It’s believed those credentials are then used to further the group’s operations. Some of the APT43 websites impersonate institutions or services that are specific to their target audience, such as university portals, search engines, web platforms, and they’re used to host phishing pages with the goal of harvesting credentials. Its email-based phishing campaigns are highly tailored to its victims’ interests and often involve impersonation or building very credible personas. There’s no evidence that APT43 ever used zero-day exploits in its operations like other state-sponsored APTs do, but the group is very apt at social engineering. “Although the overall targeting reach is broad, the ultimate aim of campaigns is most likely centered around enabling North Korea’s weapons program including collecting information about international negotiations, sanctions policy, and other country’s foreign relations and domestic politics as these may affect North Korea’s nuclear ambitions.” Credential harvesting in support of highly targeted phishing campaigns “APT43 collection priorities align with the mission of the Reconnaissance General Bureau (RGB), North Korea’s main foreign intelligence service,” researchers from Google-owned cybersecurity firm Mandiant said in a new report. Since 2022, APT43 has been seen targeting so-called track two diplomatic channels including religious groups, universities, non-governmental organizations, journalists, academics, bloggers, and human rights activists. The group temporarily pivoted to health-related target verticals in 2021, reflecting the Pyongyang regime’s focus at the time on dealing with the COVID-19 pandemic.
However, another team that security researchers call APT43, Kimsuky, or Thallium has been carrying out cyberespionage and cybercrime operations at the behest of the North Korean government since at least 2018.ĪPT43 specializes in credential harvesting and social engineering with a focus on foreign policy and nuclear security issues, topics that align with North Korea’s strategic nuclear goals. It was responsible for the 2014 attack against Sony Pictures, the 2016 cyber heist of funds belonging to the central bank of Bangladesh, and the 2017 WannaCry ransomware worm. When it comes to threat actors working for the North Korean government, most people have heard of the Lazarus group (APT38).
0 kommentar(er)
