DIRECTORY

  • Alerts
  • APTs
  • Blog
  • Books
  • Certifications
  • Cheat Sheets
  • Courses
  • Cyber Briefing
  • CyberDecoded
  • CyberReview
  • CyberStory
  • CyberTips
  • Definitions
  • Domains
  • Entertainment
  • FAQ
  • Frameworks
  • Hardware Tools
  • Incidents
  • Malware
  • News
  • Papers
  • Podcasts
  • Quotes
  • Reports
  • Tools
  • Threats
  • Tutorials
No Result
View All Result
  • Login
  • Register
  • Cyber Citizens
  • Cyber Professionals
  • Institutions
CyberMaterial
Talk To An Expert
  • Cyber Citizens
  • Cyber Professionals
  • Institutions
CyberMaterial
No Result
View All Result
Talk To An Expert
CyberMaterial
Home APT

APT38 (Lazarous Group) – North Korea

Reading Time: 3 mins read
in APT
Names APT38 (Mandiant), Nickel Gladstone (SecureWorks), Lazarous Group, Stardust Chollima (CrowdStrike)
Additional Names Gods Apostles, Gods Disciples, Guardians of Peace, ZINC, Whois Team, Hidden Cobra
Location North Korea
Date of initial activity 2007
Suspected attribution State-sponsored, Bureau/Unit 211
Motivation Financial Gain
Associated tools AlphaNC, Bankshot, CATCH22, CCGC_Proxy, Ratankba, Server_TrafficForwarder, Wcry, KEYLIME.

Overview

APT38 is a financially-motivated threat group that is backed by the North Korean regime. The group mainly targets banks and financial institutions and has targeted more than 16 organizations in at least 13 countries since at least 2014. North Korean group definitions are known to have significant overlap, and the name Lazarus Group is known to encompass a broad range of activity.

Some organizations use the name Lazarus Group to refer to any activity attributed to North Korea. Some organizations track North Korean clusters or groups such as Bluenoroff, APT37, and APT38 separately, while other organizations may track some activity associated with those group names by the name Lazarus Group.

Targets

Acquisitive crime, targeting financial institutions and operating online criminal activities for financial gain. 

Attack vectors

APT38 used a backdoor, QUICKRIDE, to communicate to the C2 server over HTTP and HTTPS. Used a Trojan called KEYLIME to collect data from the clipboard.

How they work

NICKEL GLADSTONE came into prominence in February 2016, when the news broke about Bangladesh Central Bank’s loss of USD $81 million dollars through fraudulent messages in the SWIFT network. Since then, additional financial institutions were discovered to be targets of similar operations, including banks in Vietnam, Ecuador, Taiwan, Chile and India.

In February 2017, the group was likely responsible for compromising the Polish Financial Supervision Authority (PFSA) website to target Polish and other banks around the world, spanning in total 104 organizations in 31 countries.

References:

  • APT38: Un-usual Suspects
  • APT38
  • APT38
Tags: Advanced Persistent ThreatAPTAPT38Lazarous GroupNickel GladstoneNorth KoreaStardust ChollimaZINC
ADVERTISEMENT

Related Posts

APT43 (Kimsuky, Thallium) – North Korea

May 30, 2023

APT42 (TA453, Mint Sandstorm) – Iran

May 30, 2023
APT41 (WICKED PANDA, TG-2633) – China

APT41 (WICKED PANDA, TG-2633) – China

August 16, 2021
APT40 (Leviathan, BRONZE MOHAWK) – China

APT40 (Leviathan, BRONZE MOHAWK) – China

August 16, 2021

More Articles

Alerts

ACSC has launched a new online tool to help people

August 16, 2022
Cyber101

Server-based VPN – Definitions

March 3, 2023

Vulnerability Management

November 26, 2021

A Comprehensive Guide to 5G Security

March 29, 2021
Tool

Health Care Compliance Automation Module

April 5, 2022
Alerts

Chinese Hackers Targeting UK MPs

July 17, 2023
Meme

Normal people vs Programmers

October 31, 2020
Alerts

OpenSSL to Patch First Critical Vulnerability Since 2016

October 27, 2022
Load More

Security through data

Cybersecurity Domains

  • API Security
  • Business Continuity
  • Career Development
  • Compliance
  • Cryptography
  • HSM
  • KPIs / KRIs
  • Penetration Testing
  • Shift Left
  • Vulnerability Scan

Emerging Technologies

  • 5G
  • Artificial Intelligence
  • Blockchain
  • Cryptocurrency
  • Deepfake
  • E-Commerce
  • Healthcare
  • IoT
  • Quantum Computing

Frameworks

  • CIS Controls
  • CCPA
  • GDPR
  • NIST
  • 23 NYCRR 500
  • HIPAA

Repository

  • Books
  • Certifications
  • Definitions
  • Documents
  • Entertainment
  • Quotes
  • Reports

Threats

  • APTs
  • DDoS
  • Insider Threat
  • Malware
  • Phishing
  • Ransomware
  • Social Engineering

© 2023 | CyberMaterial | All rights reserved.

World’s #1 Cybersecurity Repository

  • About
  • Legal and Privacy Policy
  • Site Map
No Result
View All Result
  • Alerts
  • Incidents
  • News
  • Audience
    • Cyber Citizens
    • Cyber Professionals
    • Institutions
  • Highlights
    • Blog
    • CyberDecoded
    • Cyber Review
    • CyberStory
    • CyberTips
  • Cyber Risks
    • Alerts
    • Attackers
    • Domains
    • Incidents
    • Threats
  • Opportunities
    • Events
    • Jobs
  • Repository
    • Books
    • Certifications
    • Cheat Sheets
    • Courses
    • Definitions
    • Frameworks
    • Games
    • Hardware Tools
    • Memes
    • Movies
    • Papers
    • Podcasts
    • Quotes
    • Reports
    • Tutorials
  • Report Cyber Incident
  • GET HELP
  • Contact Us

Subscribe to our newsletter

© 2022 Cybermaterial - Security Through Data .

Welcome Back!

Sign In with Google
Sign In with Linked In
OR

Forgotten Password? Sign Up

Create New Account!

Sign Up with Google
Sign Up with Linked In
OR

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.