Security News > 2023 > April > Cyberespionage threat actor APT43 targets US, Europe, Japan and South Korea
According to Mandiant, who has tracked APT43 since 2018, the threat actor aligns with the mission of the Reconnaissance General Bureau, the main foreign intelligence service from North Korea.
In particular, malware and tools have been shared between APT43 and the infamous Lazarus threat actor.
In a recent report, Google's Threat Analysis Group provides intelligence about a threat actor dubbed Archipelago, which they describe as a subset of APT43 activities they've been tracking since 2012.
APT43 targets South Korea and the U.S., as well as Japan and Europe, especially in manufacturing against goods whose export to North Korea has been restricted such as fuel, machinery, metals, transportation vehicles and weapons.
The Archipelago subset of APT43 has been observed targeting government and military personnel, think tanks, policymakers, academics and researchers in South Korea, the U.S. and elsewhere.
Public malware families used by APT43 include Gh0st RAT, Quasar RAT and Amadey, yet the threat actor mostly uses a nonpublic malware known as LATEOP or BabyShark, probably developed by the group.