APT43, a North Korean state-sponsored cyber operator, engages in strategic intelligence gathering and financially motivated cyber activities. Known for using advanced social engineering techniques, APT43 has increasingly involved itself in stealing and laundering cryptocurrency while targeting various sectors, especially South Korean academia. Affected: South Korean Academia, Government Offices, Diplomatic Organizations, Think Tanks, Health Verticals
Keypoints :
- APT43 is linked to the North Korean Reconnaissance General Bureau (RGB).
- The group has multiple aliases including Black Banshee and Kimsuky.
- Motivated by espionage and financial gain.
- Utilizes various malware, such as RftRAT and VENOMBITE.
- Targets include South Korea, the US, Japan, China, and European countries.
- Known for advanced social engineering tactics that build relationships before deploying malware.
- Shifts targets based on North Korean government demands, including critical sectors like academia and health.
- Collaborates with other North Korean cyber threat groups.
MITRE Techniques :
- Reconnaissance (T1594) – Conducting information gathering on targets.
- Credential Access (T1550.002) – Harvesting credentials through social engineering.
- Defense Evasion (T1027) – Using techniques to avoid detection.
- Lateral Movement (T1021.001) – Moving through a network post-initial compromise.
- Discovery (T1016) – Identifying additional objects on the network.
- Execution (T1053.005) – Executing malicious code on compromised hosts.
- Exfiltration (T1040) – Transferring stolen data to an external location.
- Resource Development (T1562.004) – Gaining access to resources for launching attacks.
- Initial Access (T1190) – Gaining unauthorized access into network systems.
- Privilege Escalation (T1068) – Gaining elevated permissions to systems.
Indicator of Compromise :
- [Malware] RftRAT
- [Malware] VENOMBITE
- [Malware] AutoIt
- [Malware] DEEP#GOSU
- [Malware] BITTERSWEET
Full Story: https://www.cyfirma.com/research/apt-profile-apt43/
Views: 21