North Korean APT43 hackers attack organizations to launder cryptocurrencies using the cloud
Cybersecurity researchers have shared details about a North Korean hacking group that has been operating undercover for five years.
A group called APT43 has been seen targeting governments and celebrities in the West (USA, Europe) but also in the neighborhood (Japan, South Korea).
The findings were shared by experts from Mandiant, who described APT43 as a “moderately sophisticated” group that mainly seeks confidential information, but sometimes also money, with the stolen funds usually used to fund additional cybercriminal operations.
By stealing money, APT43 mainly targets cryptocurrencies. Researchers uncovered a group that used fake cryptocurrency Android investment apps, scamming people interested in crypto loans and stealing their funds, which are later laundered via hash and cloud rentals (opens in a new tab) mining services.
Stealing sensitive information, it mainly targets government and military agencies of North Korea’s opponents:
“The group is primarily interested in information developed and maintained by the U.S. military and government, the Defense Industrial Base (DIB), and research and security policies developed by U.S. academia and think tanks focused on nuclear security and non-proliferation policies,” says Mandiant. IN his report (opens in a new tab).
“APT43 has shown interest in similar industries in South Korea, particularly non-profit organizations and universities that focus on global and regional politics, as well as companies such as manufacturing that can provide information about goods whose exports to North Korea have been restricted “.
Mandiant’s key argument that APT43 is a government player is the fact that a “sudden” change of targets has been observed, most likely after receiving orders from higher echelons.
“More specifically, Mandiant assesses with moderate confidence that APT43 can be attributed to the North Korean General Reconnaissance Bureau (RGB), the country’s main foreign intelligence service,” the company said. Researchers have been following the group’s activities since 2018.
By: Beeping Computer (opens in a new tab)