North Korean hackers pivot to ransomware attacks

July 26, 2024
1 min read

TLDR:

  • North Korean hackers from APT45 have shifted from cyber espionage to ransomware attacks
  • APT45 has targeted critical infrastructure and is linked to ransomware families SHATTEREDGLASS and Maui

A North Korea-linked threat actor, known as APT45, has transitioned from cyber espionage to financially-motivated attacks involving ransomware. Google-owned Mandiant has been tracking APT45, which has targeted critical infrastructure and deployed ransomware families like SHATTEREDGLASS and Maui. APT45 is a long-running cyber operator with ties to North Korea’s Reconnaissance General Bureau. The group’s malware arsenal includes a backdoor called Dtrack and they have been linked to cyber attacks on entities in South Korea, Japan, and the U.S. The shift in APT45’s operations reflects North Korea’s changing priorities, as the country increasingly relies on cyber operations as a national power instrument.

In a related incident, security awareness training firm KnowBe4 revealed that they unknowingly hired an IT worker from North Korea, who used a stolen identity of a U.S. citizen to gain employment. The worker, part of North Korea’s Munitions Industry Department, had a history of seeking employment in U.S.-based firms while remotely logging in through company-issued laptops located in China and Russia. KnowBe4 detected suspicious activities on the employee’s workstation and contained the device to prevent unauthorized access to sensitive data.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and