Team Cymru - S2 Threat Research's Avatar

Team Cymru - S2 Threat Research

@teamcymrus2.bsky.social

Follow us for the latest blogs and IOCs from Team Cymru's S2 Threat Research team.

367 Followers  |  0 Following  |  6 Posts  |  Joined: 22.07.2023
Posts Following

Posts by Team Cymru - S2 Threat Research (@teamcymrus2.bsky.social)

Preview
'I didn't know who I'd be fighting' β€” North Korean soldier captured by Ukraine speaks in new footage The POW said he arrived in Russia on a cargo ferry with over 100 other North Korean soldiers.

This ferry service has taken on greater significance in recent months. When a North Korean soldier, taken as a prisoner of war by Ukrainian forces, claimed he had travelled from North Korea into Russia aboard a β€œRussian cargo ferry”.

kyivindependent.com/zelensky-rel...

25.04.2025 18:00 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

The IPs in this case, which have entered the public domain in recent days:

188.43.33.250
188.43.33.251

Are part of a small cluster assigned to InvestStroyTrest. This company operates a ferry service between North Korea and Russia, maintaining an office in the port of Rajin, KP.

25.04.2025 18:00 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

This infrastructure was controlled via IPs assigned to Russian #TransTelecom, as pointed out in Trend Micro’s recent analysis. These IPs reside in several ranges (some disclosed publicly, some not) which we have observed in concert with DPRK-linked activity for several years.

25.04.2025 18:00 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Post image

Now that the cat is out of the bag regarding the use of front companies like BlockNovas LLC (blocknovas[.]com) in DPRK-linked #ContagiousInterview campaigns. We thought we'd share our overview of network telemetry surrounding this activity.

25.04.2025 18:00 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Uncovering Cyber Threat Networks: SmartApeSG & NetSupport RAT | Cymru Explore how Internet telemetry analysis exposed hidden cyber threat connections between SmartApeSG, NetSupport RAT, Quasar RAT, and cryptocurrency scams. Request a demo!

BLOG POST: A write-up on some infrastructure we were tracking during 2024, connected to both SmartApeSG and NetSupportRAT activities. They do usually follow one another around but we've exposed direct links from a management and oversight perspective.

www.team-cymru.com/post/tracing...

04.02.2025 13:29 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Jingle Shells: How Virtual Offices Enable a Facade of Legitimacy Virtual offices have revolutionized the way businesses operate. They provide cost-effective flexibility by eliminating the need for permanent physical spaces. For startups, entrepreneurs, and global companies, virtual offices are powerful tools for establishing a presence in new markets and enhancing professional credibility.However, this innovation has a darker side. The same features that benefit legitimate businesses also create opportunities for exploitation. Virtual offices have become a lo

BLOG POST: We examine the use of virtual offices by cybercriminals, and the organizations that enable them, to create a facade of legitimacy for their malicious activities.

www.team-cymru.com/post/how-vir...

03.01.2025 13:10 β€” πŸ‘ 8    πŸ” 3    πŸ’¬ 1    πŸ“Œ 2