North Korean Hacking Group APT38 A Serious Threat - Warns FireEye

FireEye, a cybersecurity company, has accused a hacking group, called and codenamed by the accusers as APT38.

FireEye, a cybersecurity company, has accused a hacking group called and codenamed by the accusers as APT38. The group is allegedly working under the North Korean administration and performs rather aggressive financial crimes and is responsible for stealing millions since they came into being.
FireEye has released a report stating the tools and techniques used by the group, “We believe APT38’s financial motivation, unique toolset, and tactics, techniques, and procedures (TTPs) observed during their carefully executed operations are distinct enough to be tracked separately from other North Korean cyber activity. There are many overlapping characteristics with other operations, known as “Lazarus” and the actor we call TEMP.Hermit; however, we believe separating this group will provide defenders with a more focused understanding of the adversary and allow them to prioritize resources and enable defense.
In their official blog, the company further explained the distinction of the group from any other hackers out there. Foremost, the malware tools used overlap or are similar indicating the similar developer behind the scenes.
The general pattern used by APT38 was observed to be this way -
  • First, the information is gathered by targeting third-party vendors to understand the mechanics of their transactions.
  • Then, initial compromise takes place followed by internal reconnaissance, pivot to victim servers used for swift transactions.
  • After this, finally, the funds are transferred or stolen. 
  • This group does not stop just there but it removes all the evidence that might help the authorities trace them back or know the exact way or methodology of the fraud.
FireEye addressed the threat the group poses to its targeted sector by stating, “APT38 is unique in that it is not afraid to aggressively destroy evidence or victim networks as part of its operations. This attitude toward destruction is probably a result of the group trying to not only cover its tracks but also to provide cover for money laundering operations.
Read the full report here.