Incident Response, Threat Management

Google sheds light on APT43 subgroup’s techniques

Cybersecurity researchers with Google's Threat Analysis Group say there is a subset of the North Korean APT43 threat actor called Archipelago that is focusing its activities on experts in North Korea policy issues, SiliconANGLE reports. The Archipelago subgroup seeks out individuals in government and military positions as well as members of think tanks, academics, researchers, and policymakers whether in South Korea, the U.S., and elsewhere who are knowledgeable in the topics of sanctions, nonproliferation, human rights, and other issues pertaining to North Korea, according to Google TAC researchers. The targets, who may own Google or non-Google accounts, receive phishing emails from Archipelago actors posing as think tank or media outlet representatives purportedly requesting information or inviting them to an interview. The emails prompt victims to click a link to view the questions, which sends them to a phishing site with a fake login prompt where their keystrokes are recorded. Researchers reported that the campaign can reportedly take weeks as the actors build a rapport with their victims and that recent operations have been incorporating malware to evade detection.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.