"Kimsuky Distributing Malicious Mobile App via QR Code" published by ENKI. #DocSwap, #Kimsuky, #Mobile, #DPRK, #CTI https://www.enki.co.kr/en/media-center/blog/kimsuky-distributing-malicious-mobile-app-via-qr-code

"QR 코드를 이용해 악성 모바일 앱을 유포하는 Kimsuky" published by ENKI. #DocSwap, #Kimsuky, #Mobile, #DPRK, #CTI https://www.enki.co.kr/media-center/blog/kimsuky-distributing-malicious-mobile-app-via-qr-code

"DPRK threat actors are still rekting way too many of you via their fake Zoom / fake Teams meets" published by Tay. #DPRK, #CTI https://archive.md/vi3Pg

"The Infostealer to APT Pipeline: How Lazarus Group Hijacked a Yemen Disinformation Network" published by HudsonRock. #Lazarus, #DPRK, #CTI https://www.hudsonrock.com/blog/5710

"APT-C-26（Lazarus）组织利用WinRAR漏洞部署Blank Grabber木马的技术分析" published by Qihoo360. #APT-C-26, #BlankGrabber, #CVE-2025-8088, #DPRK, #CTI https://mp.weixin.qq.com/s?__biz=MzUyMjk4NzExMA==&mid=2247507693&idx=1&sn=e73e1cca5af2ee80c3037daa1dbd2ab1

"2025년 11월 APT 공격 동향 보고서(국내)" published by Ahnlab. #LNK, #Trend, #DPRK, #CTI https://asec.ahnlab.com/ko/91529/

"2025년 11월 APT 그룹 동향 보고서" published by Ahnlab. #FamousChollima, #Kimsuky, #Konni, #Trend, #DPRK, #CTI https://asec.ahnlab.com/ko/91524/

"Beyond the Malware: Inside the Digital Empire of a North Korean Threat Actor" published by Flashpoint. #ContagiousInterview, #DPRK, #CTI https://flashpoint.io/blog/beyond-the-malware-digital-empire-north-korean-threat-actor/

"Monthly Threat Actor Group Intelligence Report, November 2025" published by NSHC. #SectorA, #Trend, #DPRK, #CTI https://medium.com/@nshcthreatrecon/monthly-threat-actor-group-intelligence-report-november-2025-2dbb7721adf8

"EtherRAT: DPRK uses novel Ethereum implant in React2Shell attacks" published by Sysdig. #CVE-2025-55182, #EtherRAT, #React2Shell, #DPRK, #CTI https://www.sysdig.com/blog/etherrat-dprk-uses-novel-ethereum-implant-in-react2shell-attacks

"Hunting For North Korean Fiber Optic Cables" published by NKInternet. #DPRK, #CTI https://nkinternet.com/2025/12/08/hunting-for-north-korean-fiber-optic-cables/

"Exclusive Look Inside a Compromised North Korean APT Machine Linked to The Biggest Heist in History" published by HudsonRock. #Bybit, #Lazarus, #DPRK, #CTI https://www.hudsonrock.com/blog/5692

"How We Caught Lazarus's IT Workers Scheme Live on Camera" published by AnyRun. #ITWorker, #FamousChollima, #DPRK, #CTI https://any.run/cybersecurity-blog/lazarus-group-it-workers-investigation/

"North Korean hackers are pushing fake Microsoft Teams Update to macOS users" published by Moonlock. #macOS, #DPRK, #CTI https://archive.md/8xDxT

"Latest Contagious Interview malware campaign abuses Microsoft VSCode Tasks" published by OSM. #ContagiousInterview, #Lazarus, #DPRK, #CTI https://opensourcemalware.com/blog/contagious-interview-vscode

".hta 파일로 유포중인 KimJongRAT 주의!" published by ESTSecurity. #KimjongRAT, #Kimsuky, #DPRK, #CTI https://blog.alyac.co.kr/5682

"Unmasking a new DPRK Front Company DredSoftLabs" published by Wickeren. #Wagemole, #DPRK, #CTI https://medium.com/@meeswicky1100/unmasking-a-new-dprk-front-company-dredsoftlabs-bf9ed544d690

"Inside the GitHub Infrastructure Powering North Korea’s Contagious Interview npm Attacks" published by Socket. #ContagiousInterview, #NPM, #OtterCookie, #DPRK, #CTI https://socket.dev/blog/north-korea-contagious-interview-npm-attacks

