North Korea Archives

Threat Intelligence

3CX Supply Chain Compromise Leads to ICONIC Incident

March 30, 2023

Ankur Saini, Callum Roxan, Charlie Gardner, Paul Rascagneres, Steven Adair, and Tom Lancaster

[Update: Following additional analysis of shellcode used in ICONIC, in conjunction with other observations from the wider security community, Volexity now attributes the activity described in this post to the […]

Threat Intelligence

₿uyer ₿eware: Fake Cryptocurrency Applications Serving as Front for AppleJeus Malware

December 1, 2022

Callum Roxan, Paul Rascagneres, and Robert Jan Mora

Over the last few months, Volexity has observed new activity tied to a North Korean threat actor it tracks that is widely referred to as the Lazarus Group. This activity […]

Threat Intelligence

SharpTongue Deploys Clever Mail-Stealing Browser Extension “SHARPEXT”

July 28, 2022

Paul Rascagneres, Tom Lancaster, and Volexity Threat Research

Volexity tracks a variety of threat actors to provide unique insights and actionable information to its Threat Intelligence customers. One frequently encountered—that often results in forensics investigations on compromised systems—is […]

Threat Intelligence

North Korean BLUELIGHT Special: InkySquid Deploys RokRAT

August 24, 2021

Damien Cash, Josh Grunzweig, Steven Adair, and Tom Lancaster

In a recent blog post, Volexity disclosed details on a portion of the operations by a North Korean threat actor it tracks as InkySquid. This threat actor compromised a news […]

Threat Intelligence

North Korean APT InkySquid Infects Victims Using Browser Exploits

August 17, 2021

Damien Cash, Josh Grunzweig, Matthew Meltzer, Steven Adair, and Tom Lancaster

Volexity recently investigated a strategic web compromise (SWC) of the website of the Daily NK (www.dailynk[.]com), a South Korean online newspaper that focuses on issues relating to North Korea. Malicious […]