Common Information
| Type | Value |
|---|---|
| Value |
APT43 |
| Category | Actor |
| Type | Threat-Actor |
| Misp Type | Cluster |
| Description | • APT43 is a prolific cyber operator that supports the interests of the North Korean regime. The group combines moderately-sophisticated technical capabilities with aggressive social engineering tactics, especially against South Korean and U.S.-based government organizations, academics, and think tanks focused on Korean peninsula geopolitical issues. • In addition to its espionage campaigns, we believe APT43 funds itself through cybercrime operations to support its primary mission of collecting strategic intelligence. • The group creates numerous spoofed and fraudulent personas for use in social engineering, as well as cover identities for purchasing operational tooling and infrastructure. • APT43 has collaborated with other North Korean espionage operators on multiple operations, underscoring the major role APT43 plays in the regime’s cyber apparatus. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2023-06-02 | 1 | US, South Korea Detail North Korea's Social Engineering Techniques | ||
| Details | Website | 2023-05-15 | 15 | Permhash — No Curls Necessary | Mandiant | ||
| Details | Website | 2023-05-13 | 3 | Newly exposed APT43 hacking group targeting US orgs since 2018 | ||
| Details | Website | 2023-05-12 | 4 | กลุ่ม APT เจาะระบบโรงพยาบาลมหาวิทยาลัยแห่งชาติโซล | ||
| Details | Website | 2023-05-09 | 1 | North Korean-backed APT group Kimsuky evolves reconnaissance capabilities in recent global campaign | ||
| Details | Website | 2023-05-05 | 1 | N. Korean Kimsuky Hackers Using New Recon Tool ReconShark in Latest Cyberattacks | ||
| Details | Website | 2023-05-05 | 1 | N. Korean Kimsuky Hackers Using New Recon Tool ReconShark in Latest Cyberattacks - RedPacket Security | ||
| Details | Website | 2023-05-05 | 2 | Kimsuky hackers use new recon tool to find security gaps - RedPacket Security | ||
| Details | Website | 2023-05-02 | 2 | South Korean Lures Used to Deploy ROKRAT Malware | ||
| Details | Website | 2023-05-01 | 84 | Chain Reaction: ROKRAT’s Missing Link - Check Point Research | ||
| Details | Website | 2023-04-25 | 2 | Lazarus Subgroup Targeting Apple Devices with New RustBucket macOS Malware | ||
| Details | Website | 2023-04-25 | 54 | Anomali Cyber Watch: Two Supply-Chain Attacks Chained Together, Decoy Dog Stealthy DNS Communication, EvilExtractor Exfiltrates to FTP Server | ||
| Details | Website | 2023-04-22 | 4 | Critical infrastructure also hit by supply chain attack behind 3CX breach - RedPacket Security | ||
| Details | Website | 2023-04-22 | 89 | Bluepurple Pulse: week ending April 23rd | ||
| Details | Website | 2023-04-21 | 2 | North Korea's Kimsuky APT Keeps Growing, Despite Public Outing | ||
| Details | Website | 2023-04-21 | 3 | This Week In Security: Spandex Tempest, Supply Chain Chain, And NTP | ||
| Details | Website | 2023-04-21 | 4 | 3CX hack caused by trading software supply chain attack - RedPacket Security | ||
| Details | Website | 2023-04-21 | 4 | Critical infrastructure also hit by supply chain attack behind 3CX breach | ||
| Details | Website | 2023-04-20 | 7 | APT43: An investigation into the North Korean group’s cybercrime operations | ||
| Details | Website | 2023-04-20 | 72 | 3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible | Mandiant | ||
| Details | Website | 2023-04-20 | 59 | 每周高级威胁情报解读(2023.04.20~04.27) | ||
| Details | Website | 2023-04-20 | 7 | APT43: An investigation into the North Korean group's cybercrime operations | Antivirus and Security news | ||
| Details | Website | 2023-04-18 | 5 | Mandiant 2023 M-Trends Report Provides Factual Analysis of Emerging Threat Trends | ||
| Details | Website | 2023-04-09 | 2 | APT43: Cyberespionage Group Targets Strategic Intelligence | IT Security News | ||
| Details | Website | 2023-04-08 | 9 | Symfony Station Communiqué — 07 April 2023. |