Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Phantom X Profile picture
Phantom X
@PhantomXSec
Security Researcher | Explorer of the Digital Ether | Kimchi Says Hello 🧐. Focused on #Cybercrime #Phishing #APT #ThreatIntel #InfoSec
𝓙𝓪𝓬𝓴2 Profile picture 1 subscribed
Sep 4, 2022 20 tweets 10 min read
🚨 North Korean APT group responsible for crypto and NFT phishing campaign spanning over 190 domains

Targeting dozens of $ETH and $SOL projects.

Uses collections on NFT marketplaces to lure victims to malicious minting sites.

🧵1/

#Phishing #NFT #NorthKorea #cybercrime Campaign activity began in April and is on-going.

The following domains have been registered in the past three days:

golddao[.]site
seveneyes[.]online
tapfantasy[.]in
genmarket[.]app
moonbirdvictorian[.]app
disneyprincessnft[.]com

Full list of domains at the end.

2/ DPRK phishing site golddao.siteDPRK phishing site seveneyes.onlineDPRK phishing site tapfantasy.inDPRK phishing site genmarket.app
Jun 26, 2022 8 tweets 9 min read
Possible nexus noted between an actor conducting Naver phishing and now Crypto.

Email gameproducters@outlook[.]com reported by @prevailion has also registered boredsnakesclub[.]com a typo squat of the legitimate BoredSnakesClub website. 1/

prevailion.com/what-wicked-we…

#Phishing Previous reporting on gameproducters@outlook[.]com listed them as registering dozens of Naver-themed phishing domains, examples below. 2/

navercomf[.]link
navercnid[.]link
naverdcom[.]click
navercomd[.]link
navernidc[.]link
naveracom[.]link
naverecom[.]click

#Phishing #Naver