{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,3]],"date-time":"2026-04-03T15:04:28Z","timestamp":1775228668089,"version":"3.50.1"},"reference-count":75,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2025,1,20]],"date-time":"2025-01-20T00:00:00Z","timestamp":1737331200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,20]],"date-time":"2025-01-20T00:00:00Z","timestamp":1737331200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2025,2]]},"DOI":"10.1007\/s10207-025-00980-x","type":"journal-article","created":{"date-parts":[[2025,1,20]],"date-time":"2025-01-20T09:06:02Z","timestamp":1737363962000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["An exploratory analysis of the DPRK cyber threat landscape using publicly available reports"],"prefix":"10.1007","volume":"24","author":[{"ORCID":"https:\/\/orcid.org\/0009-0003-9268-770X","authenticated-orcid":false,"given":"Jeonggak","family":"Lyu","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0009-0006-9192-6694","authenticated-orcid":false,"given":"Ahyun","family":"Song","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2103-8019","authenticated-orcid":false,"given":"Euiseong","family":"Seo","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7298-4254","authenticated-orcid":false,"given":"Gibum","family":"Kim","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,1,20]]},"reference":[{"key":"980_CR1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2024.103786","volume":"83","author":"P Alaeifar","year":"2024","unstructured":"Alaeifar, P., Pal, S., Jadidi, Z., Hussain, M., Foo, E.: Current approaches and future directions for cyber threat intelligence sharing: a survey. J. Inf. Secur. Appl. 83, 103786 (2024). https:\/\/doi.org\/10.1016\/j.jisa.2024.103786","journal-title":"J. Inf. Secur. Appl."},{"key":"980_CR2","doi-asserted-by":"publisher","unstructured":"Aliprandi, C., Luca, A.E.D., Pietro, G.D., Raffaelli, M., Gazz\u00e8, D., Polla, M.N.L., Marchetti, A., Tesconi, M.: Caper: Crawling and analysing Facebook for intelligence purposes. In: ASONAM 2014 - Proceedings of the 2014 IEEE\/ACM International Conference on Advances in Social Networks Analysis and Mining pp. 665\u2013669 (2014). https:\/\/doi.org\/10.1109\/ASONAM.2014.6921656","DOI":"10.1109\/ASONAM.2014.6921656"},{"key":"980_CR3","doi-asserted-by":"publisher","DOI":"10.1016\/j.is.2020.101586","volume":"95","author":"F Alves","year":"2021","unstructured":"Alves, F., Bettini, A., Ferreira, P.M., Bessani, A.: Processing tweets for cybersecurity threat awareness. Inf. Syst. 95, 101586 (2021). https:\/\/doi.org\/10.1016\/j.is.2020.101586","journal-title":"Inf. Syst."},{"key":"980_CR4","unstructured":"ASEC: Distribution of malicious Korean HWP files with litigation-related content - konni group. Ahnlab (2019). https:\/\/asec.ahnlab.com\/ko\/1277\/"},{"key":"980_CR5","unstructured":"Barnhart, M., Larsen, A., Johnson, J., Long, T., Cantos, M., Hernandez, A.: Assessed cyber structure and alignments of north Korea in 2023. Mandiant (2023). https:\/\/www.mandiant.com\/resources\/blog\/north-korea-cyber-structure-alignment-2023"},{"key":"980_CR6","unstructured":"Blankenship, K.: Ch\u2013Ch-changes: the arc of the CHOLLIMA\u2019s and DPRK\u2019s state-driven cyber ecosystem. CYBERWARCON 2019 (2019). https:\/\/www.youtube.com\/watch?v=QFX1LqzmYHE"},{"key":"980_CR7","unstructured":"BLKSMTH: scarcruft bolsters arsenal for targeting individual android devices. S2W (2023). https:\/\/medium.com\/s2wblog\/scarcruft-bolsters-arsenal-for-targeting-individual-android-devices-97d2bcef4ab"},{"key":"980_CR8","first-page":"97","volume":"31","author":"H Boo-wook","year":"2017","unstructured":"Boo-wook, H.: An assessment of North Korean cyber threats. J. East Asian Aff. 31, 97\u2013117 (2017)","journal-title":"J. East Asian Aff."