Unnamed groups: North Korea
Description
These are reported APT activities attributed to a country, but not to an individual threat group.
Names
| Name | Name-Giver |
|---|---|
| [Unnamed groups: North Korea] | ? |
Country
Motivation
- Information theft and espionage
First Seen
2019
Observed Countries
Operations
- 2019-08: Suspected North Korean Cyber Espionage Campaign Targets Multiple Foreign Ministries and Think Tanks https://www.anomali.com/blog/suspected-north-korean-cyber-espionage-campaign-targets-multiple-foreign-ministries-and-think-tanks#When:14:00:00Z
- 2024-04: Operation “DEV#POPPER” Analysis of DEV#POPPER: New Attack Campaign Targeting Software Developers Likely Associated With North Korean Threat Actors https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/
- 2024-07: Research Update: Threat Actors Behind the DEV#POPPER Campaign Have Retooled and are Continuing to Target Software Developers via Social Engineering https://www.securonix.com/blog/research-update-threat-actors-behind-the-devpopper-campaign-have-retooled-and-are-continuing-to-target-software-developers-via-social-engineering/
- 2024-08: South Korea says DPRK hackers stole spy plane technical data https://www.bleepingcomputer.com/news/security/south-korea-says-dprk-hackers-stole-spy-plane-technical-data/
- 2024-10: APT Actors Embed Malware within macOS Flutter Applications https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/
Counter Operations
- 2019-01: Justice Department Announces Court-Authorized Efforts to Map and Disrupt Botnet Used by North Korean Hackers https://www.justice.gov/opa/pr/justice-department-announces-court-authorized-efforts-map-and-disrupt-botnet-used-north
Information
- https://www.us-cert.gov/ncas/current-activity/2020/02/14/north-korean-malicious-cyber-activity
- https://www.us-cert.gov/ncas/alerts/aa20-106a
- https://www.us-cert.gov/ncas/current-activity/2020/05/12/north-korean-malicious-cyber-activity
- https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-187a
- https://www.us-cert.gov/ncas/current-activity/2018/08/09/North-Korean-Malicious-Cyber-Activity
- https://www.us-cert.gov/ncas/current-activity/2019/09/09/north-korean-malicious-cyber-activity
- https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/final/en-us/microsoft-brand/documents/MTAC-East-Asia-Report.pdf
- https://unit42.paloaltonetworks.com/threat-assessment-north-korean-threat-groups-2024/
- https://www.ic3.gov/PSA/2024/PSA240903
- https://www.jamf.com/blog/jamf-threat-labs-observes-targeted-attacks-amid-fbi-warnings/
- https://blog.barracuda.com/2024/10/02/north-korean-apt-groups-dmarc-misconfigurations
- https://unit42.paloaltonetworks.com/macos-malware-targets-crypto-sector/
- https://www.trendmicro.com/en_us/research/25/d/russian-infrastructure-north-korean-cybercrime.html
- https://reports.dtexsystems.com/DTEX-Exposing+DPRK+Cyber+Syndicate+and+Hidden+IT+Workforce.pdf
Other Information
Uuid
42a46962-999d-4cd2-bde5-c842e3efdd22
Last Card Change
2025-06-27