Ransomware shift from Cyber Espionage for North Korea

    News Cybersecurity USA

    APT45, a cyber threat group associated with North Korea’s Reconnaissance General Bureau, known by aliases such as Stonefly, Silent Colima, Nickey Hayatt, Andriel, and Onyx Sleet, has recently shifted its focus from cyber espionage to spreading ransomware. The group has been observed targeting organizations in South Korea, Japan, and the United States.

    Security researchers from Google’s Mandiant have analyzed the group’s activities and found them deploying Shattered Glass Ransomware. This ransomware variant was last detected between June 2021 and June 2022 by Kaspersky.

    Previously, APT45 had concentrated on stealing healthcare and crop science information from research and development institutions linked to various governments worldwide.

    North Korea, under Kim Jong Un’s leadership, has historically conducted cyber attacks targeting cryptocurrency companies to steal digital assets and gather intelligence for resale to interested parties. The recent shift towards ransomware may be motivated by the potential for substantial financial gains to fund North Korea’s nuclear ambitions.

    The discovery of APT45’s new tactics coincided with KnowBe4’s revelation that it had been targeted by a North Korean cyber crime group. The group attempted to infiltrate KnowBe4’s development network by planting a fake employee with a fabricated identity. KnowBe4 robust administrative and security measures prevented the infiltration before any intelligence could be extracted from their servers or malware could be deployed on their network.

    Remember, paying a ransom doesn’t guaranty a decryption key for sure and moreover it increases the risk level by a mile as the criminals try to attack the same network multiple times in a year, by exploiting the same vulnerability. Furthermore it gives a confidence to threat actors that their malicious motives will surely be rewarded.

    Ad
    Naveen Goud
    Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

    No posts to display