lazarusholic

Everyday is lazarus.dayβ

APT38

2018-10-03, Mandiant
APT38 Un-usual Suspects
"APT38是一个出于经济动机的APT组织,也是臭名昭著的Lazarus Group的一个下属组织。该组织主要以全球金融机构为目标,至少从2014年起,该组织先后对13个国家16个以上的组织进行过攻击,目前已非法获利了超过一亿美元。APT38通常利用Word文档和快捷方式文件进行初步入侵,近期还采用了能够绕过Windows Mark of the Web(MotW)保护的新技术。此外,该组织特别具有攻击性;经常使用破坏性恶意软件使受害者网络无法运行。APT38还会使用定制的恶意软件,在达成目的以前会长时间的潜伏在受害者网络之中,最长的甚至超过了两年。"

- RedQueen, https://redqueen.tj-un.com/threatOrganizationDetails.html?id=2c91828265f5dba50166569b510c0000

Also known as

 
Name Named by AKA First seen Last seen
APT38 Mandiant BlueNoroff 2018-10-03 2023-10-10
ATK117 ThalesGroup APT38 2019-10-07 2022-05-31
BeagleBoyz USCISA BlueNoroff 2020-08-26 2020-08-26
BlackDev2 PWC BlueNoroff 2021-09-08 2023-04-12
BlueNoroff Kaspersky - 2017-04-03 2024-01-04
Copernicium Microsoft APT38 2022-11-07 2022-11-07
CryptoCore Clearskysec BlueNoroff 2020-06-24 2021-05-24
G0082 MITRE APT38 2019-01-29 2019-01-29
NickelGladstone SecureWorks BlueNoroff - -
REF9135 Elastic BlueNoroff 2023-06-29 2023-06-29
RedCarpet KRCERT BlueNoroff - -
SapphireSleet Microsoft Copernicium 2023-04-19 2023-10-06
StardustChollima CrowdStrike BlueNoroff 2018-02-26 2019-02-19
T-APT-15 Tencent BlueNoroff 2018-03-07 2018-03-07
TAG-71 Recordedfuture BlueNoroff 2023-06-06 2024-01-10
TEMP.Hermit Fireeye BlueNoroff 2017-09-13 2023-10-10
TraderTraitor USCISA BlueNoroff 2022-04-18 2023-08-22

Timeline

2019-01-29
MITRE
APT38
#G0082 #APT38