FOCUS MODE
EXTRACT IOC
Cyber Security News

Cybercrime: A Multifaceted National Security Threat | Google Cloud Blog

iocOne
Cybercrime: A Multifaceted National Security Threat | Google Cloud Blog
Financially motivated cyber operations linked to North Korean threat actors are focused on revenue generation through attacks on cryptocurrency and financial sectors, including the deployment of malicious applications and phishing schemes. Groups such as APT38 and its successors exploit vulnerabilities to steal funds, while DPRK IT workers engage in deception to support the regime’s goals. Affected: cryptocurrency sector, financial institutions, government organizations, academia, healthcare, pharmaceutical entities

Keypoints :

  • North Korean cyber actors engage primarily in financially motivated operations.
  • Groups like APT38 have been responsible for extensive thefts from global institutions, totaling over .1 billion in attempted thefts.
  • APT38 utilized SWIFT system compromises, money mules, and casinos for laundering stolen funds.
  • Successor groups like UNC1069 (CryptoCore) and UNC4899 (TraderTraitor) continue to target cryptocurrency platforms, recently stealing 8 million from a Japan-based company.
  • APT43 focuses on cybercrime to fund intelligence-gathering operations with interest in foreign policy and nuclear security.
  • UNC3782 operates in financial crime and espionage, targeting South Korean organizations and cryptocurrency users across various platforms.
  • APT45 is involved in espionage and financially motivated operations, with suspected ransomware development.
  • DPRK IT workers pose as non-North Koreans to generate revenue and facilitate malicious activities, expanding their operations globally.

MITRE Techniques :

  • TA0032 – Unsecured Credentials: DPRK IT workers enable malicious intrusion through privileged access.
  • TA0040 – Conducting Phishing: Malicious applications redirected users to phishing websites.
  • TA0041 – Credential Dumping: Use of compromised SWIFT systems by APT38 to exfiltrate data.
  • TA0047 – File and Directory Permissions Modification: Manipulation of access rights by DPRK IT workers to aid operations.
  • TA0098 – Resource Development: Companies exploited by non-North Korean nationals posing as IT workers to launder money.

Full Story: https://cloud.google.com/blog/topics/threat-intelligence/cybercrime-multifaceted-national-security-threat/

Views: 38

Tags: EXPLOIT, HEALTHCARE, FINANCIAL, SOCIAL ENGINEERING, CREDENTIAL, COLLECTION, PHISHING, CLOUD