29 March 2023

North Korean APT43 uses cybercrime to support cyber-espionage operations


North Korean APT43 uses cybercrime to support cyber-espionage operations

Cybersecurty firm Mandiant has shed some light on cyber activities of a new espionage group it tracks as APT43 that has been targeting government organizations, academics, and think tanks in the United States, Europe, Japan, and South Korea since 2018.

The threat actor is said to have ties with the Reconnaissance General Bureau (RGB), North Korea's main foreign intelligence service. In past public reports some of the group's operations have been referred to as Kimsuky and Thallium.

Mandiant says that APT43 is a moderately-sophisticated threat actor that uses cybercrime to fund its espionage efforts.

“APT43 is able to support espionage efforts with cybercrime, is willing to engage in operations over longer periods of time, and has collaborated with other North Korean espionage operators on multiple operations, underscoring the major role APT43 plays in the regime’s cyber apparatus,” the report reads.

APT43’s most common attack method is using tailored spear-phishing emails to gain access to their victim’s information. The group also uses spoofed websites designed to steal credentials. While APT43 maintains a high tempo of activity and is prolific in its phishing and credential collection campaigns, the researchers said they didn’t observe the group exploiting zero-day vulnerabilities.

“Although the overall targeting reach is broad, the ultimate aim of campaigns is most likely centered around enabling North Korea’s weapons program, including: collecting information about international negotiations, sanctions policy, and other country’s foreign relations and domestic politics as these may affect North Korea’s nuclear ambitions,” Mandiant notes.

Back to the list

Latest Posts

Free VPN provider SuperVPN exposes 360 million user records

Free VPN provider SuperVPN exposes 360 million user records

In total, 133GB of sensitive data including user email addresses, original IP addresses, and geolocation information is said to have been exposed in the leak.
29 May 2023
Cyber security week in review: May 26, 2023

Cyber security week in review: May 26, 2023

The world in brief: New ICS malware discovered, hacktivists expose Russian hacker wanted in the US, Pegasus spyware found in Armenia and Azerbaijan, and more.
26 May 2023
Barracuda’s email gateway appliances breached via zero-day bug

Barracuda’s email gateway appliances breached via zero-day bug

The vulnerability resided in a module which initially screens the attachments of incoming emails.
25 May 2023