Intel Name: Ta406 pivots to the front
Date of Scan: May 14, 2025
Impact: High
Summary: In February 2025, TA406 launched phishing campaigns against Ukrainian government entities, delivering both credential-harvesting tools and malware. Likely aimed at gathering intelligence related to the ongoing Russian invasion, TA406 is a DPRK state-sponsored threat group, also known as Opal Sleet or Konni. Previously focused on Russian targets, the group now leverages freemail accounts impersonating think tank members to enhance credibility. The phishing lures are crafted around recent developments in Ukrainian domestic politics.
