#CTI #DPRK New #Beavertail 91.198.66[.]112 91.198.66[.]158 web.endpoints.http.body_hash_sha256 = "b86140ad75113e930e40228d3e1d7ba1f9e48abb0e02ee293bdd40d6cde8c061"

Kim Chaek Uni of Tech. DPRK IT Workers supplying money to sanctioned Ryonbong. Client countries: US,UK, JP, UA, CN, BR. Lot of AI Cha Gang Song JangMyongSong KimMunSong Li Song Ryong Mun Ri Yong Kim Su Jin Choe Song Guk Paek Myong Ho Paek Choe Hyon Pyo Se Il Cha Gang Song

AhnLab has released the TA-ShadowCricket (Shadowforce) report. I worked on it as the lead author together with NCSC (The National Cybersecurity Center). I would like to thank NCSC and my colleagues for their support. asec.ahnlab.com/ko/88123/ (Korean) Johann Aydinbas

Prosecutor's press release. spo.go.kr/common/board/D… - PDF file (Korean)

This is a great read for people interested in hypervisor development in both pre-boot and post-boot (Windows) environment, the source is public and written in rust as well. Great work memN0ps 😀🙌 github.com/memN0ps/matrix… github.com/memN0ps/illusi… memn0ps.github.io/hypervisors-fo…

Announcing our whitepaper on the future of endpoint security. preludesecurity.com/runtime-memory…

Always amazed by what this guy does entirely on his own with no org backing or anything🔥🚒🧯

Shenghua Wen, 42, of Ontario, was sentenced to 8 years in federal prison for illegally exporting firearms, ammunition and other military items to North Korea by concealing them inside shipping containers that departed from the Port of Long Beach, and for committing this crime at

#ESETResearch has discovered the first known AI-powered ransomware, which we named #PromptLock. The PromptLock malware uses the gpt-oss:20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts on the fly, which it then executes 1/6

What aptwhatnow said! Really sick research. Time to get back in the game as well🥸

Fire as always from the man himself🔥🚒

😔

Finally, my DEF CON talk is now available on YouTube. In this presentation, I explore how DPRK threat actors have evolved, expanding, collaborating, and restructuring their internal operations. The session dives deep into how these organizational shifts, combined with technical

1/ A South Korean student tortured to death in Cambodia by scammers has triggered a full diplomatic crisis. Seoul is launching an unprecedented government response as the scale of kidnapping operations targeting Koreans becomes clear. theguardian.com/world/2025/oct…

Large multilateral effort regarding DPRK Cyber Ops and the IT Work efforts. There is so much to unpack here and a lot of orgs/countries took a swing at it. Check it out and will post some pics for pizzazz. msmt.info/Publications/d…

Chollima misfits at it again with another banger. Kudos all around really great read. chollima-group.io/posts/reframin…

South Korea's largest cryptocurrency exchange, Upbit, has confirmed a major security breach involving the unauthorized withdrawal of 54 Billion KRW (~$39M) in Solana-based assets. Key Details: ▶️Incident Confirmation: The breach was acknowledged on November 27, 2025, at 04:42

Haven't been this excited about a course in a while but this looks.... 👀🔥🚒