Crowdstrike: Velvet Chollima Cause: North Korean π°π΅ government support. Main targets: the US πΊπΈ, South Korea π°π· government organisations, and those who research Korean peninsula geopolitics. Main intent: Espionage and intel collection against π°π· South Korea
Key characteristics
Heavily rely on social engineering - no evidence of 0-day exploits. With NK groups, it’s harder to untangle them from each other. It is sometimes referred to as Kimsuky. This group strongly allied with the regime’s interests, mainly focusing on its nuclear program.
Malware: CobraVenom and Babyshark.
Affiliates
Lazarus. Possibly, other more minor actors in NK.
References
Expand…
Mandiant
https://www.mandiant.com/resources/blog/apt43-north-korea-cybercrime-espionage https://mandiant.widen.net/s/zvmfw5fnjs/apt43-report https://www.mandiant.com/resources/podcasts/threat-trends-apt43-security-policy https://www.mandiant.com/resources/webinars/apt43-prolific-cyber-operator