“Given available information, it is possible that APT45 is carrying out financially-motivated cybercrime not only in support of its own operations but to generate funds for other North Korean state priorities,” Mandiant analysts said, and added that there is a good possibility that the group has engaged in the development and deployment of ransomware. “APT45 relies on a mix of publicly available tools such as 3PROXY, malware modified from publicly available malware such as ROGUEEYE, and custom malware families,” Mandiant’s threat analysts previously noted. “The group is likely continuing to attempt to mount extortion attacks against organizations in the US,” the analysts opined, and shared the most recent indicators of compromise. Undeterred by the indictment issued against one of its alleged members, North Korean APT group Stonefly (aka APT45) continues to target companies in the US, Symantec threat analysts warned. “Like most groups of [Democratic People’s Republic of Korea] activity, APT45 malware exhibits distinct shared characteristics over time, including the re-use of code, unique custom encoding, and passwords.
This Cyber News was published on www.helpnetsecurity.com. Publication date: Thu, 03 Oct 2024 11:13:05 +0000