The cybercriminal group working in the interests of the DPRK does not need an external source of funding.
Cybersecurity experts at Mandiant have discovered a North Korean hacker group that finances itself through cybercriminal operations. The group directs the proceeds to support spy campaigns against government organizations in South Korea, the United States, Japan and the European Union.
Mandiant has been tracking APT43 cybercrimes since 2018, but only now have experts become confident that one particular group of attackers is involved in these attacks.
The researchers claim that APT43 is "a moderately sophisticated cyber operator supporting the interests of the North Korean regime." The group has a track record of many phishing campaigns, as well as spoofing domains and email addresses as part of aggressive social engineering tactics.
The Mandiant report states that APT43's cyber-espionage campaigns primarily involve gathering strategic intelligence related to North Korea's geopolitical interests.
“APT43 maintains a high pace of activity. The group is actively pursuing phishing campaigns, credential harvesting, and demonstrating coordination with other elements of the North Korean cyber ecosystem,” the company said in a statement.
While the overall scope of targets is broad, Mandiant said the ultimate goal of APT43's malware campaigns is most likely centered around helping North Korea's weapons program. Hackers are interested in: collecting information about international negotiations, sanctions, foreign and domestic policies of different countries. In other words, everything that can directly or indirectly affect the DPRK.