APT43: A New Player in the Cybercrime Game

The cyber underworld is buzzing with news about APT43, North Korea’s latest cybercrime syndicate. Initially tracked by Mandiant, a subsidiary of Google, since 2018, this group recently got a makeover, earning its independence on the threat landscape. Mandiant has upgraded APT43 from a simple player to a ‘major player’ in cybercrime, and if that doesn’t invite attention, nothing will.

The Cloud is Their Playground

According to Mandiant’s findings, APT43 has become rather fond of cloud computing—specifically, using it to launder cryptocurrency. Imagine running a normal errand, but instead of filling your car with gas, you’re filling your pockets with clean crypto. The group has mastered the art of using “stolen crypto to mine for clean crypto.” It’s like trying to wash dirty laundry in a cloud and ultimately coming out smelling like a rose.

Operations and Ideology: Juche Meets Cybercrime

While the group was previously focused on espionage activities—primarily targeting South Korea—it’s now suspected of dabbling in fundraising for the North Korean regime to sustain its under-the-radar operations. In a rather patriotic twist, their methods align with North Korea’s juche ideology of self-reliance. According to Mandiant, APT43 “steals and launders enough cryptocurrency to buy operational infrastructure,” which sounds like a very creative way of saying they’re helping the government save money. Who needs a traditional economy, right?

Tools of the Trade: Payment Methods and Techniques

To further its dubious ambitions, APT43 utilizes an array of payment methods. They have been seen using PayPal (someone call customer service), American Express cards, and even Bitcoin from previous heists. It’s a polar expedition of financial frolicking.

• PayPal
• American Express
• Stolen Bitcoin

But it doesn’t stop there! Mandiant also discovered that APT43 uses hash rental and cloud mining services to mine crypto. By renting mining capacity, they perform an artful sleight of hand—mining to a wallet chosen by the buyer, leaving little to no traces back to those pesky original payments. Poof! Money in the (cloud) bank.

Cybersecurity Measures Against APT43

In addition to their financial maneuvers, APT43 has a knack for digital deception. The group has reportedly utilized Android malware to phish for credentials from unsuspecting victims in China seeking cryptocurrency loans. They’ve even set up spoof sites to enhance their credential harvesting endeavors. Folks, cybersecurity is a serious business, and these guys have clearly done their homework—harvest at your own risk!

The Bigger Picture: North Korea’s Crypto Heists

North Korea has been implicated in several high-profile crypto heists, with stolen assets amounting to jaw-dropping figures, including the Euler exploit which netted over $195 million. The United Nations estimates that North Korean hackers pocketed anywhere between $630 million to over a billion in 2022. Chainalysis claims the number is a conservative $1.7 billion. If there’s one takeaway, it’s that North Korea’s cyber theft game seems to be turning increasingly elaborate.