North Korean Hackers Exploit Threat Intel Platforms For Phishing
North Korean hackers have been observed exploiting cyber threat intelligence platforms in a campaign targeting job seekers with malware-laced lures
Threat intelligence is analyzed information about cyber threats that helps defenders assess risk, prioritize action, and improve security controls.
Search across headline titles and summaries.
Background for this topic.
Threat intelligence is analyzed information about adversaries, their capabilities, targets, infrastructure, and methods, used to support security decisions. It can describe broad trends for leadership, likely actors and campaigns for defenders, or actionable details such as malicious domains, file hashes, vulnerabilities, and tactics, techniques, and procedures (TTPs). Practitioners obtain it from internal investigations, public reporting, telemetry, information-sharing communities, and other sources, then assess its reliability, relevance, and age.
Security teams use threat intelligence to prioritize vulnerability remediation, tune detection rules, investigate suspicious activity, and prepare incident-response playbooks. TTP-based intelligence generally remains useful longer than individual indicators, which can become obsolete or be changed by an attacker. Poorly sourced or context-free intelligence can create false positives, waste analyst time, or lead to unjustified attribution and defensive action. Collection and sharing may also expose sensitive organizational or personal information, so access controls, provenance, retention, and applicable privacy or legal requirements matter.
North Korean hackers have been observed exploiting cyber threat intelligence platforms in a campaign targeting job seekers with malware-laced lures
Clock is ticking US security leaders have urged lawmakers to reauthorize two key pieces of cyber legislation, including one that facilitates threat-intel sharing between the private sector and federal government, before they expire at the end of the month.…
Intel Chief Tulsi Gabbard Will Ax a Cyberthreat Sharing Hub, Citing RedundancyDirector of National Intelligence Tulsi Gabbard said the decision to eliminate the Cyber Threat Intelligence Integration Center was meant to remove redundancies and save taxpayer money, though analysts warn the move could leave a major gap in federal threat information sharing.