Tag: north-korea-nexus
All items tagged north-korea-nexus.
- macOS.Gaslight — a DPRK-aligned Rust backdoor that targets the LLM-assisted analyst
- Technology & SaaS supply chain — the week's busiest victim class
- Threat actor: DPRK Sapphire Sleet escalates npm supply-chain attacks with the Mastra compromise
- UPDATE: Mastra npm scope compromise attributed to North Korea, with the access vector our deep dive could not name
- ScarCruft (APT37) delivers NarwhalRAT behind fake Microsoft OTP "security alert" lures
- DPRK UNK_DeadDrop weaponises VS Code / Cursor auto-run to hit developers, including EU targets
- ANNUAL REPORT [SINGLE-SOURCE] — CrowdStrike 2026 Technology Threat Landscape Report: technology is now the most-targeted sector
- ANNUAL REPORT — ESET APT Activity Report Q4 2025–Q1 2026: Sandworm strikes NATO energy, Lazarus targets EU drone sector, UNC5221 pivots to Ivanti SPAWN toolset
- Kimsuky (Velvet Chollima) deploys HTTPSpy RAT and Rust-based HelloDoor via VS Code Remote Tunnel and Cloudflare Quick Tunnel C2
- ESET APT Activity Report Q4 2025–Q1 2026 — three state programmes converging on EU energy, defence and edge appliances
- Kaspersky GReAT documents Kimsuky's Rust-based HelloDoor and TryCloudflare-tunnel C2 added to the PebbleDash toolkit [SINGLE-SOURCE]
- Hardening / detection summary