƒƒã‚«ãƒ¼ã®ã‚¢ãƒ¬ãƒãƒ³ãƒ‰ãƒãƒ»ã‚«ã‚»ãƒ¬ã‚¹(ãƒãƒ³ãƒ‰ãƒ«ãƒãƒ¼ãƒ :P4x)æ°ãŒã€ã‚ªãƒ³ãƒ©ã‚¤ãƒ³æŽ²ç¤ºæ¿ã€ŒRedditã€ã«æœ¬äººç¢ºèªç”¨ã®é¡”写真付ãã§é™è‡¨ã—ã¦ãƒ¦ãƒ¼ã‚¶ãƒ¼ã‹ã‚‰ã®è³ªå•ã«ç”ãˆã‚‹ã€Œâ—‹â—‹ã ã‘ã©è³ªå•ã‚る?(AMA)ã€ã‚’実施ã—ã¾ã—ãŸã€‚P4xæ°ã®æŠ•ç¨¿ã¯è¨˜äº‹ä½œæˆæ™‚点ã§2万6000票以上ã®é«˜è©•ä¾¡ã¨3500件以上ã®ã‚³ãƒ¡ãƒ³ãƒˆã‚’集ã‚ã¦ãŠã‚Šã€ã€Œæ”»æ’ƒã®æ‰‹æ³•ã€ã€Œæ”»æ’ƒã®è²»ç”¨ã€ãªã©ã®èˆˆå‘³æ·±ã„æƒ…å ±ãŒå…¬é–‹ã•ã‚Œã¦ã„ã¾ã™ã€‚ I’m the hacker that brought down North Korea’s Internet For Over A Week. AMA byu/dotslashpunk inIAmA P4xæ°ã¯ã‚¢ãƒ¡ãƒªã‚«åœ¨ä½ã®ãƒ›ãƒ¯ã‚¤ãƒˆãƒãƒƒã‚«ãƒ¼ã§ã€2022å¹´ã«è‡ªèº«ãŒåŒ—æœé®®ã‹ã‚‰æ”»æ’ƒã•ã‚ŒãŸã“ã¨ã¸ã®å ±å¾©ã¨ã—ã¦åŒ—æœé®®ã«å¯¾ã—ã¦ã‚µã‚¤ãƒãƒ¼æ”»æ’ƒã‚’ã—ã‹ã‘ã€åŒ—æœé®®ã§å…¬é–‹ã•ã‚Œã¦ã„るウェブサイトã®å¤§éƒ¨
Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks | Microsoft Security Blog
Who is Moonstone Sleet? Moonstone Sleet is a threat actor behind a cluster of malicious activity that Microsoft assesses is North Korean state-aligned and uses both a combination of many tried-and-true techniques used by other North Korean threat actors and unique attack methodologies. When Microsoft first detected Moonstone Sleet activity, the actor demonstrated strong overlaps with Diamond Sleet
リリースã€éšœå®³æƒ…å ±ãªã©ã®ã‚µãƒ¼ãƒ“スã®ãŠçŸ¥ã‚‰ã›
最新ã®äººæ°—エントリーã®é…ä¿¡
j次ã®ãƒ–ックマーク
kå‰ã®ãƒ–ックマーク
lã‚ã¨ã§èªã‚€
eコメント一覧を開ã
oページを開ã
Jumpy Pisces Engages in Play Ransomware
Analysis of two arbitrary code execution vulnerabilities affecting WPS Office
韩国“伪猎者â€APT组织利用多款国产化软件æ¼æ´žå¯¹ä¸å›½çš„攻击活动
MoonPeak malware from North Korean actors unveils new details on attacker infrastructure
Safeguarding Digital Freedom: How a Gen Discovery Helped to Protect Windows Users Everywhere
North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs | CISA
APT45: North Korea’s Digital Military Machine | Google Cloud Blog
https://www.bloomberg.com/news/articles/2024-06-02/north-korea-sends-hundreds-of-rubble-filled-balloons-to-south
Analysis of DEV#POPPER: New Attack Campaign Targeting Software Developers Likely Associated With North Korean Threat Actors
{{#tags}}- {{label}}
{{/tags}}