APT43: An investigation into the North Korean group’s cybercrime operations

Introduction 

As recently reported by our Mandiant’s colleagues, APT43 is a threat actor believed to be associated with North Korea. APT43’s main targets include governmental institutions, research groups, think tanks, business services, and the manufacturing sector, with most victims located in the United States and South Korea. The group uses a variety of techniques and tools to conduct espionage, sabotage, and theft operations, including spear phishing and credential harvesting.

From VirusTotal we wanted to contribute to a better understanding of this actor’s latest activity based on their malware toolset’s telemetry, including geographical distribution, lookups, submissions, file types, detection ratios, and efficacy of crowdsourced YARA rules for the IOCs attributed by Mandiant to this threat actor. All the data provided in this post is also available for VirusTotal users through VT Intelligence. It can be obtained by aggregating Telemetry and Commonalities from a set of IOCs, which you can do using a VT Intelligence search, Collection or Graph. 

Malware artifacts

File type distribution

This article has been indexed from VirusTotal Blog

Read the original article:

APT43: An investigation into the North Korean group’s cybercrime operations