Common Information
| Type | Value |
|---|---|
| Value |
APT43 |
| Category | Actor |
| Type | Threat-Actor |
| Misp Type | Cluster |
| Description | • APT43 is a prolific cyber operator that supports the interests of the North Korean regime. The group combines moderately-sophisticated technical capabilities with aggressive social engineering tactics, especially against South Korean and U.S.-based government organizations, academics, and think tanks focused on Korean peninsula geopolitical issues. • In addition to its espionage campaigns, we believe APT43 funds itself through cybercrime operations to support its primary mission of collecting strategic intelligence. • The group creates numerous spoofed and fraudulent personas for use in social engineering, as well as cover identities for purchasing operational tooling and infrastructure. • APT43 has collaborated with other North Korean espionage operators on multiple operations, underscoring the major role APT43 plays in the regime’s cyber apparatus. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-11-11 | 19 | [Blue Team Labs Online Write-up] Ozarks | ||
| Details | Website | 2024-10-14 | 2 | Middle Eastern nations targeted by dangerous "OilRig" malware | #ransomware | #cybercrime | National Cyber Security Consulting | ||
| Details | Website | 2024-10-11 | 71 | Weekly Intelligence Report - 11 Oct 2024 | #ransomware | #cybercrime | National Cyber Security Consulting | ||
| Details | Website | 2024-10-04 | 4 | North Korea Hackers Linked to Breach of German Missile Manufacturer | ||
| Details | Website | 2024-10-03 | 55 | Open Directory Exposes Phishing Campaign Targeting Google & Naver Credentials | ||
| Details | Website | 2024-10-02 | 5 | [VirusBulletin 2024] Go-ing Arsenal: A Closer Look at Kimsuky’s Go Strategic Advancement | ||
| Details | Website | 2024-10-02 | 2 | [VirusBulletin 2024] Go-ing Arsenal: A Closer Look at Kimsuky’s Go Strategic Advancement | ||
| Details | Website | 2024-10-01 | 1 | North Korea-linked APT Kimsuky targeted German defense firm Diehl Defence | ||
| Details | Website | 2024-09-27 | 2 | The Good, the Bad and the Ugly in Cybersecurity - Week 39 | ||
| Details | Website | 2024-09-26 | 1 | N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted Attacks | ||
| Details | Website | 2024-09-26 | 1 | N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted Attacks - RedPacket Security | ||
| Details | Website | 2024-09-26 | 1 | N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted Attacks | ||
| Details | Website | 2024-09-09 | 80 | Threat Assessment: North Korean Threat Groups | ||
| Details | Website | 2024-09-03 | 6 | Threat Intelligence RoundUp: August | ||
| Details | Website | 2024-07-25 | 3 | APT45: North Korea’s Digital Military Machine | Google Cloud Blog | ||
| Details | Website | 2024-07-01 | 62 | Kimsuky deploys TRANSLATEXT to target South Korean academia | ||
| Details | Website | 2024-06-05 | 13 | Cybersecurity threatscape: Q1 2024 | ||
| Details | Website | 2024-06-05 | 9 | Phishing for Gold: Cyber Threats Facing the 2024 Paris Olympics | Google Cloud Blog | ||
| Details | Website | 2024-05-08 | 1 | North Korean hackers exploiting DMARC policies in spearphishing campaign | ||
| Details | Website | 2024-04-17 | 64 | APT43 배후의 다단계 드롭박스 명령과 TutorialRAT | ||
| Details | Website | 2024-03-04 | 96 | 安全事件周报 2024-03-04 第10周 | ||
| Details | Website | 2023-11-01 | 5 | North Korean Hackers Targeting Crypto Experts with KANDYKORN macOS Malware | ||
| Details | Website | 2023-11-01 | 5 | North Korean Hackers Targeting Crypto Experts with KANDYKORN macOS Malware - RedPacket Security | ||
| Details | Website | 2023-10-19 | 4 | Trojanized VNC apps leveraged in defense-targeted Lazarus Group attacks | ||
| Details | Website | 2023-10-19 | 4 | Microsoft Warns of North Korean Attacks Exploiting JetBrains TeamCity Flaw |