Aug_Threat-Trend-Report-on-APT-Groups.pdf (240 KB)

The activities of the Andariel and Lazarus groups, which are believed to be backed by North Korea, have been observed outside their traditional conflict region in Korea. The HuiLoader variant used in the attacks is also being used by other Chinese threat groups, making it challenging to accurately distinguish between these groups as they share infrastructure and malware. Recorded Future identified the use of a multi-layered infrastructure network for command and control (C2), reconnaissance, and exploitation. 3) APT31 Kaspersky investigated attacks targeting industrial organizations in Eastern Europe and attributed them to the APT31 group.5 This threat group abuses cloud-based data storage and temporary file-sharing services like Dropbox or Yandex Disk to exfiltrate data and transfer subsequent-stage malware.