North Korea has established a hacking group named APT43 to fund its cybercrime activities, aimed at advancing Pyongyang’s geopolitical interests. According to a study conducted by se-curity firm Mandiant, the group has been in operation since 2018 and has now been tasked with carrying out both espionage and financially motivated attacks such as credential harvesting and social engineering.
The APT43 group has been instructed to target organizations in South Korea, the United States, Japan, and Europe, with a particular focus on infiltrating networks associated with educational institutions, government entities, and the manufacturing sector. Since September 2021, the group of cyber criminals has shifted its focus to the healthcare and pharmaceutical industries.
On April 3 of this year, Google’s Threat Analysis Group (TAG) announced that APT43 was in-volved in cryptocurrency theft and digital currency laundering. Additionally, a new spying team named Archipelago, a subset of APT43, has emerged and is using phishing tactics to tar-get potential victims.
Archipelago operates differently, taking the time and effort to build a rapport with its targets before sending them a malicious link via email that leads to a password-protected file contain-ing malware. As the group’s operations overlap with another group dubbed Kimsuky, Archipel-ago is being linked to the Reconnaissance General Bureau (RGB) and North Korea’s foreign intelligence agency.
It is unclear whether the APT43 subset Archipelago is associated with the Lazarus Group, as some security teams on Reddit argue that all hacking criminals from the Kim Jong Un-led na-tion are internally associated and work with the same motive.
NOTE: In 2021, the Federal Bureau of Investigation officially announced that Kim is achieving his nuclear ambitions by stealing cryptocurrency, intelligence, and threatening companies with ransomware, all through cyberattacks.
