Back

APT45: North Korea’s Digital Military Machine

July 26, 2024, 9:03 a.m.

Tags

3proxy
andariel
2024-07-26
dprk
maui ransomware
onyx sleet
apt45
stonefly
silent chollima
rifle
shatteredglass
rogueye

External References

https://cloud.google.com/

https://otx.alienvault.com/

Description

Mandiant provides an overview of the activities of APT45, a cyber threat group attributed with high confidence to North Korea. The report details APT45's transition from traditional espionage campaigns against government and defense sectors to financially motivated operations, including suspected ransomware development. The group has targeted critical infrastructure, nuclear facilities, and sectors like agriculture and healthcare, reflecting North Korea's evolving priorities. APT45 stands out among North Korean operators for its potential use of ransomware, possibly to fund regime activities.

Date

Published Created Modified
July 26, 2024, 8:51 a.m. July 26, 2024, 8:51 a.m. July 26, 2024, 9:03 a.m.

Indicators

e8e61112e8b896ad00ddefb42feb33e5d0fc38d2fb462b9f980606fe79d42571

e263aa0e7e6a6a1d59677eaf2d4ccb848fe65a84035ab4f24c4e26a1ab089c79

d30abdf9db88da8a23dccb8188cd4caff48bc437bb3eb3ad576a013ff675161a

cb4d45338798b97177d8d96eea82dae22481dada40174dda0386026d11136209

c9724eecab6cfb1c312d4538630fdac0d30434c0cffa131f9190e5a76bef6304

c8fb5988ad3f71412cb5b4f1248df7ddf82c8c5f3dce60c73c4787b6e443b7b0

c28bb61de4a6ad1c5e225ad9ec2eaf4a6c8ccfff40cf45a640499c0adb0d8740

ac5e0ec03658a281bb57e8b1b17f1fa1da2c819a373524577459c63b0b9d9a75

a1990d863e0b5c7661358dab72ce9223e2d54570915105707374ea8cf68828bd

a0a0b0dd33b5b685317f6abe7b4caf0610938f548f6d178919bf43c24e1a3a4b

8bc74559c3678d299826755f29d5ba75b1148b0f8d1fa71a120b2f879f85f08b

846c2a02505dc1463019cabc021969f7f6095215efb63ec374da1d055e778390

789c3aeb31700b078f6449cb310b4a2b7d8c03aefeed46a69b1dcb40a18001a7

782791c9ec3550cd522fd27b992e75381d5c5bc4d95b2f3934f9af6b6d5a57f4

6ca3c2a6001f1149ff75ab46402dee40d97602bab0b43ac144ca70fbd2101404

42daf0f3080b50a0a1f14291f5ae3fa8fa400d838a915618f68a8f059777bcd4

3cf63d516c580d8f988aa4f9b7d482bbdf3901dce435356dbca83eb311c32382

2e500b2f160f927b1140fb105b83300ca21762c21bb6195c44e8dc613f7d7b12

152743ffa9df246e5f8c5687381121d8a66dfc05ca2ec2e58000caf964abafc2

0e416e3cc1673d8fc3e7b2469e491c005152b9328515ea9bbd7cf96f1d23a99f

0c5e0a81efc0ccc406e5e6eaa222a79b491f4aa2938cf7cc72d0d027b53a9d99

58fef66f346fe3ed320e22640ab997055e54c8704fc272392d71e367e2d1c2bb

1177105e51fa02f9977bd435f9066123ace32b991ed54912ece8f3d4fbeeade4

b7435d23769e79fcbe69b28df4aef062685d1a631892c2354f96d833eae467be

4e5e42b1acb0c683963caf321167f6985e553af2c70f5b87ec07cc4a8c09b4d8

2eb16dbc1097a590f07787ab285a013f5fe235287cb4fb948d4f9cce9efa5dbc

16db0063e4aa666d94752414549fa09fb33142481d894b01a0fae45b339a09fb

ed8ec7a8dd089019cfd29143f008fa0951c56a35d73b2e1b274315152d0c0ee6

f67ee77d6129bd1bcd5d856c0fc5314169b946d32b8abaa4e680bb98130b38e7

f5f6e538001803b0aa008422caf2c3c2a79b2eeee9ddc7feda710e4aba96fea4

afb2d4d88f59e528f0e388705113ae54b7b97db4f03a35ae43cc386a48f263a0

90fb0cd574155fd8667d20f97ac464eca67bdb6a8ee64184159362d45d79b6a4

655aa64860f1655081489cf85b77f72a49de846a99dd122093db4018434b83ae

6319102bac226dfc117c3c9e620cd99c7eafbf3874832f2ce085850aa042f19c

f93ddb2377e02b0673aac6d540a558f9e47e611ab6e345a39fd9b1ba9f37cd22

8aa6612c95c7cef49709596da43a0f8354f14d8c08128c4cb9b1f37e548f083b

60425a4d5ee04c8ae09bfe28ca33bf9e76a43f69548b2704956d0875a0f25145

Attack Patterns

ROGUEEYE

SHATTEREDGLASS

Maui Ransomware

RIFLE

3PROXY

APT45

T1063

T1588

T1018

T1567

T1571

T1213

T1082

T1047

T1498

T1204

T1132

T1027

T1053

T1485

T1195

T1059

Additional Informations

Agriculture

Healthcare

Defense

Finance

Government

Korea, Democratic People's Republic of

India

Korea, Republic of