At a glance.
- Cyberespionage and cybercrime in the interest of Pyongyang’s weapons programs.
- Twitter gets a subpoena for source-code leaker’s information.
- Survey on the state of resilience.
- The insider risk to data.
- Russian hacktivist auxiliaries target the French National Assembly.
- SSSCIP on recent trends in cyberattacks sustained by Ukraine.
Cyberespionage and cybercrime in the interest of Pyongyang’s weapons programs.
Mandiant describes the activities of APT43, a North Korean threat actor that conducts cybercrime to fund its cyberespionage efforts.
APT43 is also tracked as “Kimsuky,” or “Thallium.” Mandiant says the threat actor uses “aggressive social engineering tactics” combined with "moderately-sophisticated technical capabilities” to target “South Korean and U.S.-based government organizations, academics, and think tanks focused on Korean peninsula geopolitical issues.” While the group targets a wide range of organizations and industries, Mandiant believes APT43’s primary goal is to advance North Korea’s weapons program:
“The group is primarily interested in information developed and stored within the U.S. military and government, defense industrial base (DIB), and research and security policies developed by U.S.-based academia and think tanks focused on nuclear security policy and nonproliferation.”
APT43 also conducts cryptocurrency theft to fund its own operations. In one instance, the threat actor used a phony Android app to target Chinese users seeking cryptocurrency loans. The group uses hash rental and cloud mining services to launder the stolen funds. For more on the activities of APT43, see CyberWire Pro