Partners in crime: North Koreans and elite Russian-speaking cybercriminals

New post by Mark Arena of Intel471 begins:

This blog post takes a look at the credibility of claims in public reports of North Korean (referred to as DPRK for the rest of this post) links to Russian-speaking cybercriminals. The post is based as much as possible on public and open sources from credible parties that can be referenced rather than introducing new or confidential sources of information. We examine TrickBot, TA505 and Dridex, believed to originate from Eastern Europe, and attempt to understand potential linkages between these and DPRK threat actors.

The key findings of the report are:

DPRK threat actors likely are active in the cybercriminal underground and maintain trusted relationships with top-tier Russian-speaking cybercriminals.
Malware believed to be only used and probably written by DPRK threat actors was very likely delivered via network accesses held by Russian-speaking cybercriminals (TrickBot, TA505).

Read it all here.

The 4TB time bomb: when EY's cloud went public (and what it taught us)
Some lower-tier ransomware gangs have formed a new RaaS alliance -- or have they? (1)
Another plastic surgery practice fell prey to a cyberattack that acquired patient photos and info
How a hacking gang held Italy’s political elites to ransom
Uncovering Qilin attack methods exposed through multiple cases
Predatory Sparrow Strikes: Coordinated Cyberattacks Seek to Cripple Iran's Critical Infrastructure

Related: