APT45, a cyber threat group associated with North Korea’s Reconnaissance General Bureau, known by aliases such as Stonefly, Silent Colima, Nickey Hayatt, Andriel, and Onyx Sleet, has recently shifted its focus from cyber espionage to spreading ransomware. The group has been observed targeting organizations in South Korea, Japan, and the United States.
Security researchers from Google’s Mandiant have analyzed the group’s activities and found them deploying Shattered Glass Ransomware. This ransomware variant was last detected between June 2021 and June 2022 by Kaspersky.
Previously, APT45 had concentrated on stealing healthcare and crop science information from research and development institutions linked to various governments worldwide.
North Korea, under Kim Jong Un’s leadership, has historically conducted cyber attacks targeting cryptocurrency companies to steal digital assets and gather intelligence for resale to interested parties. The recent shift towards ransomware may be motivated by the potential for substantial financial gains to fund North Korea’s nuclear ambitions.
The discovery of APT45’s new tactics coincided with KnowBe4’s revelation that it had been targeted by a North Korean cyber crime group. The group attempted to infiltrate KnowBe4’s development network by planting a fake employee with a fabricated identity. KnowBe4 robust administrative and security measures prevented the infiltration before any intelligence could be extracted from their servers or malware could be deployed on their network.
Ad