APT43: North Korean Group Uses Cybercrime to Fund Espionage Operations
Mandiant assesses with high confidence that APT43 is a moderately-sophisticated cyber operator that supports the interests of the North Korean regime. Campaigns attributed to APT43 include strategic intelligence collection aligned with Pyongyang’s geopolitical interests, credential harvesting and social engineering to support espionage activities, and financially-motivated cyber crime to fund operations.
Tracked since 2018, APT43’s collection priorities align with the mission of the Reconnaissance General Bureau (RGB), North Korea's main foreign intelligence service. The group’s focus on foreign policy and nuclear security issues supports North Korea’s strategic and nuclear ambitions.
Although the overall targeting reach is broad, the ultimate aim of campaigns is most likely centered around enabling North Korea’s weapons program, including: collecting information about international negotiations, sanctions policy, and other country’s foreign relations and domestic politics as these may affect North Korea’s nuclear ambitions.