},{"key":"980_CR9","unstructured":"Britannica: Lazarus | biblical accounts, description, & facts. Britannica (2023). https:\/\/www.britannica.com\/biography\/Lazarus-biblical-figure"},{"key":"980_CR10","doi-asserted-by":"publisher","unstructured":"Browne, T.O., Abedin, M., Mohammad, Chowdhury, J.M., Abedin, M., Jabed, M., Chowdhury, M.: A systematic review on research utilising artificial intelligence for open source intelligence (OSINT) applications. Int. J. Inf. Secur. 23:4 23, 2911\u20132938 (2024). https:\/\/doi.org\/10.1007\/S10207-024-00868-2","DOI":"10.1007\/S10207-024-00868-2"},{"key":"980_CR11","unstructured":"Caltagirone, S., Pendergast, A., Betz, C.: The diamond model of intrusion analysis. DTIC(Defense Technical Information Center) (2013). https:\/\/apps.dtic.mil\/sti\/citations\/ADA586960"},{"key":"980_CR12","unstructured":"CEIP: Timeline of cyber incidents involving financial institutions. Carnegie Endowment for International Peace (2024). https:\/\/carnegieendowment.org\/features\/fincyber-timeline?lang=en"},{"key":"980_CR13","unstructured":"CSIS: Significant cyber incidents. Center for Strategic & International Studies (2024). https:\/\/www.csis.org\/programs\/strategic-technologies-program\/significant-cyber-incidents"},{"key":"980_CR14","unstructured":"Diablo2Wiki: Andariel. Diablo2Wiki (2013). https:\/\/diablo2.diablowiki.net\/Andariel. Accessed 26 Sept 2023"},{"key":"980_CR15","unstructured":"Diablo2Wiki: Archbishop lazarus. Diablo2Wiki (2021). https:\/\/diablo2.diablowiki.net\/Archbishop_Lazarus"},{"key":"980_CR16","unstructured":"ESRC: Discovering commonalities between apt campaigns \u2019konni\u2019 & \u2019thallium (kimsuky)\u2019 organizations. ESTSecurity (2019). https:\/\/blog.alyac.co.kr\/2347"},{"key":"980_CR17","doi-asserted-by":"publisher","first-page":"134038","DOI":"10.1109\/ACCESS.2022.3231847","volume":"10","author":"OI Falowo","year":"2022","unstructured":"Falowo, O.I., Popoola, S., Riep, J., Adewopo, V.A., Koch, J.: Threat actors\u2019 tenacity to disrupt: Examination of major cybersecurity incidents. IEEE Access 10, 134038\u2013134051 (2022). https:\/\/doi.org\/10.1109\/ACCESS.2022.3231847","journal-title":"IEEE Access"},{"key":"980_CR18","unstructured":"FIRST: Traffic light protocol (tlp). Forum of Incident Response and Security Teams (2024). https:\/\/www.first.org\/tlp\/"},{"key":"980_CR19","unstructured":"Flashpoint: A breakdown and analysis of the december, 2014 sony hack. Flashpoint (2014). https:\/\/flashpoint.io\/blog\/a-breakdown-and-analysis-of-the-december-2014-sony-hack\/"},{"key":"980_CR20","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2020.102715","author":"G Gonz\u00e1lez-Granadillo","year":"2021","unstructured":"Gonz\u00e1lez-Granadillo, G., Faiella, M., Medeiros, I., Azevedo, R., Gonz\u00e1lez-Zarzosa, S.: Etip: an enriched threat intelligence platform for improving OSINT correlation, analysis, visualization and sharing capabilities. J. Inf. Secur. Appl. (2021). https:\/\/doi.org\/10.1016\/j.jisa.2020.102715","journal-title":"J. Inf. Secur. Appl."},{"key":"980_CR21","doi-asserted-by":"publisher","first-page":"1567","DOI":"10.1007\/s10207-023-00706-x","volume":"22","author":"L Gonz\u00e1lez-Manzano","year":"2023","unstructured":"Gonz\u00e1lez-Manzano, L., deFuentes, J.M., Lombardi, F., Ramos, C.: A technical characterization of APTS by leveraging public resources. Int. J. Inf. Secur. 22, 1567\u20131584 (2023)","journal-title":"Int. J. Inf. Secur."