Security News > 2023 > March > North Korean APT43 Group Uses Cybercrime to Fund Espionage Operations

North Korean APT43 Group Uses Cybercrime to Fund Espionage Operations
2023-03-29 05:32

A new North Korean nation-state cyber operator has been attributed to a series of campaigns orchestrated to gather strategic intelligence that aligns with Pyongyang's geopolitical interests since 2018.

"APT43 is a prolific cyber operator that supports the interests of the North Korean regime," Mandiant researchers said in a detailed technical report published Tuesday.

"The group combines moderately-sophisticated technical capabilities with aggressive social engineering tactics, especially against South Korean and U.S.-based government organizations, academics, and think tanks focused on Korean peninsula geopolitical issues."

APT43's activities are said to align with the Reconnaissance General Bureau, North Korea's foreign intelligence agency, indicating tactical overlaps with another hacking group dubbed Kimsuky.

"The prevalence of financially-motivated activity among North Korean groups, even among those which have historically focused on cyber espionage, suggests a widespread mandate to self-fund and an expectation to sustain themselves without additional resourcing," Mandiant said.

APT43's operations are actualized through a large arsenal of custom and publicly available malware such as LATEOP, FastFire, gh0st RAT, Quasar RAT, Amadey, and an Android version of a Windows-based downloader called PENCILDOWN. The findings come less than a week after German and South Korean government agencies warned about cyber attacks mounted by Kimsuky using rogue browser extensions to steal users' Gmail inboxes.


News URL

https://thehackernews.com/2023/03/north-korean-apt43-group-uses.html