Not Simon 🐐

2024

• December 23, 2024 – ASEC: Andariel 그룹의 국내 솔루션 대상 공격 사례 분석 (SmallTiger) (Korean language; English translated title: “Analysis of Attack Cases Targeting Domestic Solutions of Andariel Group (SmallTiger)”)
• November 04, 2024 – Vlad Pasca: Recent Keylogger Attributed to North Korean Group Andariel Analyzed Through A Hybrid Analysis Perspective
• October 30, 2024 – Unit 42: Jumpy Pisces Engages in Play Ransomware
• October 16, 2024 – KrCERT/CC: TTPs #11: Operation An Octopus – 중앙 집중형 관리 솔루션을 노리는 공격전략 분석 (Korean language; English translated title: “TTPs #11: Operation An Octopus – Analysis of attack strategies targeting centralized management solutions”)
• October 02, 2024 – Symantec: Stonefly: Extortion Attacks Continue Against U.S. Targets
• August 05, 2024 – National Cyber Security Center of Korea (NCSC): 북한 해킹조직의 건설ㆍ기계 분야 기술절취 주의 (Korean language, PDF; English translated title: “Beware of North Korean hacking organizations stealing construction and machinery technology”)
• July 25, 2024:
  • U.S. State Department: Rewards for Justice – Reward Offer for Information on North Korean Malicious Cyber Actor Targeting U.S. Critical Infrastructure
  • U.S. Department of Justice: North Korean Government Hacker Charged for Involvement in Ransomware Attacks Targeting U.S. Hospitals and Health Care Providers (ATTRIBUTION)
  • CISA: North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs (available as PDF, links Clasiopa to Andariel)
  • NCSC-UK: NCSC and partners issue warning over North Korean state-sponsored cyber campaign to steal military and nuclear secrets
  • Microsoft: Onyx Sleet uses array of malware to gather intelligence for North Korea
  • Mandiant: APT45: North Korea’s Digital Military Machine
• June 24, 2024 – ASEC: Xctdoor Malware Used in Attacks Against Korean Companies (Andariel)
• May 27, 2024 – ASEC: SmallTiger Malware Used in Attacks Against South Korean Businesses (Kimsuky and Andariel)
• May 16, 2024 – ASEC: Analysis of APT Attack Cases Using Dora RAT Against Korean Companies (Andariel Group)
• April 23, 2024 – Korean National Police Agency: 경찰청·방위사업청 등 관계기관 합동 특별점검을 통해 북한의 케이(K)-방산업체 해킹 공격 규명 및 보호조치 실시 (Korean language; English translated title: “Investigation of North Korea's K-Defense Industry Hacking Attacks and Implementation of Protective Measures through Joint Special Inspection by Related Agencies including the National Police Agency and Defense Acquisition Program Administration”)
• March 11, 2024 – ASEC: Andariel Group Exploiting Korean Asset Management Solutions (MeshAgent)

