Lazarus is a apt_group tracked across 37 threat clusters and 42 intelligence report mentions on ThreatCluster. First observed November 6, 2025; most recent activity June 1, 2026.
The Lazarus Group, a North Korea-linked cybercrime organization, has intensified its operations against financial and cryptocurrency sectors using a sophisticated fileless Remote Access Trojan (RAT) called RemotePE.…
On May 5, 2026, Ripple announced it will share internal threat intelligence regarding North Korean hackers with Crypto ISAC, aimed at enhancing security across the cryptocurrency industry. This initiative follows a…
ESET's latest APT Activity Report reveals that from October 2025 to March 2026, China-aligned threat actors engaged in extensive espionage campaigns, particularly in Venezuela and the Gulf region. Following U.S.…
Bitrefill, a crypto e-commerce platform, disclosed a cyberattack that began on March 1, 2026, attributed to North Korea's Lazarus Group. The breach started with a compromised employee laptop, allowing attackers to…
A critical vulnerability, CVE-2026-32746, has been discovered in the GNU InetUtils telnetd daemon, affecting all versions up to and including 2.7. This flaw allows unauthenticated remote attackers to execute arbitrary…
North Korea's cyber program has transitioned to a modular malware strategy, moving away from monolithic malware families to a more fragmented ecosystem. This change is a response to years of international sanctions, law…
On May 6, 2026, a federal court in Manhattan began hearing claims over $71 million linked to North Korean cyberattacks. The claimants include families of victims from North Korean-attributed incidents and DeFi users…
On April 18, 2026, Kelp DAO's LayerZero-powered cross-chain bridge was exploited, resulting in the theft of 116,500 rsETH, valued at approximately $293 million. The attacker utilized a forged cross-chain message to…
Volo Protocol, a liquid staking platform on the Sui network, experienced a security breach resulting in a loss of approximately $3.5 million from three vaults containing Wrapped Bitcoin (WBTC), Matrixdock Gold (XAUm),…
The Kimsuky and Lazarus groups from North Korea have teamed up to exploit a zero-day vulnerability targeting critical sectors. This collaboration aims to compromise systems and extract sensitive information, impacting…