Cybersecurity Advisory on North Korean Ransomware State-Spons

Cybersecurity Advisory on North Korean Ransomware State-Sponsored Operators

American and South Korean agencies have released a joint cybersecurity advisory that discusses the tactics, techniques and procedures (TTPS) of North Korean state-sponsored ransomware operators. The operators have been given many names such as Andariel, APT38 and Lazarus and have been active since 2014.

The actors have been implicated in several attacks including the WannaCry Attacks in 2017, and Axie Infinity hack in 2022. As part of its analysis of the actors' TTPs, the advisory discusses vulnerabilities that the actors have used throughout 2022 to the start of 2023. During this period the actors were observed using CVE-2021-44228 (Log4Shell), CVE-2022-24490, CVE-2021-20038, CVE-2022-27925 and CVE-2022-37042.

For more information about these vulnerabilities, including the availability of patches and Tenable product coverage, please visit our blog.

Cyber Exposure Alerts

Vulnerability Watch

Forum Discussion

Cybersecurity Advisory on North Korean Ransomware State-Spons

Recent Discussions

Investigating: Cl0p Reportedly Breached Oracle E-Business Suite (EBS) Systems

FAQ on Exploited Zero-Day Flaws in Cisco ASA and FTD Devices (CVE-2025-20333, CVE-2025-20362)

Microsoft’s September 2025 Patch Tuesday Addresses 80 CVEs (CVE-2025-55234)

Frequently Asked Questions About Chinese State-Sponsored Actors Compromising Global Networks

CVE-2025-7775: Citrix NetScaler ADC and Gateway Zero-Day RCE Vulnerability Exploited in the Wild

Americas

Europe

Asia / Australia