Cybercrime is an increasing threat in today’s digital world, and North Korea is no exception. In 2018, the country established a hacking group called APT43, with the aim of advancing its geopolitical interests. The group has since been targeting organizations in South Korea, the United States, Japan, and Europe, with a particular focus on infiltrating networks associated with educational institutions, government entities, and manufacturing companies. More recently, the group has been linked to cryptocurrency theft and digital currency laundering.
In 2021, Google’s Threat Analysis Group (TAG) reported the emergence of a subset of APT43 called Archipelago, which is using phishing tactics to target potential victims. Archipelago is believed to be associated with North Korea’s foreign intelligence agency and its operations overlap with another group dubbed Kimsuky. It is unclear whether Archipelago is associated with the Lazarus Group, as some security teams on Reddit argue that all hacking criminals from the Kim Jong Un-led nation are internally associated and work with the same motive.
The Federal Bureau of Investigation has officially announced that Kim is achieving his nuclear ambitions by stealing cryptocurrency, intelligence, and threatening companies with ransomware, all through cyberattacks. This emphasizes the need for organizations to be vigilant in protecting their networks and data from such malicious attacks.
To summarize, North Korea has a hacking group called APT43 that is targeting organizations across the globe. A subset of this group, named Archipelago, is using phishing tactics to target potential victims and is believed to be linked to the country’s foreign intelligence agency. The FBI has officially stated that Kim is using cyberattacks to achieve his nuclear ambitions. Therefore, it is essential for organizations to be aware of the threats posed by North Korea’s cybercrime activities and take steps to protect their networks and data from malicious attacks.