},{"key":"980_CR22","unstructured":"GREAT: Lazarus under the hood. Kaspersky (2017). https:\/\/securelist.com\/lazarus-under-the-hood\/77908\/"},{"key":"980_CR23","unstructured":"Greenberg, A.: Hacker group names are now absurdly out of control. WIRED (2023). https:\/\/www.wired.com\/story\/hacker-naming-schemes-spandex-tempest\/"},{"key":"980_CR24","unstructured":"Guerrero-Saade, J.A., Raiu, C.: Walking in your enemy\u2019s shadow: When fourth-party collection becomes attribution hell. VirusBulletin (2017). https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2018\/03\/07170728\/Guerrero-Saade-Raiu-VB2017.pdf"},{"key":"980_CR25","unstructured":"Guerrero-Saade, J.A., Raiu, C.: Walking in your enemy\u2019s shadow: when fourth-party collection becomes attribution hell. VirusBulletin (2017). https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2018\/03\/07170728\/Guerrero-Saade-Raiu-VB2017.pdf"},{"key":"980_CR26","unstructured":"Hacqueboard, F., Hilt, S., Merces, F.: Oniondog is not a targeted attack-it\u2019s a cyber drill. Trendmicro (2017). https:\/\/www.trendmicro.com\/en_us\/research\/17\/h\/oniondog-not-targeted-attack-cyber-drill.html"},{"key":"980_CR27","doi-asserted-by":"publisher","first-page":"43","DOI":"10.1016\/J.EIJ.2022.11.001","volume":"24","author":"E Irshad","year":"2023","unstructured":"Irshad, E., Siddiqui, A.B.: Cyber threat attribution using unstructured reports in cyber threat intelligence. Egypt. Inform. J. 24, 43\u201359 (2023). https:\/\/doi.org\/10.1016\/J.EIJ.2022.11.001","journal-title":"Egypt. Inform. J."},{"key":"980_CR28","unstructured":"Iuzvyk, D., Peck, D., Kolesnikov, O.: Stiff#bizon detection using securonix - new attack campaign observed possibly linked to konni\/apt37 (North Korea). Securonix (2022). https:\/\/www.securonix.com\/blog\/stiffbizon-detection-new-attack-campaign-observed\/"},{"key":"980_CR29","doi-asserted-by":"publisher","DOI":"10.1080\/01495933.2024.2317251","author":"N Katagiri","year":"2024","unstructured":"Katagiri, N.: Advanced persistent threats and the \u201cbig four\u2019\u2019: State-sponsored hackers in China, Iran, Russia, and North Korea in 2003\u20132021. Comparative Strategy (2024). https:\/\/doi.org\/10.1080\/01495933.2024.2317251","journal-title":"Comparative Strategy"},{"key":"980_CR30","unstructured":"KCC: Around 77,000 zombie pcs were mobilized in the 3.4 ddos attack. Korea Communications Commission (2011). https:\/\/www.korea.kr\/briefing\/pressReleaseView.do?newsId=155726421"},{"key":"980_CR31","unstructured":"Kim, J., Kwak, K.J., Jang, M.C.: Kimsuky group: track the king of the spear-phishing. VirusBulletin (2019). https:\/\/www.virusbulletin.com\/uploads\/pdf\/conference_slides\/2019\/VB2019-Kim.pdf"},{"key":"980_CR32","unstructured":"Klinger, B.: North korean cyberattacks: a dangerous and evolving threat. The Heritage Foundation (2021). https:\/\/www.heritage.org\/asia\/report\/north-korean-cyberattacks-dangerous-and-evolving-threat"},{"key":"980_CR33","unstructured":"KMSIP: interim investigation results of the 3.20 cyber terror attack announced. Korea Ministry of Science, ICT and Future Planning (2013). https:\/\/www.korea.kr\/news\/policyNewsView.do?newsId=148758739"},{"key":"980_CR34","unstructured":"KNIS: Nis \u201coperating emergency response system against ddos attacks\u201d. Korea National Intelligence Service (2009). https:\/\/www.korea.kr\/news\/policyNewsView.do?newsId=148673043"},{"key":"980_CR35","unstructured":"KRNPA: Interpark personal information hacking, extortion, north korea suspected. Korea National Police Agency (2016). https:\/\/www.korea.kr\/briefing\/pressReleaseView.do?newsId=156144599"},{"key":"980_CR36","unstructured":"KRNPA: