Welcome to Memetic Warfare. Check out my talk at Cyberwarcon, now on YouTube if you’re interested though a bit delayed:

I don’t often refer to reports covered in mainstream media, but I’m always happy to make an exception for the excellent cyber reporting team at Reuters. Their latest report on DPRK cybercrime operations utilizing front companies, available here, is great - give it a read.

The original research was published by Silentpush, and it’s available here. You should read this in its entirety - it’s lengthy, in-depth and super high-quality, give it a read!

Silentpush isn’t paying me to say that, but I wish they were as I love the product. I won’t review it in its entirety here as I usually do as it’s quite long and very detailed, and frankly worth the read, especially for someone interested in learning about how to actually investigate.

Regardless, I’ll put the key findings here:

Some other points to remember:

• Domains are infrastructure needed for almost every type of operation, and the US/EU are still very vulnerable to abuse of their corporate registries

• The DRPK is apparently more capable of creating convincing domains with holistic online entities than say China, funnily enough. I think that the incentive here is stronger as Lazarus has to actually make their own money.

• Domain analysis is fun and the tooling available nowadays is insane.

• This sort of publication has enabled some great additional finds from the research community, just look it up on Twitter.

That then leads us to our next point of business.

Anthropic has released a report focusing on “detecting and countering malicious uses of Claude”, available here. While I’m glad that they published it, it’s a bit barebones, so hopefully we get more detail next time.

To be honest, I’ve been underwhelmed by Claude, and feel that it’ll be less and less relevant for both benign and malicious use as it isn’t connected to the internet yet, somehow.