"Github를 통해 유포된 VSCode 악용 Contagious Interview 캠페인" published by ENKI. #ContagiousInterview, #VSCode, #DPRK, #CTI https://www.enki.co.kr/media-center/blog/contagious-interview-campaign-abusing-vscode-distributed-on-github

"APT37 Adds New Tools For Air-Gapped Networks" published by Zscaler. #APT37, #LNK, #DPRK, #CTI https://www.zscaler.com/blogs/security-research/apt37-adds-new-capabilities-air-gapped-networks

"New Dohdoor malware campaign targets education and health care" published by CiscoTalos. #Dohdoor, #UAT-10027, #DPRK, #CTI https://blog.talosintelligence.com/new-dohdoor-malware-campaign/

"Novel DPRK stager using Pastebin and text steganography" published by Kmsec. #FamousChollima, #NPM, #Steganography, #DPRK, #CTI https://kmsec.uk/blog/dprk-text-steganography/

"Tracking DPRK operator IPs over time" published by Kmsec. #FamousChollima, #NPM, #DPRK, #CTI https://kmsec.uk/blog/dprk-opsec-3/

"DPRK tests Google Drive as a malware stager" published by Kmsec. #FamousChollima, #NPM, #DPRK, #CTI https://kmsec.uk/blog/dprk-gdrive-stager/

"Contagious Interview: Evolution of VS Code and Cursor Tasks Infection Chains - Part 1" published by AbstractSecurity. #ContagiousInterview, #VSCode, #DPRK, #CTI https://www.abstract.security/blog/contagious-interview-evolution-of-vscode-and-cursor-tasks-infection-chains

"CrowdStrike 2026 Global Threat Report: Evasive Adversary Wields AI" published by CrowdStrike. #FamousChollima, #PressureChollima, #StardustChollima, #Trend, #DPRK, #CTI https://www.crowdstrike.com/en-us/blog/crowdstrike-2026-global-threat-report-findings/

"Developer-targeting campaign using malicious Next.js repositories" published by Microsoft. #VSCode, #DPRK, #CTI https://www.microsoft.com/en-us/security/blog/2026/02/24/c2-developer-targeting-campaign/

"North Korean Lazarus Group Now Working With Medusa Ransomware" published by Symantec. #Lazarus, #Medusa, #DPRK, #CTI https://www.security.com/threat-intelligence/lazarus-medusa-ransomware

"North Korea's Safari: Poaching for Armadillos" published by Bitso. #Armadillos, #FamousChollima, #DPRK, #CTI https://quetzal.bitso.com/p/north-koreas-safari-poaching-for

"2026년 1월 APT 공격 동향 보고서(국내)" published by Ahnlab. #LNK, #DPRK, #CTI https://asec.ahnlab.com/ko/92647/

"GitLab Threat Intelligence Team reveals North Korean tradecraft" published by Gitlab. #ContagiousInterview, #ITWorker, #DPRK, #CTI https://about.gitlab.com/blog/gitlab-threat-intelligence-reveals-north-korean-tradecraft/

"Ukrainian National Sentenced in ‘Laptop Farm’ Scheme That Generated Income for North Korean IT Workers" published by USJustice. #ITWorker, #DPRK, #CTI https://www.justice.gov/usao-dc/pr/ukrainian-national-sentenced-laptop-farm-scheme-generated-income-north-korean-it-workers

"Famous Chollima and Dragon Sickness" published by BoringSecurity. #ContagiousInterview, #FamousChollima, #VSCode, #DPRK, #CTI https://boringsecurity.dev/posts/famous-chollima-and-dragon-sickness/

"GTIG AI Threat Tracker: Distillation, Experimentation, and (Continued) Integration of AI for Adversarial Use" published by Google. #UNC2970, #DPRK, #CTI https://cloud.google.com/blog/topics/threat-intelligence/distillation-experimentation-integration-ai-adversarial-use?hl=en

"2026년 1월 APT 그룹 동향 보고서" published by Ahnlab. #Andariel, #Kimsuky, #Trend, #DPRK, #CTI https://asec.ahnlab.com/ko/92548/

