North Korean APT Groups
Last updated
Was this helpful?
Last updated
Was this helpful?
Affiliation: North Korean government's Reconnaissance General Bureau
Activities: Known for the WannaCry ransomware attack, Sony Pictures hack, and targeting financial institutions, media organizations, aerospace, and defense industries. Active since 2009.
Targets: Financial institutions, media organizations, aerospace, defense industries.
TTPs (Tactics, Techniques, Procedures):
Spear-phishing campaigns:
Use of custom malware:
Exploiting software vulnerabilities:
Ransomware attacks:
Lateral movement within networks:
Notable Incidents:
WannaCry Ransomware Attack (2017): This global ransomware attack infected over 230,000 computers across 150 countries. It encrypted data and demanded ransom payments in Bitcoin. The attack caused significant disruption to various industries, including healthcare, finance, and transportation.
Sony Pictures Hack (2014): Lazarus Group launched a devastating cyber attack on Sony Pictures, leading to the leak of confidential information, including unreleased films, employee data, and email communications. The attack was motivated by the planned release of the movie "The Interview."
Operation Ghost (2013-2019): Lazarus Group targeted government networks in Europe and NATO member countries, using steganography to hide data within images. This long-running campaign involved persistent surveillance and data exfiltration.
Affiliation: North Korean state-sponsored
Activities: Active since 2012, targeting diplomats, NGOs, think tanks, and experts on issues related to the Korean peninsula. Known for spear-phishing and cyber espionage.
Targets: Diplomats, NGOs, think tanks, experts on Korean peninsula issues.
TTPs:
Notable Incidents:
Spear-phishing:
Credential harvesting:
Social engineering:
Use of remote access tools (RATs):
Data exfiltration:
Campaigns against South Korean targets (2018): Kimsuky has been known to regularly target South Korean government and military entities, often through spear-phishing campaigns designed to steal sensitive information.
South Korean Government Hack (2018): This attack targeted the South Korean government, stealing sensitive political and military information. It demonstrated Kimsuky's ability to compromise high-value targets through persistent efforts.
South Korean Media Hack (2019): Kimsuky infiltrated South Korean media organizations, aiming to influence public opinion by spreading propaganda and misinformation.
South Korean Defense Contractors Hack (2020): This incident involved targeting South Korean defense contractors to steal information related to military technologies, showcasing Kimsuky's focus on strategic intelligence gathering.