All is not so copacetic with North Korea. The United States has many channels of intelligence regarding North Korea and dealing with Kim Jong-Un. Many of the moving parts require diplomatic artistry.
Below are but two examples and the prediction of a second summit between the United States and North Korea being noted, the logistics is a chess game.
FireEye has released a report stating the tools and techniques used by the group, “We believe APT38’s financial motivation, unique toolset, and tactics, techniques, and procedures (TTPs) observed during their carefully executed operations are distinct enough to be tracked separately from other North Korean cyber activity. There are many overlapping characteristics with other operations, known as “Lazarus” and the actor we call TEMP. Hermit; however, we believe separating this group will provide defenders with a more focused understanding of the adversary and allow them to prioritize resources and enable defense.”
In their official blog, the company further explained the distinction of the group from any other hackers out there. Foremost, the malware tools used overlap or are similar indicating the similar development behind the scenes.
The general pattern used by APT38 was observed to be this way:
- First, the information is gathered by targeting third-party vendors to understand the mechanics of their transactions.
- Then, initial compromise takes place followed by internal reconnaissance, then pivot to victim servers used for swift transactions.
- After this, finally, the funds are transferred or stolen.
- This group does not stop there. They remove all the evidence that might help the authorities trace back to them or know the exact way or methodology of the fraud.
FireEye addressed the threat the group poses to its targeted sector by stating, “APT38 is unique in that it is not afraid to aggressively destroy evidence or victim networks as part of its operations. This attitude toward destruction is probably a result of the group trying to not only cover its tracks but also to provide cover for money laundering operations.” The full 32 page report is here.
Meanwhile:
The U.S. Treasury Department last week sanctioned a Turkish company, two Turkish individuals, and a North Korean individual for violating UN sanctions on Pyongyang. These sanctions came just before Secretary of State Mike Pompeo’s fourth trip to North Korea in preparation for an anticipated second Trump-Kim summit.
Read the full story from NoisyRoom.net
Want more BFT? Leave us a voicemail on our page or follow us on Twitter @BFT_Podcast and Facebook @BluntForceTruthPodcast. We want to hear from you! There’s no better place to get the #BluntForceTruth.
