Discover and read the best of Twitter Threads about #APT38

Most recents (4)

⚠️ Heads up y'all—we're seen a huge increase in the # of ultra-targeted spearphishes lately.

The most deadly one? A Google Doc share that appears to come from *someone you know* about *something you're interested in*

It won’t be flagged and looks super legit.

DO NOT CLICK! 🙏 Image
This campaign is the work of #Lazarus / #APT38 / #DangerousPassword / #T444

aka the same crew that compromised Ronin, Harmony, bZx, Bondly, EasyFi, mngr, Arthur0x, Hugh Karp, etc. etc. etc.

Their spear-phishing methods are diverse, targetted, and hard-to-detect. Image
Recent subject lines / filenames:

Fast Changes in NFT Price (Protected)
Investor Demo Day-Animoca Brands (Protected)
Jump Crypto Investment Agreement
New Credit Investment Opportunity
Spirit Blockchain Capital 2023 - Pitch Deck

Opening the file *may* result in something like: ImageImageImage
Read 10 tweets
1/ Today the FBI identified the North Korean hacker group Lazarus Group and APT38 as the Horizon Bridge attackers, with the hacker group using malware called 'TraderTraitor' to carry out the attack.
1/and laundered over $60 million in stolen Ether through a privacy protocol called Railgun. What are "TraderTraitor" and Railgun? @evilcos
2/ 'TraderTraitor' is Lazarus' malware that targets the cryptocurrency industry and blockchain technology primarily by luring employees of cryptocurrency-related platforms to download it.
Read 17 tweets
#ICYMI, here's a #threatintel related🧵👇 by me on @USTreasury advisory on DPRK IT workers' attempts to obtain employment while posing as non-North Korean nationals: home.treasury.gov/system/files/1… (1/?)
DPRK IT workers "engage in a wide range of IT dev work, such as: mobile & web-based apps, virtual currency exchange platforms & digital coins. Some
designed virtual currency exchanges or created analytic tools/apps for virtual currency traders & marketed their products." (2/?)
This reminds me, for example, of Marine Chain Token: (justice.gov/opa/pr/three-n…; justice.gov/opa/press-rele…), #AppleJeus (cisa.gov/uscert/ncas/al…) and, more recently, #TraderTraitor (cisa.gov/uscert/ncas/al…). #HIDDENCOBRA/#APT38 loves loves loves their crypto (3/?)
Read 14 tweets
#AssisesSI, J2 : in da place pour écouter @felixaime (chercheur @kaspersky) parler de l'enquête sur #OlympicDestroyer, le malware perturbateur de JO (cf mobile.lemonde.fr/pixels/article…)
Intéressant: les attaquants ont voulu se faire passer pour des pirates nord-coréens spécialisés dans le ciblage d'institutions financières (#Bluenoroff ou #APT38)
Où l'on retrouve #Sofacy a.k.a. #FancyBear / #APT28 et la galaxie autour (BlackEnergy, NotPetya, BadRabbit). #PoupéesRusses
Read 3 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!