Mandiant tracks tons of activity throughout the year, but we don’t always have enough evidence to attribute it to a specific group. However, as we continue to observe more activity over time and our knowledge of related threat clusters matures, we may graduate it to a named threat actor.
Dive into the report now for in-depth analysis on APT43 targeting and TTPs, examples of their campaigns and operations, and an annex of malware and indicators. Here’s a little taste of what you can expect to learn:
- Attribution: Mandiant has tracked this group since 2018, and APT43’s collection priorities align with the mission of the Reconnaissance General Bureau (RGB), North Korea’s main foreign intelligence service.
- Activity: APT43 steals and launders enough cryptocurrency to buy operational infrastructure in a manner aligned with North Korea’s juche state ideology of self-reliance, therefore reducing fiscal strain on the central government.
- Targeting: Espionage targeting is regionally focused on South Korea, Japan, Europe, and the United States, especially in the following sectors: government, business services, and manufacturing, along with education, research, and think tanks focused on geopolitical and nuclear policy. The group shifted focus to health-related verticals throughout the majority of 2021, likely in support of pandemic response efforts.
- Tactics: The group creates numerous spoofed and fraudulent (but convincing) personas for use in social engineering, and also masquerades as key individuals within their target area (such as diplomacy and defense), and leveraged stolen personally identifiable information (PII) to create accounts and register domains. APT43 has also created cover identities for purchasing operational tooling and infrastructure.
- Procedures: APT43 buys hash rental and cloud mining services to provide hash power, which is used to mine cryptocurrency to a wallet selected by the buyer without any blockchain-based association to the buyer’s original payments—in other words, they use stolen crypto to mine for clean crypto.
APT43 is able to support espionage efforts with cybercrime, is willing to engage in operations over longer periods of time, and has collaborated with other North Korean espionage operators on multiple operations, underscoring the major role APT43 plays in the regime’s cyber apparatus.
Disclaimer: The information provided is not trading advice, Bitcoinworld.co.in holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.