Wiki – What is APT38 ?

Wiki – What is APT38 ? – APT38 is a cyber espionage group believed to be associated with North Korea.

It is part of the larger Lazarus Group, a collection of North Korean state-sponsored hackers. APT38 specializes in financially motivated cyber operations, targeting financial institutions globally to steal money. Its activities are distinct from other parts of the Lazarus Group that focus more on espionage, political goals, or destabilization.

Key Characteristics of APT38:

  1. Primary Motivation: APT38 is primarily focused on large-scale financial theft. It aims to steal funds to support the North Korean regime, which faces economic sanctions and financial constraints.
  2. Techniques and Targets:
    • Banking Institutions: APT38 targets banks, cryptocurrency exchanges, and financial institutions worldwide.
    • SWIFT Network Attacks: It is infamous for exploiting vulnerabilities in the SWIFT interbank messaging system to transfer stolen funds to accounts under their control.
    • Sophisticated Malware: APT38 uses custom malware to infiltrate and persist in victims’ systems. Examples include FASTCash malware, which is designed to manipulate ATM networks.
    • Long-Term Reconnaissance: The group is known for prolonged planning, often spending months infiltrating and understanding their targets before launching an attack.
  3. Notable Attacks:
    • Bangladesh Bank Heist (2016): APT38 attempted to steal nearly $1 billion from the Bangladesh Central Bank via the SWIFT system, succeeding in transferring $81 million before being detected.
    • Attacks on banks in Vietnam, Mexico, and Taiwan, among others.
  4. Affiliation with the Lazarus Group: While part of Lazarus, APT38 is distinct due to its financial focus. Other Lazarus subgroups may pursue espionage or disruptive cyber activities (e.g., WannaCry ransomware).
  5. Attribution to North Korea: The group operates under the direction of North Korea’s Reconnaissance General Bureau (RGB), which oversees many of the country’s cyber operations.

APT38 exemplifies how cybercrime can be used as a geopolitical tool, funding a regime’s activities while circumventing international sanctions. Cybersecurity firms and governments worldwide actively monitor and counter its operations.