Hackers stole and distributed 230,000 financial transaction details from atm machines in south korea. Korea National Police Agency (2017). https:\/\/www.korea.kr\/briefing\/pressReleaseView.do?newsId=156224052&pageIndex=1"},{"key":"980_CR37","unstructured":"ju\u00a0Kwak, K., Kim, J., Jang, M., Lyu, J., Jang, N.: Campaign rifle: Andariel, the maiden of anguish. FSI(Financial Security Institute) (2017). https:\/\/www.fsec.or.kr\/bbs\/detail?menuNo=244&bbsNo=6680"},{"key":"980_CR38","unstructured":"Lambert, J.: Microsoft shifts to a new threat actor naming taxonomy. Microsoft (2023). https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/04\/18\/microsoft-shifts-to-a-new-threat-actor-naming-taxonomy\/"},{"key":"980_CR39","unstructured":"Legoy, V., Caselli, M., Seifert, C., Peter, A.: Automated retrieval of att &ck tactics and techniques for cyber threat reports. In: FIRST Cyber Threat Intelligence Symposium (2020). https:\/\/arxiv.org\/abs\/2004.14322v1"},{"key":"980_CR40","doi-asserted-by":"publisher","first-page":"26","DOI":"10.1016\/J.COSE.2017.08.005","volume":"72","author":"A Lemay","year":"2018","unstructured":"Lemay, A., Calvet, J., Menet, F., Fernandez, J.M.: Survey of publicly available reports on advanced persistent threat actors. Comput. Secur. 72, 26\u201359 (2018). https:\/\/doi.org\/10.1016\/J.COSE.2017.08.005","journal-title":"Comput. Secur."},{"key":"980_CR41","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102202","volume":"104","author":"LFM Liras","year":"2021","unstructured":"Liras, L.F.M., de Soto, A.R., Prada, M.A.: Feature analysis for data-driven apt-related malware discrimination. Comput. Secur. 104, 102202 (2021). https:\/\/doi.org\/10.1016\/j.cose.2021.102202","journal-title":"Comput. Secur."},{"key":"980_CR42","unstructured":"Lyu, J.: Everyday is lazarus.day (2023). https:\/\/lazarus.day\/"},{"key":"980_CR43","doi-asserted-by":"publisher","unstructured":"Lyu, J.: Collection of DPRK state-sponsored threat actors\u2019 activities. Mendeley Data, V2 (2024). https:\/\/doi.org\/10.17632\/WWB2RZGFN7.2, https:\/\/data.mendeley.com\/datasets\/wwb2rzgfn7\/2","DOI":"10.17632\/WWB2RZGFN7.2"},{"key":"980_CR44","unstructured":"Microsoft: how microsoft names threat actors. Microsoft (2023). https:\/\/learn.microsoft.com\/en-us\/microsoft-365\/security\/intelligence\/microsoft-threat-actor-naming"},{"key":"980_CR45","unstructured":"MISP: Misp galaxy clusters. CIRCL(Computer Incident Response Center Luxembourg) (2023). https:\/\/www.misp-project.org\/galaxy.html"},{"key":"980_CR46","unstructured":"MITRE: Carbanak, software s0030. MITRE ATT &CK (2021). https:\/\/attack.mitre.org\/software\/S0030\/"},{"key":"980_CR47","unstructured":"MITRE: Carbanak, anunak, group g0008. MITRE ATT &CK (2023). https:\/\/attack.mitre.org\/groups\/G0008\/"},{"key":"980_CR48","unstructured":"MITRE: Konni, software s0356. MITRE ATT &CK (2023). https:\/\/attack.mitre.org\/software\/S0356\/"},{"key":"980_CR49","unstructured":"MITRE: Groups. MITRE ATT &CK (2024). https:\/\/attack.mitre.org\/groups\/"},{"key":"980_CR50","unstructured":"Novetta: operation blockbuster: unraveling the long thread of the sony attack. Novetta (2016). https:\/\/www.operationblockbuster.com\/"},{"key":"980_CR51","doi-asserted-by":"publisher","unstructured":"Perry, L., Shapira, B., Puzis, R.: No-doubt: Attack attribution based on threat intelligence reports. In: 2019 IEEE International Conference on Intelligence and Security Informatics, ISI 2019, pp. 80\u201385 (2019). https:\/\/doi.org\/10.1109\/ISI.2019.8823152","DOI":"10.1109\/ISI.2019.8823152"},{"key":"980_CR52","unstructured":"Raiu, C., Ivanov, A.: