North Korean APT43 hackers attack organizations to launder cryptocurrencies using the cloud

Cybersecurity researchers have shared details about a North Korean hacking group that has been operating undercover for five years.

A group called APT43 has been seen targeting governments and celebrities in the West (USA, Europe) but also in the neighborhood (Japan, South Korea).

The findings were shared by experts from Mandiant, who described APT43 as a “moderately sophisticated” group that mainly seeks confidential information, but sometimes also money, with the stolen funds usually used to fund additional cybercriminal operations.

Crypto laundering

By stealing money, APT43 mainly targets cryptocurrencies. Researchers uncovered a group that used fake cryptocurrency Android investment apps, scamming people interested in crypto loans and stealing their funds, which are later laundered via hash and cloud rentals (opens in a new tab) mining services.

Stealing sensitive information, it mainly targets government and military agencies of North Korea’s opponents:

“The group is primarily interested in information developed and maintained by the U.S. military and government, the Defense Industrial Base (DIB), and research and security policies developed by U.S. academia and think tanks focused on nuclear security and non-proliferation policies,” says Mandiant. IN his report (opens in a new tab).

“APT43 has shown interest in similar industries in South Korea, particularly non-profit organizations and universities that focus on global and regional politics, as well as companies such as manufacturing that can provide information about goods whose exports to North Korea have been restricted “.

Mandiant’s key argument that APT43 is a government player is the fact that a “sudden” change of targets has been observed, most likely after receiving orders from higher echelons.

“More specifically, Mandiant assesses with moderate confidence that APT43 can be attributed to the North Korean General Reconnaissance Bureau (RGB), the country’s main foreign intelligence service,” the company said. Researchers have been following the group’s activities since 2018.

By: Beeping Computer (opens in a new tab)

Windows XP activation cracked – for those desperate enough to keep using it

7 new movies and TV shows on Netflix, Max, Disney Plus and more this weekend (May 26)

Google has made some big changes to its Chrome Remote Desktop app for Android, and you may not be happy

More Microsoft 365 phishing attacks are using this dangerous new method – here’s what you need to know

Small and medium businesses face serious security threats from some major adversaries

Warhammer: Age of Sigmar gets a new RTS and is console-friendly

Apple just lost a lawsuit trying to ban iOS virtual machines

The Nintendo Switch 2 won’t be coming any time soon despite the console’s declining sales

Panasonic cuts full-frame lens prices – here’s why Sony, Canon and Nikon should be worried