Threat Campaigns

Shai Hulud 2.0 represents a paradigm shift in supply chain attack sophistication. Through analysis of 569 compromised repositories and 1,273 decoded artifacts on December 02, 2025 10:30 IST, we’ve an analysis that provides defenders with actionable intelligence, detection signatures, and mitigation strategies. Key Findings Attack Overview: How Shai Hulud 2.0 Works Shai Hulud 2.0 follows […]

Introduction This Detection engineering brief is based on the analysis of an advanced North Korean APT multi-stage malware framework (EPOINT-AES) documented in my previous blog. The malware represents a sophisticated attack chain incorporating AES-encrypted payloads, Donut-generated shellcode, AMSI bypass techniques, and memory-only execution patterns. The framework is designed for covert operations with multiple evasion techniques […]

Introduction This analysis documents a sophisticated multi-stage malware framework discovered during an investigation into North Korean Advanced Persistent Threat (APT) activities. The framework was identified as part of a broader campaign targeting critical infrastructure and high-value intelligence targets. The technical assessment in this document results from reverse engineering efforts performed on malware samples recovered from […]

The PowerShell script analyzed in this document (shell.ps1) was recovered from an unprecedented takedown operation of North Korean APT infrastructure, security researchers gained access to actual malware and operational tools used by Kimsuky/APT43. This rare opportunity allows us to analyze authentic, state-sponsored malware rather than samples collected from targeted organizations. This analysis provides insight into […]

Introduction This technical analysis is derived from the groundbreaking “APT Down — The North Korea Files” published in Phrack Magazine Issue 72. Our security team gained unprecedented access to the actual infrastructure, logs, and code of Kimsuky/APT43, a North Korean state-sponsored threat actor, following a major takedown operation. This rare opportunity to analyze real attacker […]

Abstract APT41, also known as DUST, is a notorious cyber espionage group believed to operate out of China. This paper aims to analyze the group’s characteristics, tactics, techniques, and procedures (TTPs), as well as their impact on global cybersecurity landscapes. Introduction APT41 has gained notoriety for its sophisticated operations that often blur the lines between […]