2023-04-10

Elevating the Title, APT43 Designated for North Korean Actor

Level: 
Tactical
  |  Source: 
Mandiant
Defense
Government
Education
Healthcare
Media
Pharmaceutical
Nuclear
Research
Think Tanks
Share:

Elevating the Title, APT43 Designated for North Korean Actor

A recently uncovered North Korean hacking group, identified as 'APT43,' has been conducting cyber attacks on government agencies, cryptocurrency services, academics, think tanks, media members and organizations across the United States, Europe, Japan, and South Korea since 2018. The threat actor's motives are focused on espionage and financially motivated cybercrime operations in order to amass funds to support its activities. Formerly tracked as Kimsuky” or “Thallium,” Mandiant recognizes their activities as APT43. Mandiant researchers exposed APT43's activities in their latest report, assessing "with moderate confidence that APT43 is attributable to the North Korean Reconnaissance General Bureau (RGB), the country's primary foreign intelligence service." Mandiant's observation of sudden shifts in APT43's espionage operations suggests the group may be adjusting its objectives in response to changes in the state's strategic plans. An example was a shift to target organizations in healthcare and pharmaceutical, with specifically crafted malware likely as a response to the COVID-19 pandemic.

Techniques to exploit zero-day were not observed from APT43. "Campaigns attributed to APT43 include strategic intelligence collection aligned with Pyongyang’s geopolitical interests, credential harvesting, and social engineering to support espionage activities, and financially-motivated cybercrime to fund operations." The group uses the obtained credentials to further their interests, which involve gathering information on the U.S. military and government, defense industrial base (DIB), nuclear security policy, and research and security policies developed by academia and think tanks based in the U.S. "APT43 has displayed interest in similar industries within South Korea, specifically non-profit organizations and universities that focus on global and regional policies, as well as businesses, such as manufacturing, that can provide information around goods whose export to North Korea has been restricted," as explained by Mandiant.

Get trending threats published weekly by the Anvilogic team.

Sign Up Now