"High-Tech Crime Trends Report 2026: The age of supply chain attacks" published by Group-IB. #ITWorker, #Lazarus, #Trend, #DPRK, #CTI https://www.group-ib.com/landing/high-tech-crime-trends-report-2026/

"Digital Parasites" published by Rekt. #ITWorker, #DPRK, #CTI https://rekt.news/digital-parasites

"Fake recruiter campaign targets crypto developers with RAT" published by ReversingLabs. #Graphalgo, #Lazarus, #NPM, #DPRK, #CTI https://www.reversinglabs.com/blog/fake-recruiter-campaign-crypto-devs

"The North Korean on your payroll" published by Okta. #ITWorker, #DPRK, #CTI https://www.okta.com/blog/threat-intelligence/the-north-korean-on-your-payroll/

"UNC1069 Targets Cryptocurrency Sector with New Tooling and AI-Enabled Social Engineering" published by Google. #UNC1069, #DPRK, #CTI https://cloud.google.com/blog/topics/threat-intelligence/unc1069-targets-cryptocurrency-ai-social-engineering

"Scarcruft’s ROKRAT Malware: Recent Changes" published by S2W. #RokRAT, #ScarCruft, #DPRK, #CTI https://s2w.inc/en/resource/detail/1011

"APT-C-28（ScarCruft）利用MiradorShell发起网络攻击的安全预警" published by Qihoo360. #APT-C-28, #LNK, #MiradorShell, #DPRK, #CTI https://mp.weixin.qq.com/s?__biz=MzUyMjk4NzExMA==&mid=2247507801&idx=1&sn=e169339f921fd11a2fef8dfe068e616c&poc_token=HItfiWmjwCP6DUilL4b_EXSlNu_FoMKECyYW0Sig

"Analysis of a JSE File (Kimsuky APT)" published by Shubho57. #JSE, #Kimsuky, #DPRK, #CTI https://medium.com/@shubhandrew/analysis-of-a-jse-file-kimsuky-apt-79588d103f73

"CONTAGIOUS INTERVIEW CAMPAIGN ACTIVITY" published by PaloaltoNetworks. #ContagiousInterview, #DPRK, #CTI https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2026-02-04-IOCs-for-December-2025-Contagious-Interview-activity.txt

"스카크러프트 악성코드(Scarcruft ROKRAT): 새로운 유포 방식의 출현" published by S2W. #RokRAT, #ScarCruft, #DPRK, #CTI https://s2w.inc/ko/resource/detail/1011

"Hunting Lazarus Part IV: Real Blood on the Wire" published by RedAsgard. #ContagiousInterview, #Lazarus, #DPRK, #CTI https://redasgard.com/blog/hunting-lazarus-part4-real-blood-on-the-wire

"Hunting Lazarus Part III: The Infrastructure That Was Too Perfect" published by RedAsgard. #Lazarus, #OtterCookie, #DPRK, #CTI https://redasgard.com/blog/hunting-lazarus-part3-infrastructure-too-perfect

"2025年全球高级持续性威胁（APT）研究报告" published by Qihoo360. #APT-C-26, #APT-C-28, #APT-C-55, #DPRK, #CTI https://mp.weixin.qq.com/s/E46z2HkKaCxFxTKv62DDyg

"North Korea’s “Prospect Call” Trap: Lazarus Turns Teams Meetings into macOS Credential Theft" published by Daylight. #BlueNoroff, #GhostCall, #DPRK, #CTI https://daylight.ai/blog/prospect-call-microsoft-teams-meetings

"2026 Crypto Crime Report – Illicit Crypto Trends & Typologies" published by Trmlabs. #Cryptocurrency, #Trend, #DPRK, #CTI https://www.trmlabs.com/reports-and-whitepapers/2026-crypto-crime-report

"Ricochet Chollima APT Adversary Simulation" published by S3N4T0R. #LNK, #RicochetChollima, #DPRK, #CTI https://medium.com/@S3N4T0R/ricochet-chollima-apt-adversary-simulation-b0258be69c37

"Silent Chollima APT Adversary Simulation" published by S3N4T0R. #SilentChollima, #DPRK, #CTI https://medium.com/@S3N4T0R/silent-chollima-apt-adversary-simulation-e661a601901a

