New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


APT38 Tied to Extensive Attacks on Financial Organizations

A close review of North Korean threat actor APT38 has revealed a number of details into how the threat actor operates.  The group’s primary mission appears to be targeting financial organizations by utilizing inter-bank financial systems to facilitate the theft of funds for supporting North Korea.  The level of activity coming out of the group appears to be growing in proportion to increased need for funds by the regime as sanctions continue.  The group has been directly tied to the 2015 attack on Vietnam TP Bank, the 2016 attack on Bangladesh Bank, the 2017 attack on the Far East International Bank in Taiwan, and the 2018 attacks on Bancomext and Banco de Chile.  The group was found to be compromising organizations in Russia, Poland, and Uruguay to utilize their infrastructure for carrying out attacks.  They have targeted organizations in the United States, Brazil, Chile, Turkey, Bangladesh, Malaysia, the Philippines, and Vietnam for theft, and have targeted organizations in Mexico for both infrastructure utilization as well as theft.  Several of these attacks were previously tied to the Lazarus group. This is likely because there are common characteristics shared by several North Korean Threat Actors including motivation, malware, targeting, and tactics techniques and procedures (TTP).