Dragos is currently developing three new Activity Groups this year and has also discovered activity across three existing activity groups: KAMACITE, WASSONITE, and STIBNITE.

TrickBot uses person-in-the-browser attacks to steal information, such as login credentials. Some of TrickBot’s modules spread the malware laterally across a network by abusing the SMB protocol.

This joint advisory is the result of analytic efforts among the FBI, the CISA, and the Treasury to highlight the threat to cryptocurrency posed by North Korea and provide mitigation recommendations.