"FlexibleFerret: macOS Malware Deploys in Fake Job Scams" published by Jamf. #FlexibleFerret, #ContagiousInterview, #DPRK, #CTI https://www.jamf.com/blog/flexibleferret-malware-continues-to-adapt/

"A Tsunami Sweeping the Cyber Battlefield Analysis of SectorA01’s Hacking Activities" published by NSHC. #SectorA01, #Tsunami, #DPRK, #CTI https://medium.com/@nshcthreatrecon/a-tsunami-sweeping-the-cyber-battlefield-analysis-of-sectora01s-hacking-activities-e4d006baae2f

"Alliances of convenience: How APTs are beginning to work together" published by GenDigital. #InvisibleFerret, #Lazarus, #DPRK, #CTI https://www.gendigital.com/blog/insights/research/apt-cyber-alliances-2025

"DPRK Contagious Interview Lure - Go Backdoor & Swift App" published by L0Psec. #ContagiousInterview, #Youtube, #DPRK, #CTI https://www.youtube.com/watch?v=VdW_e72cQw8

"More active DPRK macOS malware "Contagious Interview"" published by L0Psec. #ContagiousInterview, #DPRK, #CTI https://archive.md/GuCHv

"疑似APT-C-26（Lazarus）组织利用远程IT伪装部署监控程序的攻击行动分析" published by Qihoo360. #APT-C-26, #DPRK, #CTI https://mp.weixin.qq.com/s?__biz=MzUyMjk4NzExMA==&mid=2247507568&idx=1&sn=af3ec0ff4685722c599eefa26925c842

"Kimsuky's Ongoing Evolution of KimJongRAT and Expanding Threats" published by ENKI. #KimjongRAT, #Kimsuky, #DPRK, #CTI https://www.enki.co.kr/en/media-center/blog/kimsuky-s-ongoing-evolution-of-kimjongrat-and-expanding-threats

"Kimsuky의 지속적인 KimJongRAT 변종 개발과 그 너머의 위협" published by ENKI. #KimjongRAT, #Kimsuky, #DPRK, #CTI https://www.enki.co.kr/media-center/blog/kimsuky-s-ongoing-evolution-of-kimjongrat-and-expanding-threats

"Inside DPRK's Fake Job Platform Targeting U.S. AI Talent" published by Validin. #ClickFix, #ContagiousInterview, #DPRK, #CTI https://www.validin.com/blog/inside_dprk_fake_job_platform/

"朝鲜APT双雄联手：Kimsuky 偷情报当 “眼睛”，Lazarus 盗币填 “钱袋”！" published by 紫队安全研究. #Kimsuky, #Lazarus, #DPRK, #CTI https://mp.weixin.qq.com/s/h4TCYVjdLALg4XfJr1jC0w

"A Pain in the Mist: Navigating Operation DreamJob’s arsenal" published by OrangeCyberdefense. #DreamJob, #MISTPEN, #UNC2970, #DPRK, #CTI https://www.orangecyberdefense.com/global/blog/cert-news/a-pain-in-the-mist-navigating-operation-dreamjobs-arsenal

"Nation-State Actor’s Arsenal: An In-Depth Look at Lazarus’ ScoringMathTea" published by 0x0d4y. #Lazarus, #ScoringMathTea, #DPRK, #CTI https://0x0d4y.blog/arsenal-analysis-of-a-nation-state-actor-an-in-depth-look-at-lazarus-scoringmathtea/

"Inside The Shellcode Dissecting North Korean Apt43s Advanced Powershell Loader" published by Bloo. #APT43, #DPRK, #CTI https://bloo.io/blog/inside-the-shellcode-dissecting-north-korean-apt43s-advanced-powershell-loader

"Nation-State Actor’s Arsenal: An In-Depth Look at Lazarus’ ScoringMathTea" published by 0x0d4y. #Lazarus, #ScoringMathTea, #DPRK, #CTI https://0x0d4y.blog/arsenal-analysis-of-a-nation-state-actor-an-in-depth-look-at-lazarus-scoringmathtea/

"Inside The Shellcode Dissecting North Korean Apt43s Advanced Powershell Loader" published by Bloo. #APT43, #DPRK, #CTI https://bloo.io/blog/inside-the-shellcode-dissecting-north-korean-apt43s-advanced-powershell-loader

