North Korean threat actor APT43 pivots back to strategic cyberespionage

When it comes to threat actors working for the North Korean government, most people have heard of the Lazarus group (APT38). It was responsible for the 2014 attack against Sony Pictures, the 2016 cyber heist of funds belonging to the central bank of Bangladesh, and the 2017 WannaCry ransomware worm. However, another team that security researchers call APT43, Kimsuky, or Thallium has been carrying out cyberespionage and cybercrime operations at the behest of the North Korean government since at least 2018.

APT43 specializes in credential harvesting and social engineering with a focus on foreign policy and nuclear security issues, topics that align with North Korea’s strategic nuclear goals. The group temporarily pivoted to health-related target verticals in 2021, reflecting the Pyongyang regime’s focus at the time on dealing with the COVID-19 pandemic. Since 2022, APT43 has been seen targeting so-called track two diplomatic channels including religious groups, universities, non-governmental organizations, journalists, academics, bloggers, and human rights activists.

To read this article in full, please click here