"Hunting Lazarus Part II: When the Dead Drop Moved to the Blockchain" published by RedAsgard. #Lazarus, #VSCode, #DPRK, #CTI https://redasgard.com/blog/hunting-lazarus-part2-blockchain-dead-drop

"LABYRINTH CHOLLIMA Evolves into Three Adversaries" published by CrowdStrike. #GoldenChollima, #LabyrinthChollima, #PressureChollima, #DPRK, #CTI https://www.crowdstrike.com/en-us/blog/labyrinth-chollima-evolves-into-three-adversaries/

"Why Is a North Korean Mail Server Using a .cc Domain?" published by SynapticSecurity. #DPRK, #CTI https://blog.synapticsystems.de/why-is-a-north-korean-mail-server-using-a-cc-domain-threat-intelligence-beyond-malware/

"A LinkedIn Job Offer Tried to Install Malware on My Machine" published by CodeCrank. #DPRK, #CTI https://codecrank.ai/blog/linkedin-malware-warning/

"Konni’s New Arsenal: Unmasking GSRAT in North Korea-linked APT Operation" published by LAC. #Konni, #LNK, #Slides, #EndRAT, #DPRK, #CTI https://jsac.jpcert.or.jp/archive/2026/pdf/JSAC2026_1_9_takuma_matsumoto-yoshihiro_ishikawa_en.pdf

"Darktrace Identifies Campaign Targeting South Korea Leveraging VS Code for Remote Access" published by Darktrace. #JSE, #DPRK, #CTI https://www.darktrace.com/blog/darktrace-identifies-campaign-targeting-south-korea-leveraging-vs-code-for-remote-access

"KONNI Adopts AI to Generate PowerShell Backdoors" published by Checkpoint. #Konni, #LNK, #DPRK, #CTI https://research.checkpoint.com/2026/konni-targets-developers-with-ai-malware/

"BlueNoroff Group: The Financial Cybercrime Arm of Lazarus" published by PicusSecurity. #BlueNoroff, #DPRK, #CTI https://www.picussecurity.com/resource/blog/bluenoroff-group-the-financial-cybercrime-arm-of-lazarus

"Contagious Interview: Tracking the VS Code Tasks Infection Vector" published by AbstractSecurity. #ContagiousInterview, #DPRK, #CTI https://www.abstract.security/blog/contagious-interview-tracking-the-vs-code-tasks-infection-vector

"To the past and beyond: Andariel’s latest arsenal and cyberattacks" published by ESET. #Andariel, #GopherRAT, #JelusRAT, #StarshellRAT, #DPRK, #CTI https://labs.withsecure.com/publications/andariel-2025

"LNKファイルを介して実行されるマルウェアMoonPeak" published by IIJSECT. #LNK, #MoonPeak, #DPRK, #CTI https://sect.iij.ad.jp/blog/2026/01/dprk-moonpeak-executed-via-malicious-lnk-file/

"PurpleBravo’s Targeting of the IT Software Supply Chain" published by RecordedFuture. #BeaverTail, #ClickFix, #ContagiousInterview, #GolangGhost, #PurpleBravo, #PylangGhost, #DPRK, #CTI https://www.recordedfuture.com/research/purplebravos-targeting-it-software-supply-chain

"Contagious Interview gets an upgrade for 2026" published by OSM. #ContagiousInterview, #Lazarus, #DPRK, #CTI https://opensourcemalware.com/blog/contagious-interview-comprehensive

"Threat Actors Expand Abuse of Microsoft Visual Studio Code" published by Jamf. #ContagiousInterview, #DPRK, #CTI https://www.jamf.com/blog/threat-actors-expand-abuse-of-visual-studio-code/

"December 2025 APT Group Trends" published by Ahnlab. #FamousChollima, #Lazarus, #Trend, #DPRK, #CTI https://asec.ahnlab.com/en/92184/

"2025년 12월 APT 그룹 동향 보고서" published by Ahnlab. #FamousChollima, #Lazarus, #Trend, #DPRK, #CTI https://asec.ahnlab.com/ko/92158/