Operation Phantom Circuit: North Korea's Global Data Exfiltration Campaign
NetmanageIT OpenCTI - opencti.netmanageit.com

SUMMARY :
In December 2024, the Lazarus Group, a North Korean threat actor, launched a sophisticated global campaign targeting cryptocurrency and technology developers. The operation, code-named 'Phantom Circuit,' involved embedding malware into trusted development tools, compromising hundreds of victims worldwide. The attackers utilized advanced obfuscation techniques, including proxy servers in Russia, to evade detection. The campaign unfolded in three waves, affecting over 1,500 systems globally. The infrastructure included command-and-control servers, spoofed domains, and persistent remote management sessions. The attackers exfiltrated critical data, including development credentials and authentication tokens, storing it in Dropbox. The operation's administrative platform showcased advanced capabilities in managing stolen data, emphasizing the group's technical expertise and planning.
OPENCTI LABELS :
command-and-control,data exfiltration,north korea,cryptocurrency,software supply chain,phantom circuit
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Operation Phantom Circuit: North Korea's Global Data Exfiltration Campaign