APT PROFILE – APT43
Contents
APT43, a North Korean state-sponsored cyber operator linked to the Reconnaissance General Bureau (RGB), is known for its strategic intelligence gathering and financially motivated activities.
Alias:
Black Banshee, Emerald Sleet, Kimsuki, Kimsuky, Sparkling Pisces, Springtail, TA427, Thallium, UAT-5394, Velvet Chollima
Motivation:
Espionage
Techniques Used:
Credential Harvesting, Vulnerabilities & Exploits, Social Engineering
Malware used by APT43:
RftRAT, VENOMBITE, AutoIt, DEEP#GOSU, BITTERSWEET, SmallTiger, Meterpeter,TinyNuke, AppleSeed, Amadey, SWEETDROP, SuperBear
South Korea, the United States, Japan, China, and European countries (particularly those with ties to NATO).
| Reconnaissance | Execution | Defense Evasion | Lateral Movement | Discovery | |
| T1594 | T1053.005 | T1027 | T1550.002 | T1016 | |
| T1593.001 | T1059.003 | T1562.001 | T1021.001 | T1518.001 | |
| T1593.002 | T1059.001 | T1112 | T1534 | T1057 | |
| T1591 | T1204.001 | T1036 | T1012 | ||
| T1589.002 | T1059.006 | T1055 | Collection | T1040 | |
| T1598.003 | T1204.002 | T1078.003 | T1005 | T1082 | |
| …
Alias:
Black Banshee, Emerald Sleet, Kimsuki, Kimsuky, Sparkling Pisces, Springtail, TA427, Thallium, UAT-5394, Velvet Chollima
Motivation:
Espionage
Techniques Used:
Credential Harvesting, Vulnerabilities & Exploits, Social Engineering
Malware used by APT43:
RftRAT, VENOMBITE, AutoIt, DEEP#GOSU, BITTERSWEET, SmallTiger, Meterpeter,TinyNuke, AppleSeed, Amadey, SWEETDROP, SuperBear
South Korea, the United States, Japan, China, and European countries (particularly those with ties to NATO).
| Reconnaissance | Execution | Defense Evasion | Lateral Movement | Discovery | |
| T1594 | T1053.005 | T1027 | T1550.002 | T1016 | |
| T1593.001 | T1059.003 | T1562.001 | T1021.001 | T1518.001 | |
| T1593.002 | T1059.001 | T1112 | T1534 | T1057 | |
| T1591 | T1204.001 | T1036 | T1012 | ||
| T1589.002 | T1059.006 | T1055 | Collection | T1040 | |
| T1598.003 | T1204.002 | T1078.003 | T1005 | T1082 | |
| …