Operation daybreak. Kaspersky (2016). https:\/\/securelist.com\/operation-daybreak\/75100\/"},{"key":"980_CR53","doi-asserted-by":"publisher","unstructured":"Rani, N., Saha, B., Maurya, V., Shukla, S.K.: Ttphunter: automated extraction of actionable intelligence as TTPS from narrative threat reports. In: ACM International Conference Proceeding Series, pp. 126\u2013134 (2023). https:\/\/doi.org\/10.1145\/3579375.3579391. https:\/\/dl.acm.org\/doi\/10.1145\/3579375.3579391","DOI":"10.1145\/3579375.3579391"},{"key":"980_CR54","unstructured":"Rascagneres, P.: Konni: A malware under the radar for years. Cisco Talos (2017). https:\/\/blog.talosintelligence.com\/konni-malware-under-radar-for-years\/"},{"key":"980_CR55","unstructured":"Rosenberg, J., Beek, C.: Examining code reuse reveals undiscovered links among north korea\u2019s malware families. Intezer (2018). https:\/\/intezer.com\/blog\/research\/examining-code-reuse-reveals-undiscovered-links-among-north-koreas-malware-families\/"},{"key":"980_CR56","doi-asserted-by":"publisher","first-page":"1012","DOI":"10.1016\/J.PROCS.2023.01.379","volume":"219","author":"S Sarefo","year":"2023","unstructured":"Sarefo, S., Dawson, M., Banyatsang, M.: An exploratory analysis of the cybersecurity threat landscape for Botswana. Procedia Comput. Sci. 219, 1012\u20131022 (2023). https:\/\/doi.org\/10.1016\/J.PROCS.2023.01.379","journal-title":"Procedia Comput. Sci."},{"key":"980_CR57","unstructured":"Shevchenko, S.: Two bytes to \\$951m. BAE Systems (2016). https:\/\/baesystemsai.blogspot.com\/2016\/04\/two-bytes-to-951m.html"},{"key":"980_CR58","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1186\/S42400-020-00048-4","volume":"3","author":"F Skopik","year":"2020","unstructured":"Skopik, F., Pahi, T.: Under false flag: using technical artifacts for cyber attack attribution. Cybersecurity 3, 1\u201320 (2020). https:\/\/doi.org\/10.1186\/S42400-020-00048-4","journal-title":"Cybersecurity"},{"key":"980_CR59","unstructured":"SkyEye, HeliosTeam: Operation Oniondog. Qihoo 360 (2016), https:\/\/github.com\/CyberMonitor\/APT_CyberCriminal_Campagin_Collections\/blob\/master\/2016\/2016.03.08.OnionDog\/APT-C-03-en.pdf"},{"key":"980_CR60","unstructured":"Tarakanov, D.: The \u201ckimsuky\u201d operation: A north Korean apt? Kaspersky (2013). https:\/\/securelist.com\/the-kimsuky-operation-a-north-korean-apt\/57915\/"},{"key":"980_CR61","unstructured":"ThaiCERT: threat group cards: a threat actor encyclopedia. ETDA(Electronic Transactions Development Agency) (2023). https:\/\/apt.etda.or.th\/cgi-bin\/listgroups.cgi"},{"key":"980_CR62","unstructured":"Tom, B.: Russian cyberattacks pose greater risk to governments and other insights from our annual report. Microsoft (2021). https:\/\/blogs.microsoft.com\/on-the-issues\/2021\/10\/07\/digital-defense-report-2021\/"},{"key":"980_CR63","doi-asserted-by":"publisher","first-page":"212","DOI":"10.1016\/J.COSE.2017.09.001","volume":"72","author":"W Tounsi","year":"2018","unstructured":"Tounsi, W., Rais, H.: A survey on technical threat intelligence in the age of sophisticated cyber attacks. Comput. Secur. 72, 212\u2013233 (2018). https:\/\/doi.org\/10.1016\/J.COSE.2017.09.001","journal-title":"Comput. Secur."