Partners in crime: North Koreans and elite Russian-speaking cybercriminals

New post by Mark Arena of Intel471 begins:

This blog post takes a look at the credibility of claims in public reports of North Korean (referred to as DPRK for the rest of this post) links to Russian-speaking cybercriminals. The post is based as much as possible on public and open sources from credible parties that can be referenced rather than introducing new or confidential sources of information. We examine TrickBot, TA505 and Dridex, believed to originate from Eastern Europe, and attempt to understand potential linkages between these and DPRK threat actors.

The key findings of the report are:

DPRK threat actors likely are active in the cybercriminal underground and maintain trusted relationships with top-tier Russian-speaking cybercriminals.
Malware believed to be only used and probably written by DPRK threat actors was very likely delivered via network accesses held by Russian-speaking cybercriminals (TrickBot, TA505).

Read it all here.

Two more entities have folded after ransomware attacks
British institutions to be banned from paying ransoms to Russian hackers
Global hack on Microsoft product hits U.S., state agencies, researchers say
More than 100 British government personnel exposed by Ministry of Defence data leak
North Country Healthcare responds to Stormous's claims of a breach
Gladney Adoption Center had serious data exposures in the past few months. What will they do to prevent more?

Related: