This cluster centers on 645 connected domains tagged as NorthKorea, backdoor, pw-cyrex. 645 of these domains have been flagged by threat intelligence feeds including Google Safe Browsing and URLhaus.
Do not click links to any of the flagged domains. If you have visited one, check your accounts for unauthorized activity and consider changing your passwords. You can report suspicious contacts to the FTC at reportfraud.ftc.gov or to the FCC at consumercomplaints.fcc.gov.
This campaign was identified through automated analysis of threat intelligence feeds and entity relationship mapping.