Several companies, media outlets and the U.S. government have accused North Korean state-sponsored hackers of purchasing access to pre-hacked servers from criminal groups. But the connections to specific criminal groups have been a little more tenuous.

Now a new meta-analysis of previous reports from Intel 471 establish a likely connection to TrickBot.

TrickBot, as well as Dridex and TA505, are groupings of attacks linked to different Russian-speaking cybercriminals who sell access to victims' machines in criminal forums. The North Korean Lazarus Group, which supplements an economy ravaged by sanctions with cybercrime, is known to use a variety of vectors to find initial access.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.