APT45: North Korea’s Digital Military Machine
July 26, 2024, 9:03 a.m.
Tags
External References
Description
Mandiant provides an overview of the activities of APT45, a cyber threat group attributed with high confidence to North Korea. The report details APT45's transition from traditional espionage campaigns against government and defense sectors to financially motivated operations, including suspected ransomware development. The group has targeted critical infrastructure, nuclear facilities, and sectors like agriculture and healthcare, reflecting North Korea's evolving priorities. APT45 stands out among North Korean operators for its potential use of ransomware, possibly to fund regime activities.
Date
Published: July 26, 2024, 8:51 a.m.
Created: July 26, 2024, 8:51 a.m.
Modified: July 26, 2024, 9:03 a.m.
Indicators
e8e61112e8b896ad00ddefb42feb33e5d0fc38d2fb462b9f980606fe79d42571
e263aa0e7e6a6a1d59677eaf2d4ccb848fe65a84035ab4f24c4e26a1ab089c79
d30abdf9db88da8a23dccb8188cd4caff48bc437bb3eb3ad576a013ff675161a
cb4d45338798b97177d8d96eea82dae22481dada40174dda0386026d11136209
c9724eecab6cfb1c312d4538630fdac0d30434c0cffa131f9190e5a76bef6304
c8fb5988ad3f71412cb5b4f1248df7ddf82c8c5f3dce60c73c4787b6e443b7b0
c28bb61de4a6ad1c5e225ad9ec2eaf4a6c8ccfff40cf45a640499c0adb0d8740
ac5e0ec03658a281bb57e8b1b17f1fa1da2c819a373524577459c63b0b9d9a75
a1990d863e0b5c7661358dab72ce9223e2d54570915105707374ea8cf68828bd
a0a0b0dd33b5b685317f6abe7b4caf0610938f548f6d178919bf43c24e1a3a4b
8bc74559c3678d299826755f29d5ba75b1148b0f8d1fa71a120b2f879f85f08b
846c2a02505dc1463019cabc021969f7f6095215efb63ec374da1d055e778390
789c3aeb31700b078f6449cb310b4a2b7d8c03aefeed46a69b1dcb40a18001a7
782791c9ec3550cd522fd27b992e75381d5c5bc4d95b2f3934f9af6b6d5a57f4
6ca3c2a6001f1149ff75ab46402dee40d97602bab0b43ac144ca70fbd2101404
42daf0f3080b50a0a1f14291f5ae3fa8fa400d838a915618f68a8f059777bcd4
3cf63d516c580d8f988aa4f9b7d482bbdf3901dce435356dbca83eb311c32382
2e500b2f160f927b1140fb105b83300ca21762c21bb6195c44e8dc613f7d7b12
152743ffa9df246e5f8c5687381121d8a66dfc05ca2ec2e58000caf964abafc2
0e416e3cc1673d8fc3e7b2469e491c005152b9328515ea9bbd7cf96f1d23a99f
0c5e0a81efc0ccc406e5e6eaa222a79b491f4aa2938cf7cc72d0d027b53a9d99
58fef66f346fe3ed320e22640ab997055e54c8704fc272392d71e367e2d1c2bb
1177105e51fa02f9977bd435f9066123ace32b991ed54912ece8f3d4fbeeade4
b7435d23769e79fcbe69b28df4aef062685d1a631892c2354f96d833eae467be
4e5e42b1acb0c683963caf321167f6985e553af2c70f5b87ec07cc4a8c09b4d8
2eb16dbc1097a590f07787ab285a013f5fe235287cb4fb948d4f9cce9efa5dbc
16db0063e4aa666d94752414549fa09fb33142481d894b01a0fae45b339a09fb
ed8ec7a8dd089019cfd29143f008fa0951c56a35d73b2e1b274315152d0c0ee6
f67ee77d6129bd1bcd5d856c0fc5314169b946d32b8abaa4e680bb98130b38e7
f5f6e538001803b0aa008422caf2c3c2a79b2eeee9ddc7feda710e4aba96fea4
afb2d4d88f59e528f0e388705113ae54b7b97db4f03a35ae43cc386a48f263a0
90fb0cd574155fd8667d20f97ac464eca67bdb6a8ee64184159362d45d79b6a4
655aa64860f1655081489cf85b77f72a49de846a99dd122093db4018434b83ae
6319102bac226dfc117c3c9e620cd99c7eafbf3874832f2ce085850aa042f19c
f93ddb2377e02b0673aac6d540a558f9e47e611ab6e345a39fd9b1ba9f37cd22
8aa6612c95c7cef49709596da43a0f8354f14d8c08128c4cb9b1f37e548f083b
60425a4d5ee04c8ae09bfe28ca33bf9e76a43f69548b2704956d0875a0f25145
Attack Patterns
ROGUEEYE
SHATTEREDGLASS
Maui Ransomware
RIFLE
3PROXY
APT45
T1063
T1588
T1018
T1567
T1571
T1213
T1082
T1047
T1498
T1204
T1132
T1027
T1053
T1485
T1195
T1059
Additional Informations
Agriculture
Healthcare
Defense
Finance
Government
Korea, Democratic People's Republic of
India
Korea, Republic of