A North Korean cyberespionage group, known as APT43, has been exposed by cybersecurity firm Mandiant. APT43, also referred to as Kimsuky or Thallium, primarily targets foreign policy and nuclear security issues, but switched to targeting health-related verticals in 2021 due to the COVID-19 pandemic. The group carries out cybercrime operations to fund itself and the regime.
APT43 is a cyberespionage group that supports the interests of the North Korean regime. The group has been tracked by Mandiant since 2018 and aligns with the mission of the Reconnaissance General Bureau, the main foreign intelligence service of North Korea. APT43 uses spear phishing and social engineering techniques to compromise its targets, often posing as convincing personas or spoofing key individuals' identities. The Archipelago subset of APT43 has been observed targeting government and military personnel, think tanks, policymakers, academics, and researchers in South Korea, the US, and elsewhere. Archipelago also uses browser-in-the-browser techniques and sends benign PDF files, among other tactics, to trick users into giving up their credentials.
In addition to spear-phishing, Archipelago has been known to use social engineering techniques such as posing as reporters or think-tank analysts to obtain expert knowledge from targets. They may establish trust with a victim for days or weeks before sending a malicious link or file. Archipelago also uses browser-in-the-browser techniques, benign PDF files, and ISO files to deliver malware.
One of APT43's particular interests is in cryptocurrencies, which they use to purchase infrastructure and hardware devices to sustain their operations. They use hash rental services and cloud mining services to mine cryptocurrency without any blockchain association to the buyer's original payments. APT43 has also used a malicious Android application to target Chinese users interested in cryptocurrency loans and harvest credentials.
To protect against APT43 and Archipelago, it's important to educate users about social engineering techniques, train users to detect phishing attempts and report them, use security solutions to detect phishing emails or malware infection attempts, keep operating systems and software up to date and patched, and carefully triage and examine people approaching experts who may be masquerading as journalists or reporters. In particular, geopolitics experts and international policymakers will have to be trained to detect an approach from an attacker masquerading as an innocent party. Before exchanging intelligence, a careful filtering of people approaching experts is mandatory in order to protect the integrity of sensitive data.
Other Posts you might be interested in:
Amidst the proliferation of AI tools, Google has announced new features that allow users to protect themselves from threats, identify AI-generated images and further protect sensitive data.
Read More
There is a new threat that job seekers and employers should be aware of - phishing and malware campaigns that target individuals during the current economic downturn. By exploiting job-themed emails, attackers are attempting to steal sensitive information or hack into devices.
Read More
A new report suggests that too many firms have IT assets that are outside the sight and control of the security team, or of the software responsible for protecting them. These assets represent an ideal ingress point for attackers as they can exploit your IT Environment without knowledge of the deed, making it a major security risk.
Read More