},{"key":"980_CR64","unstructured":"TradersofCrypto: the world\u2019s biggest financial hacks. Traders of Crypto (2020). https:\/\/tradersofcrypto.com\/financial-hacks\/"},{"key":"980_CR65","unstructured":"UN: S\/2020\/151 final report of the panel of experts. UN Security Council Sanctions Committee on North Korea (2020). https:\/\/www.securitycouncilreport.org\/atf\/cf\/%7B65BFCF9B-6D27-4E9C-8CD3-CF6E4FF96FF9%7D\/S_2020_151.pdf"},{"key":"980_CR66","unstructured":"UN: S\/2021\/211 final report of the panel of experts. UN Security Council Sanctions Committee on North Korea (2021). https:\/\/www.securitycouncilreport.org\/atf\/cf\/%7B65BFCF9B-6D27-4E9C-8CD3-CF6E4FF96FF9%7D\/s_2021_211.pdf"},{"key":"980_CR67","unstructured":"UN: S2022\/132 final report of the panel of experts. UN Security Council Sanctions Committee on North Korea (2022). https:\/\/www.securitycouncilreport.org\/atf\/cf\/%7B65BFCF9B-6D27-4E9C-8CD3-CF6E4FF96FF9%7D\/N2225209.pdf"},{"key":"980_CR68","unstructured":"UN: S\/2023\/656 final report of the panel of experts. UN Security Council Sanctions Committee on North Korea (2023). https:\/\/www.securitycouncilreport.org\/atf\/cf\/%7B65BFCF9B-6D27-4E9C-8CD3-CF6E4FF96FF9%7D\/s_2023_171.pdf"},{"key":"980_CR69","unstructured":"UN: S\/2024\/215 final report of the panel of experts. UN Security Council Sanctions Committee on North Korea (2024). https:\/\/www.securitycouncilreport.org\/atf\/cf\/%7B65BFCF9B-6D27-4E9C-8CD3-CF6E4FF96FF9%7D\/S%202024%20215.pdf"},{"key":"980_CR70","unstructured":"UNIT42: Crooked pisces. Palo Alto Networks (2021). https:\/\/unit42.paloaltonetworks.com\/atoms\/crooked-pisces\/"},{"key":"980_CR71","unstructured":"USCISA: hidden cobra - fastcash campaign. US Cybersecurity & Infrastructure Security Agency (2018). https:\/\/www.cisa.gov\/news-events\/alerts\/2018\/10\/02\/hidden-cobra-fastcash-campaign"},{"key":"980_CR72","unstructured":"USCISA: Fastcash 2.0: North korea\u2019s beagleboyz robbing banks. US Cybersecurity & Infrastructure Security Agency (2020). https:\/\/www.cisa.gov\/news-events\/cybersecurity-advisories\/aa20-239a"},{"key":"980_CR73","unstructured":"USFBI, USCISA, USTreasury: North Korean state-sponsored cyber actors use MAUI ransomware to target the healthcare and public health sector. CISA (2022). https:\/\/www.cisa.gov\/news-events\/cybersecurity-advisories\/aa22-187a"},{"key":"980_CR74","unstructured":"USJustice: Three north korean military hackers indicted in wide-ranging scheme to commit cyberattacks and financial crimes across the globe. United States Department of Justice (2021). https:\/\/www.justice.gov\/opa\/pr\/three-north-korean-military-hackers-indicted-wide-ranging-scheme-commit-cyberattacks-and"},{"key":"980_CR75","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2020.101867","author":"J Zhao","year":"2020","unstructured":"Zhao, J., Yan, Q., Li, J., Shao, M., He, Z., Li, B.: Timiner: automatically extracting and analyzing categorized cyber threat intelligence from social data. Comput. Secur. (2020). https:\/\/doi.org\/10.1016\/j.cose.2020.101867","journal-title":"Comput. Secur."}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-00980-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-025-00980-x\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-00980-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,2,12]],"date-time":"2025-02-12T05:18:39Z","timestamp":1739337519000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-025-00980-x"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,1,20]]},"references-count":75,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2025,2]]}},"alternative-id":["980"],"URL":"https:\/\/doi.org\/10.1007\/s10207-025-00980-x","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"value":"1615-5262","type":"print"},{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,1,20]]},"assertion":[{"value":"20 January 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors have no Conflict of interest to declare concerning this paper.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}],"article-number":"66"}}