"Reframing Insights" published by ChollimaGroup. #ITWorker, #MoonstoneSleet, #DPRK, #CTI https://chollima-group.io/posts/reframing-insights-our-research-msmt

"Crypto giants moved billions linked to money launderers, drug traffickers and North Korean hackers" published by ICIJ. #MoneyLaundering, #News, #DPRK, #CTI https://www.icij.org/investigations/coin-laundry/cryptocurrency-exchanges-binance-okx-money-laundering-crime/

"The Deepfake Threat: Chollima APT Group Uses AI Filters to Infiltrate Crypto and Web3 Companies" published by SOCRadar. #Deepfake, #FamousChollima, #DPRK, #CTI https://socradar.io/deepfake-threat-chollima-apt-group-uses-ai-crypto/

"2025년 10월 APT 공격 동향 보고서(국내)" published by Ahnlab. #LNK, #Phishing, #Trend, #DPRK, #CTI https://asec.ahnlab.com/ko/91047/

"Ukrainian Pleads Guilty in DC in Laptop Farm Scheme That Generated Income for North Korean IT Workers" published by USJustice. #ITWorker, #News, #DPRK, #CTI https://www.justice.gov/usao-dc/pr/ukrainian-pleads-guilty-dc-laptop-farm-scheme-generated-income-north-korean-it-workers

"Malops Challenge 8: Reversing APT 37’s RokRaT Loader" published by callyso0414. #APT37, #RokRAT, #DPRK, #CTI https://medium.com/@callyso0414/malops-challenge-9-reversing-apt-37s-rokrat-loader-7f7ad49e4662

"Tracking The Trackers Lessons From The Apt43 Kimsuky Takedown" published by Bloo. #APTDown, #Kimsuky, #DPRK, #CTI https://bloo.io/blog/tracking-the-trackers-lessons-from-the-apt43-kimsuky-takedown

"Be KVM, Do Fraud" published by Wav3. #ITWorker, #PiKVM, #TinyPilot, #DPRK, #CTI https://wav3.io/be-kvm-do-fraud

"Justice Department Announces Nationwide Actions to Combat Illicit North Korean Government Revenue Generation" published by USJustice. #APT38, #ITWorker, #News, #DPRK, #CTI https://www.justice.gov/opa/pr/justice-department-announces-nationwide-actions-combat-illicit-north-korean-government

"Revisiting the Lazarus Operator: Mapping Park Jin Hyok’s Digital Footprint Using StealthMole" published by StealthMole. #APT38, #Lazarus, #DPRK, #CTI https://stealthmole-intelligence-hub.blogspot.com/2025/11/revisiting-lazarus-operator-mapping.html

"Cross-Chain TxDataHiding Crypto Heist: A Very Chainful Process (Part 3)" published by RansomISAC. #EtherHiding, #FamousChollima, #DPRK, #CTI https://ransom-isac.org/blog/cross-chain-txdatahiding-crypto-heist/

"Contagious Interview Actors Now Utilize JSON Storage Services for Malware Delivery" published by NVISO. #ContagiousInterview, #InvisibleFerret, #DPRK, #CTI https://blog.nviso.eu/2025/11/13/contagious-interview-actors-now-utilize-json-storage-services-for-malware-delivery/

"2025년 10월 APT 그룹 동향 보고서" published by Ahnlab. #FamousChollima, #Larva-25004, #Trend, #DPRK, #CTI https://asec.ahnlab.com/ko/90993/

"U.S. Sanctions DPRK Crypto Laundering Network: Multiple Bank Staff and Financial Institutions Affected" published by Slowmist. #ITWorker, #Sanctions, #DPRK, #CTI https://slowmist.medium.com/u-s-sanctions-north-koreas-crypto-laundering-network-multiple-bank-staff-and-financial-d78de50e6404

"DPRK UNC3782" published by Wickeren. #Phishing, #UNC3782, #DPRK, #CTI https://medium.com/@meeswicky1100/dprk-unc3782-d66329e5c071

"Monthly Threat Actor Group Intelligence Report, October 2025" published by NSHC. #SectorA, #Trend, #DPRK, #CTI https://medium.com/@nshcthreatrecon/monthly-threat-actor-group-intelligence-report-october-2025-6a3ac29592cb

"From North Korean IT Workers to IT recruiters" published by SecurityAlliance. #ITWorker, #DPRK, #CTI https://radar.securityalliance.org/from-north-korean-it-workers-to-it-recruiters/