APT38, a DPRK threat actor-lazarusholic

APT38

2018-10-03, Mandiant
APT38 Un-usual Suspects

"APT38是一个出于经济动机的APT组织，也是臭名昭著的Lazarus Group的一个下属组织。该组织主要以全球金融机构为目标，至少从2014年起，该组织先后对13个国家16个以上的组织进行过攻击，目前已非法获利了超过一亿美元。APT38通常利用Word文档和快捷方式文件进行初步入侵，近期还采用了能够绕过Windows Mark of the Web(MotW)保护的新技术。此外，该组织特别具有攻击性；经常使用破坏性恶意软件使受害者网络无法运行。APT38还会使用定制的恶意软件，在达成目的以前会长时间的潜伏在受害者网络之中，最长的甚至超过了两年。"

- RedQueen, https://redqueen.tj-un.com/threatOrganizationDetails.html?id=2c91828265f5dba50166569b510c0000

Also known as

Name	Named by	AKA	First seen	Last seen
APT38	Mandiant	BlueNoroff	2018-10-03	2025-11-14
ATK117	ThalesGroup	APT38	2019-10-07	2022-05-31
AlluringPisces	PaloaltoNetworks	BlueNoroff	2024-09-09	2025-02-26
BeagleBoyz	USCISA	BlueNoroff	2020-08-26	2021-03-04
BlackDev2	PWC	BlueNoroff	2021-09-08	2023-04-12
BlueNoroff	Kaspersky	-	2017-04-03	2026-04-27
Copernicium	Microsoft	APT38	2022-11-07	2022-11-07
CryptoCore	Clearskysec	BlueNoroff	2020-06-24	2025-10-22
G0082	MITRE	APT38	2019-01-29	2019-01-29
JINX-0164	Wiz	SapphireSleet	2026-05-27	2026-05-27
NickelGladstone	SecureWorks	BlueNoroff	-	2023-03-18
PutridSlug	Cloudflare	BlueNoroff	2026-03-03	2026-03-03
REF9135	Elastic	BlueNoroff	2023-06-29	2023-06-29
RedCarpet	KRCERT	BlueNoroff	-	-
SapphireSleet	Microsoft	Copernicium	2023-04-19	2026-05-28
SectorA06	NSHC	BlueNoroff	2020-03-12	2025-02-11
StardustChollima	CrowdStrike	BlueNoroff	2018-02-26	2026-05-14
T-APT-15	Tencent	BlueNoroff	2018-03-07	2018-03-07
TAG-71	RecordedFuture	BlueNoroff	2023-06-06	2024-01-10
TEMP.Hermit	Fireeye	BlueNoroff	2017-09-13	2025-05-14
TraderTraitor	USCISA	BlueNoroff	2022-04-18	2026-05-18

Reports

2025-11-14
USJustice
Justice Department Announces Nationwide Actions to Combat Illicit North Korean Government Revenue Generation
#APT38 #ITWorker #News

2025-11-14
StealthMole
Revisiting the Lazarus Operator: Mapping Park Jin Hyok’s Digital Footprint Using StealthMole
#APT38 #Lazarus

2025-08-28
Kucoin
Lazarus Group (APT38) Targets Crypto Sector with Sophisticated Phishing Campaign
#APT38 #CVE-2025-48384

2025-06-29
BretWitt
Lazarus Phishing Campaign Detected (APT38)
#APT38 #Youtube

2025-04-13
DionAlexander
Unpacking APT38: Static and Dynamic Analysis of Lazarus Group Malware
#APT38

2025-02-12
Google
Cybercrime: A Multifaceted National Security Threat
#APT38 #APT43 #APT45 #ITWorker #Trend #UNC1069 #UNC3782 #UNC4899

2024-12-03
USCOURTS
USA v. APPROXIMATELY 2210.8222 OF SOL CRYPTOCURRENCY
#APT38 #Cryptocurrency #Rain #TraderTraitor

2024-10-04
USJustice
USA v. BITCOIN AND BTC.B SEIZED FROM EIGHT TRANSACTION HASHES AT CRYPTOCURRENCY BRIDGE-1
#Cryptocurrency #Stake #APT38 #Lazarus

2024-10-04
USJustice
USA v. APPROXIMATELY 1,694,395.463328 OF TETHER CRYPTOCURRENCY
#Cryptocurrency #Deribit #APT38 #Lazarus

2023-10-10
Mandiant
Assessed Cyber Structure and Alignments of North Korea in 2023
#Trend #APT38 #UNC1720 #APT43 #APT37 #UNC4899 #UNC614 #UNC1069 #TEMP.Hermit #UNC2226

2023-09-28
Inquest
Anticipating File-Borne Threats: How Deep File Inspection Technology Will Shape the Future of Cyber Defense
#APT37 #Kimsuky #APT38 #Trend

2023-08-22
USFBI
FBI Identifies Cryptocurrency Funds Stolen by DPRK
#AxieInfinity #Cryptocurrency #AtomicWallet #Alphapo #CoinsPaid #Harmony #TraderTraitor #APT38 #News

2023-03-16
SEKOIA
Peeking at Reaper’s surveillance operations
#CHM #APT38 #Chinotto

2023-02-27
ZeroMemoryEx
Lazarus-Tactic
#APT38 #DreamJob

2023-01-23
USFBI
FBI Confirms Lazarus Group, APT38 Cyber Actors Responsible for Harmony's Horizon Bridge Currency Theft
#News #Cryptocurrency #APT38 #TraderTraitor #Harmony

2022-12-05
Malwarebytes
Lazarus group uses fake cryptocurrency apps to plant AppleJeus malware
#Cryptocurrency #APT38 #AppleJeus

2022-06-30
Prelude
TTP Tuesday: APT38 Pharmaceuticals
#APT38 #Pharmaceuticals

2022-06-15
Prelude
TTP Tuesday: APT38 CryptoSpy
#APT38 #CryptoSpy

2022-06-02
Prelude
TTP Tuesday: APT38 - WannaCry
#APT38 #WannaCry

2022-05-25
Prelude
TTP Tuesday: APT38 - The Sony Hack
#APT38 #Blockbuster

2022-05-18
Prelude
TTP Tuesday: APT38 - DarkSeoul
#APT38 #Castov

2022-05-03
Trellix
The Hermit Kingdom’s Ransomware play
#Ransomware #APT38 #MATA #VHD

2021-03-25
USHHS
North Korean Cyber Activity
#APT37 #APT38 #Andariel #HiddenCobra #Kimsuky

2019-11-04
Marcoramilli
Is Lazarus/APT38 Targeting Critical Infrastructures ?
#APT38 #KKNPP

2019-09-13
USTreasury
North Korea Designations; Global Magnitsky Designation
#RedDot #Office91 #Appleworm #Sanctions #APT-C-26 #APT38 #Andariel #BlueNoroff #Group77

2019-03-20
spuz
APT38 DYEPACK Framework
#SWIFT #DYEPACK #APT38

2019-01-29
MITRE
APT38
#G0082 #APT38

2018-12-23
Cyberfox
Macro Malware Again
#APT38

2018-12-10
Fireeye
Unmasking APT X
#Youtube #APT38

2018-10-03
Fireeye
APT38 Un-usual Suspects
#APT38 #NACHOCHEESE #KEYLIME #QUICKRIDE