| SYMBOL | COMMON_NAME | aka. SYNONYMS |
• APT43 is a prolific cyber operator that supports the interests of the North Korean regime. The group combines moderately-sophisticated technical capabilities with aggressive social engineering tactics, especially against South Korean and U.S.-based government organizations, academics, and think tanks focused on Korean peninsula geopolitical issues. • In addition to its espionage campaigns, we believe APT43 funds itself through cybercrime operations to support its primary mission of collecting strategic intelligence. • The group creates numerous spoofed and fraudulent personas for use in social engineering, as well as cover identities for purchasing operational tooling and infrastructure. • APT43 has collaborated with other North Korean espionage operators on multiple operations, underscoring the major role APT43 plays in the regime’s cyber apparatus.
There are currently no families associated with this actor.
| 2023-03-28 ⋅ Mandiant ⋅ APT43: North Korean Group Uses Cybercrime to Fund Espionage Operations APT43 |
| 2023-03-28 ⋅ Mandiant ⋅ APT43: North Korean Group Uses Cybercrime to Fund Espionage Operations APT43 Kimsuky |