Jumpy Pisces Engages in Play Ransomware.

Jumpy Pisces Engages in Play Ransomware

submitted 3 days ago by Dot. edited 3 days ago

unit42.paloaltonetworks.com/north-korean-threat…

Unit 42 has identified Jumpy Pisces, a North Korean state-sponsored threat group associated with the Reconnaissance General Bureau of the Korean People's Army, as a key player in a recent ransomware incident. Our investigation indicates a likely shift in the group’s tactics. We believe with moderate confidence that Jumpy Pisces, or a faction of the group, is now collaborating with the Play ransomware group (Fiddling Scorpius).

This change marks the first observed instance of the group using existing ransomware infrastructure, potentially acting as an initial access broker (IAB) or an affiliate of the Play ransomware group. This shift in their tactics, techniques and procedures (TTPs) signals deeper involvement in the broader ransomware threat landscape.

4

Log in to comment

1 Comments

Typical pisces behavior.

Seriously though, can we stop giving these groups stupid names?