Threat Research

    DPRK-Related Campaigns with LNK and GitHub C2

    Labs recently identified a wave of LNK file attacks targeting users in South Korea. These campaigns use multi-stage scripts and rely on GitHub as C2 infrastructure to avoid detection. While similar LNK files date back to 2024, earlier versions were less obfuscated and easier to trace, linking them to XenoRAT distribution....
    4/3/2026  0
    Read More »

    Distillation, Experimentation, and (Continued) Integration of AI for Adversarial Use

    The report highlights a rise in model extraction (“distillation”) attacks aimed at stealing proprietary AI logic, alongside the growing integration of generative AI into real-world threat operations....
    2/13/2026  0
    Read More »

    Inside DPRK Operations: New Lazarus and Kimsuky Infrastructure Uncovered Across Global Campaigns

    North Korean state-sponsored threat actors, including Lazarus and Kimsuky, continue to operate at a global scale, conducting espionage, financial crime, and access-driven attacks. While their malware, lures, and objectives evolve, these groups consistently reuse infrastructure such as IP addresses, certificates, open directories, and shared tooling....
    12/26/2025  0
    Read More »

    The Coordinated Embassy Hunt: Unmasking the DPRK-linked GitHub C2 Espionage Campaign

    A research center uncovered a DPRK-linked espionage campaign targeting diplomatic missions in South Korea in early 2025. Between March and July, at least 19 spear-phishing attacks impersonated trusted contacts to lure embassy staff. Attackers used GitHub for covert C2 communications and cloud platforms like Dropbox to deliver XenoRAT malware....
    8/19/2025  0
    Read More »
    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.