APT45: North Korea’s Digital Military Machine

July 26, 2024, 9:03 a.m.

Description

Mandiant provides an overview of the activities of APT45, a cyber threat group attributed with high confidence to North Korea. The report details APT45's transition from traditional espionage campaigns against government and defense sectors to financially motivated operations, including suspected ransomware development. The group has targeted critical infrastructure, nuclear facilities, and sectors like agriculture and healthcare, reflecting North Korea's evolving priorities. APT45 stands out among North Korean operators for its potential use of ransomware, possibly to fund regime activities.

External References

https://cloud.google.com/blog/topics/threat-intelligence/apt45-north-korea-digital-military-machine
https://otx.alienvault.com/pulse/66a363754693f26947c343dc
Tags
3proxy
andariel
2024-07-26
dprk
maui ransomware
onyx sleet
apt45
stonefly
silent chollima
rifle
shatteredglass
rogueye

Date

  • Created: July 26, 2024, 8:51 a.m.
  • Published: July 26, 2024, 8:51 a.m.
  • Modified: July 26, 2024, 9:03 a.m.

Indicators

  • e8e61112e8b896ad00ddefb42feb33e5d0fc38d2fb462b9f980606fe79d42571
  • e263aa0e7e6a6a1d59677eaf2d4ccb848fe65a84035ab4f24c4e26a1ab089c79
  • d30abdf9db88da8a23dccb8188cd4caff48bc437bb3eb3ad576a013ff675161a
  • cb4d45338798b97177d8d96eea82dae22481dada40174dda0386026d11136209
  • c9724eecab6cfb1c312d4538630fdac0d30434c0cffa131f9190e5a76bef6304
  • c8fb5988ad3f71412cb5b4f1248df7ddf82c8c5f3dce60c73c4787b6e443b7b0
  • c28bb61de4a6ad1c5e225ad9ec2eaf4a6c8ccfff40cf45a640499c0adb0d8740
  • ac5e0ec03658a281bb57e8b1b17f1fa1da2c819a373524577459c63b0b9d9a75
  • a1990d863e0b5c7661358dab72ce9223e2d54570915105707374ea8cf68828bd
  • a0a0b0dd33b5b685317f6abe7b4caf0610938f548f6d178919bf43c24e1a3a4b
  • 8bc74559c3678d299826755f29d5ba75b1148b0f8d1fa71a120b2f879f85f08b
  • 846c2a02505dc1463019cabc021969f7f6095215efb63ec374da1d055e778390
  • 789c3aeb31700b078f6449cb310b4a2b7d8c03aefeed46a69b1dcb40a18001a7
  • 782791c9ec3550cd522fd27b992e75381d5c5bc4d95b2f3934f9af6b6d5a57f4
  • 6ca3c2a6001f1149ff75ab46402dee40d97602bab0b43ac144ca70fbd2101404
  • 42daf0f3080b50a0a1f14291f5ae3fa8fa400d838a915618f68a8f059777bcd4
  • 3cf63d516c580d8f988aa4f9b7d482bbdf3901dce435356dbca83eb311c32382
  • 2e500b2f160f927b1140fb105b83300ca21762c21bb6195c44e8dc613f7d7b12
  • 152743ffa9df246e5f8c5687381121d8a66dfc05ca2ec2e58000caf964abafc2
  • 0e416e3cc1673d8fc3e7b2469e491c005152b9328515ea9bbd7cf96f1d23a99f
  • 0c5e0a81efc0ccc406e5e6eaa222a79b491f4aa2938cf7cc72d0d027b53a9d99
  • 58fef66f346fe3ed320e22640ab997055e54c8704fc272392d71e367e2d1c2bb
  • 1177105e51fa02f9977bd435f9066123ace32b991ed54912ece8f3d4fbeeade4
  • b7435d23769e79fcbe69b28df4aef062685d1a631892c2354f96d833eae467be
  • 4e5e42b1acb0c683963caf321167f6985e553af2c70f5b87ec07cc4a8c09b4d8
  • 2eb16dbc1097a590f07787ab285a013f5fe235287cb4fb948d4f9cce9efa5dbc
  • 16db0063e4aa666d94752414549fa09fb33142481d894b01a0fae45b339a09fb
  • ed8ec7a8dd089019cfd29143f008fa0951c56a35d73b2e1b274315152d0c0ee6
  • f67ee77d6129bd1bcd5d856c0fc5314169b946d32b8abaa4e680bb98130b38e7
  • f5f6e538001803b0aa008422caf2c3c2a79b2eeee9ddc7feda710e4aba96fea4
  • afb2d4d88f59e528f0e388705113ae54b7b97db4f03a35ae43cc386a48f263a0
  • 90fb0cd574155fd8667d20f97ac464eca67bdb6a8ee64184159362d45d79b6a4
  • 655aa64860f1655081489cf85b77f72a49de846a99dd122093db4018434b83ae
  • 6319102bac226dfc117c3c9e620cd99c7eafbf3874832f2ce085850aa042f19c
  • f93ddb2377e02b0673aac6d540a558f9e47e611ab6e345a39fd9b1ba9f37cd22
  • 8aa6612c95c7cef49709596da43a0f8354f14d8c08128c4cb9b1f37e548f083b
  • 60425a4d5ee04c8ae09bfe28ca33bf9e76a43f69548b2704956d0875a0f25145
Download all indicators here!

Attack Patterns

  • ROGUEEYE
  • SHATTEREDGLASS
  • Maui Ransomware
  • RIFLE
  • 3PROXY
  • APT45
  • T1063
  • T1588
  • T1018
  • T1567
  • T1571
  • T1213
  • T1082
  • T1047
  • T1498
  • T1204
  • T1132
  • T1027
  • T1053
  • T1485
  • T1195
  • T1059

Additional Informations

  • Agriculture
  • Healthcare
  • Defense
  • Finance
  • Government
  • Korea, Democratic People's Republic of
  • India
  • Korea, Republic of