Here is a list of some of the North Korean Advanced Persistent Threat APT Groups.
APT 38 Lazarus Group (also known by other monikers such as Guardians of Peace or Whois Team) is a cybercrime group made up of an unknown number of individuals run by the North Korean government.
They are believed to be responsible for a number of high-profile cyberattacks, including the WannaCry ransomware attack in 2017 and the Sony Pictures hack in 2014. They have targeted a range of organizations, including banks, government agencies, and cryptocurrency exchanges.
Their activities have been linked to other North Korean malicious groups, such as Bluenoroff, Andariel, and Kimsuky.
Bluenoroff is a subgroup of the North Korean-backed Lazarus Group, which is an Advanced Persistent Threat (APT) group that has been active since at least 2009. The group is responsible for a number of high-profile cyber-attacks, including the infamous attack on Bangladesh’s Central Bank in 2016.
Bluenoroff is focused on attacking foreign financial institutions and cryptocurrency exchanges, stealing funds and other sensitive information. The group is also known for bypassing Microsoft Windows’ Mark of the Web security feature in order to launch their attacks.
Bluenoroff is believed to be responsible for a number of other high-profile cyber incidents, including the theft of $81 million from the Bank of Bangladesh in 2016, and the theft of $250 million from the Sedona cryptocurrency exchange in 2019.
Kimsuky is a North Korean-backed hacking group that has been active since 2012. The group is known for deploying spear-phishing campaigns and watering-hole attacks. It has been linked to various campaigns targeting South Korean entities, including the South Korean Ministry of Unification and the Sejong Institute.
It has also been linked to malicious browser extensions that steal emails from Google Chrome or Microsoft Edge. More recently, Kimsuky has been linked to a malicious campaign targeting CISA.
ScarCruft is a North Korean hacking group also known as APT37, Reaper, Group123, and InkySquid. It was first identified in 2019 and has since been linked to a variety of cyber espionage campaigns. It is believed to have been involved in a wide range of activities, including targeting the military, government, and critical infrastructure.
ScarCruft is known to use a variety of techniques to gain access to its targets, including exploiting zero-day vulnerabilities and using social engineering techniques. It is also known to use custom malware such as the Chinotto spyware and the more recently discovered backdoor named “FALLCHILL”. The group is also known to have used spear phishing emails in order to gain access to its targets.
The Andariel Advanced Persistent Threat (APT) group is a North Korean state-sponsored threat group that has been active since at least 2010. The group is believed to be part of the larger Lazarus Group APT, which is associated with the North Korean government and is responsible for a large number of cyber-espionage and cyber-crime operations. The group’s primary focus is on intelligence gathering operations targeting organizations in the US, Japan, and South Korea.
Andariel is believed to use a variety of tools, techniques, and tactics in their campaigns. These include exploiting zero-day vulnerabilities, using malicious documents to drop malicious payloads, and using spear phishing emails to deliver malicious payloads. Additionally, the group has been known to use the Powershell scripting language to download and execute malicious payloads, as well as to collect system information.
In recent years, Andariel has been linked to a variety of ransomware operations, including the Maui ransomware. It is believed that the group is using these operations to gather financial gain, as well as to further their intelligence gathering goals.