A North Korean cyberespionage group, known as APT43, has been exposed by cybersecurity firm Mandiant. APT43, also referred to as Kimsuky or Thallium, primarily targets foreign policy and nuclear security issues, but switched to targeting health-related verticals in 2021 due to the COVID-19 pandemic. The group carries out cybercrime operations to fund itself and the regime.
APT43 is a cyberespionage group that supports the interests of the North Korean regime. The group has been tracked by Mandiant since 2018 and aligns with the mission of the Reconnaissance General Bureau, the main foreign intelligence service of North Korea. APT43 uses spear phishing and social engineering techniques to compromise its targets, often posing as convincing personas or spoofing key individuals' identities. The Archipelago subset of APT43 has been observed targeting government and military personnel, think tanks, policymakers, academics, and researchers in South Korea, the US, and elsewhere. Archipelago also uses browser-in-the-browser techniques and sends benign PDF files, among other tactics, to trick users into giving up their credentials.
In addition to spear-phishing, Archipelago has been known to use social engineering techniques such as posing as reporters or think-tank analysts to obtain expert knowledge from targets. They may establish trust with a victim for days or weeks before sending a malicious link or file. Archipelago also uses browser-in-the-browser techniques, benign PDF files, and ISO files to deliver malware.
One of APT43's particular interests is in cryptocurrencies, which they use to purchase infrastructure and hardware devices to sustain their operations. They use hash rental services and cloud mining services to mine cryptocurrency without any blockchain association to the buyer's original payments. APT43 has also used a malicious Android application to target Chinese users interested in cryptocurrency loans and harvest credentials.
To protect against APT43 and Archipelago, it's important to educate users about social engineering techniques, train users to detect phishing attempts and report them, use security solutions to detect phishing emails or malware infection attempts, keep operating systems and software up to date and patched, and carefully triage and examine people approaching experts who may be masquerading as journalists or reporters. In particular, geopolitics experts and international policymakers will have to be trained to detect an approach from an attacker masquerading as an innocent party. Before exchanging intelligence, a careful filtering of people approaching experts is mandatory in order to protect the integrity of sensitive data.
Other Posts you might be interested in:
As companies generate and accumulate increasingly large amounts of data, it becomes essential for them to develop and implement data retention policies. These policies help companies manage their data in a consistent and secure manner while also ensuring they comply with legal requirements and regulations.
Read More
Explore essential cybersecurity practices for small and medium-sized businesses, covering employee training, password policies, multi-factor authentication, and more. Elevate your business's security with DeepBlue Computers, offering customized solutions and expertise to fortify against evolving cyber threats.
Read More
Amidst the proliferation of AI tools, Google has announced new features that allow users to protect themselves from threats, identify AI-generated images and further protect sensitive data.
Read More