APT43

GPTKB entity

Statements (49)
Predicate Object
gptkbp:instanceOf cybercrime
gptkbp:alsoKnownAs gptkb:Kimsuky
gptkbp:attributedTo gptkb:FireEye
gptkb:Mandiant
gptkb:US_Cybersecurity_and_Infrastructure_Security_Agency
gptkbp:category Advanced Persistent Threat
state-sponsored group
gptkbp:connectsTo gptkb:Lazarus_Group
North Korean Reconnaissance General Bureau
gptkbp:countryOfOrigin gptkb:North_Korea
gptkbp:firstReported 2012
https://www.w3.org/2000/01/rdf-schema#label APT43
gptkbp:infrastructure command and control servers
malicious email accounts
fake websites
gptkbp:language gptkb:Korean
English
gptkbp:mainActivity cybercrime
credential harvesting
information theft
gptkbp:motive gptkb:intelligence_gathering
financial gain
support North Korean regime
gptkbp:notableEvent COVID-19 research targeting
nuclear policy espionage
phishing campaigns against journalists
gptkbp:operatedBy gptkb:North_Korean_government
gptkbp:sector gptkb:government
gptkb:media
gptkb:military
defense
academia
think tanks
gptkbp:status active
gptkbp:target gptkb:Europe
gptkb:Japan
gptkb:South_Korea
gptkb:United_States
gptkbp:technique social engineering
spear phishing
watering hole attacks
gptkbp:usesMalware gptkb:BabyShark
Gh0st RAT
AppleSeed
KGH_SPY
ReconShark
SPYWARE
gptkbp:bfsParent gptkb:Operation_Winnti
gptkbp:bfsLayer 7