2023

• December 11, 2023 – Cisco Talos: Operation Blacksmith: Lazarus targets organizations worldwide using novel Telegram-based malware written in DLang
• December 05, 2023 – SecurityScorecard: North Korean State-Sponsored Cyber Attack: Unveiling the Intricacies of Threat Actor Group Andariel (PDF)
• December 04, 2023 – Seoul Metropolitan Police: 北 해킹조직‘안다리엘’평양發 해킹공격으로 방산기술 탈취, 북한으로 랜섬웨어 수익금 송금 (Korean Language; English translated title: “North Korean hacking group 'Andariel' steals defense technology through hacking attacks from Pyongyang, sends ransomware profits to North Korea”)
• November 17, 2023 – ASEC: Circumstances of the Andariel Group Exploiting an Apache ActiveMQ Vulnerability (CVE-2023-46604)
• November 10, 2023 – ASEC: Circumstances of an Attack Exploiting an Asset Management Program (Andariel Group)
• October 18, 2023 – Microsoft: Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability
• September 12, 2023 – Qihoo360: APT-C-26（Lazarus）组织使用EarlyRat的攻击活动分析 (Chinese language; English translated title: “Analysis of the APT-C-26 (Lazarus) group’s attack activities using EarlyRat”)
• September 01, 2023 – Ministry of Foreign Affairs of Japan: 北朝鮮の核その他の大量破壊兵器及び弾道ミサイル関連計画その他の北朝鮮に関連する国際連合安全保障理事会決議により禁止された活動等に関与する者に対する資産凍結等の措置の対象者の追加について (Japanese language; English translated title: “Addition of persons subject to asset freeze and other measures for those involved in North Korea's nuclear and other weapons of mass destruction and ballistic missile-related programs and other activities prohibited by United Nations Security Council resolutions related to North Korea”)
• August 22, 2023 – ASEC: Analysis of Andariel’s New Attack Activities
• June 28, 2023 – Kaspersky: Andariel’s silly mistakes and a new malware family
• May 16, 2023 – Deutsche Cyber- Sicherheitsorganisation (DCSO): Andariel’s “Jupiter” malware and the case of the curious C2
• May 09, 2023 – ESET Research: APT Activity Report Q4 2022—Q1 2023 LAZARUS EXTENDS TARGETING TO ALL MAJOR DESKTOP OSes (PDF)
• February 23, 2023 – Symantec: Clasiopa: New Group Targets Materials Research
• February 15, 2023 – ASEC: Distribution of Malware Exploiting Vulnerable Innorix: Andariel

2022

• August 09, 2022 – Kaspersky: Andariel deploys DTrack and Maui ransomware
• July 07, 2022 – CISA: North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector
• June 03, 2022 – ASEC: 한국에서만 활동하는 안다리엘 그룹, 지난 2년간의 행적 (Korean Language; English translation: Andariel Group, active only in Korea, the past two years)
• May 11, 2022 – ASEC: Lazarus Group Exploiting Log4Shell Vulnerability (NukeSped)
• April 27, 2022 – Symantec: Stonefly: North Korea-linked Spying Operation Continues to Hit High-value Targets
• March 23, 2022 – Mandiant: Not So Lazarus: Mapping DPRK Cyber Threat Groups to Government Organizations (ATTRIBUTION)

2021

• June 15, 2021 – Kaspersky: Andariel evolves to target South Korea with ransomware
• April 19, 2021 – Malwarebytes: Lazarus APT conceals malicious code within BMP image to drop its RAT
• March 25, 2021 – U.S. Department of Health and Human Serivces (HHS): North Korean Cyber Activity (PDF)

2020

• May 12, 2020 – CISA: MAR-10288834-3.v1 – North Korean Trojan: PEBBLEDASH (Malware Analysis)
• February 19, 2020 – LEXFO: The Lazarus Constellation: A study on North Korean malware (PDF)

2019

• September 13, 2019 – U.S. Treasury: Treasury Sanctions North Korean State-Sponsored Malicious Cyber Groups (ATTRIBUTION)

2018

• July 16, 2018 – Trend Micro: New Andariel Reconnaissance Tactics Uncovered
• June 23, 2018: ASEC: Full Discloser of Andariel, A Subgroup of Lazarus Threat Group. (dead link)
• May 23, 2018 – ASEC: Andariel Group 동향 보고서 (PDF, Korean language; English translated title: “Andariel Group Trend Report”)

2017

• August 04, 2017 – Black Hat Europe 2017 (Chi-en (Ashley) Shen & Kyoung-ju Kwak & Min-Chang Jang): Nation-State Moneymule's Hunting Season: APT Attacks Targeting Financial Institutions (PDF)
• July 26, 2017 – Financial Security Institute (FSI): Campaign Rifle – Andariel, the Maiden of Anguish (DOCX file)
  • See related S2W: Campaign Rifle: Andariel, The Maiden of Anguish (July 26, 2021)
• February 12, 2017 – BAE Systems: Lazarus & Watering-hole attacks

2015

• November 20, 2015 – Global Information Assurance Certification (GIAC): Tracing the Lineage of DarkSeoul (PDF)
• November 18, 2015 – Unit 42: TDrop2 Attacks Suggest Dark Seoul Attackers Return

2013

• July 08, 2013 – McAfee: Dissecting Operation Troy: Cyberespionage in South Korea (PDF, archive of dead link)