July 25, 2024 at 11:03AM
North Korea-linked threat actor APT45 is expanding into financially-motivated attacks using ransomware, marking a shift from traditional cyber espionage. It is associated with deploying ransomware families SHATTEREDGLASS and Maui, targeting entities in South Korea, Japan, and the U.S. The group is also linked to malware such as Dtrack and has a history of targeting critical infrastructure.
Based on the meeting notes, here are the key takeaways:
1. A North Korea-linked threat actor known as APT45 has expanded from cyber espionage to financially-motivated attacks, including the deployment of ransomware.
2. APT45 is associated with the deployment of ransomware families SHATTEREDGLASS and Maui, targeting entities in South Korea, Japan, and the U.S.
3. APT45 is also linked to the use of a backdoor malware called Dtrack, which was involved in a cyber attack on the Kudankulam Nuclear Power Plant in India in 2019.
4. APT45’s activities mirror the changing priorities of North Korea’s leadership, encompassing classic cyber espionage against government and defense entities as well as healthcare and crop science industries.
5. KnowBe4 reported an incident where a North Korean IT worker, supported by state-backed criminal infrastructure, used a stolen identity of a U.S. citizen to secure employment in the U.S. and engage in malicious activities.
6. The incident underscores the need for more robust vetting processes, continuous security monitoring, and improved coordination between HR, IT, and security teams to protect against advanced persistent threats.
These takeaways highlight the evolving nature of cyber threats posed by APT45 and the importance of enhancing security measures to counter such threats.