top of page
ALL POSTS
Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Organizations
Key Findings North Korea-linked Lazarus Group deployed RemotePE, a memory-only RAT, against financial and cryptocurrency organizations RemotePE executes entirely in memory with no filesystem artifacts, making it difficult to detect and analyze Attack chain uses two loaders (DPAPILoader and RemotePELoader) to decrypt and deploy the final payload using Windows DPAPI Malware employs advanced evasion techniques including Hell's Gate and Event Tracing for Windows (ETW) patching Re
May 262 min read
Lazarus Campaign Targets npm and PyPI Ecosystems with Malicious Packages
Key Findings Cybersecurity researchers have discovered a fresh set of malicious packages across npm and the Python Package Index (PyPI) repository linked to a fake recruitment-themed campaign orchestrated by the North Korea-linked Lazarus Group. The coordinated campaign has been codenamed "graphalgo" in reference to the first package published in the npm registry, and it's assessed to be active since May 2025. The campaign includes a well-orchestrated story around a company i
Feb 132 min read
bottom of page
