APT Quarterly Highlights : Q2 2024

2024-07-19 • Cyfirma •

https://www.cyfirma.com/research/apt-quarterlyhighlights-q2-2024/

#Trend #Andariel #Kimsuky #MoonstoneSleet #Lazarus #T1082 #T1059.003 #T1090 #T1140 #T1005 #T1070.004 #T1041 #T1113 #T1555 #T1560 #T1071.001 #T1046 #T1112 #T1115 #T1083 #T1497 #T1056.001 #T1036 #T1027 #T1204.002 #T1566.002 #T1555.003 #T1071 #T1124 #T1222 #T1552 #T1057 #T1583.003 #T1518.001 #T1547.001 #T1053.005 #T1539 #T1608.005 #T1583.001 #T1059.001 #T1053 #T1552.001 #T1566 #T1059 #T1003 #T1497.001 #T1102.001 #T1574.002 #T1562.001 #T1490 #T1486 #T1129 #T1133 #T1571 #T1548 #T1190 #T1203 #T1564.001 #T1087 #T1562.004 #T1218.011 #T1070.006 #T1547 #T1068 #T1614 #T1573 #T1095 #T1562 #T1070 #T1047 #T1056 #T1176 #T1010 #T1033 #T1569.002 #T1543.003 #T1485 #T1012 #T1202 #T1087.002 #T1021.004 #T1222.001 #T1518 #T1564.003 #T1505.003 #T1069.002 #T1564 #T1595.002 #T1027.005 #T1070.001 #T1056.004 #T1584

Thumbnail for APT Quarterly Highlights : Q2 2024

CYFIRMA's Q2 2024 APT roundup says North Korean operators intensified espionage and financially motivated activity during the quarter. The DPRK section names Kimsuky, also tracked as Springtail, targeting South Korea with the Gomir backdoor, ReconShark activity via Facebook, and the TRANSLATEXT Chrome extension. It also describes Moonstone Sleet using fake companies, custom ransomware, and trojanized tools, Lazarus using fake job lures to deliver Kaolin RAT and exploit vulnerabilities, and Andariel targeting Korean corporations with RATs such as Nestdoor and Dora RAT.

Related Actors

Andariel

FSI

First seen: Jul 2017

Last seen: May 2026

Kimsuky

Kaspersky

First seen: Sep 2013

Last seen: Jun 2026

Lazarus

Novetta

First seen: Feb 2016

Last seen: Jun 2026

Moonstone Sleet

Microsoft

Lazarus

First seen: May 2024

Last seen: Nov 2025

Related Reports

2024-09-12 • 54% Match

APT PROFILE – KIMSUKY

Cyfirma

#Kimsuky #T1102.002 #T1082 #T1059.003 #T1567.002 #T1140 #T1005 #T1070.004 #T1587.001 #T1041 #T1608.001 #T1071.001 #T1112 #T1083 #T1056.001 #T1059.006 #T1204.001 #T1059.007 #T1036 #T1027 #T1204.002 #T1566.002 #T1555.003 #T1057 #T1059.005 #T1583.006 #T1518.001 #T1566.001 #T1547.001 #T1585.002 #T1053.005 #T1598.003 #T1583.001 #T1059.001 #T1036.005 #T1552.001 #T1585.001 #T1105 #T1219 #T1055 #T1553.002 #T1562.001 #T1027.002 #T1133 #T1190 #T1098 #T1016 #T1074.001 #T1588.002 #T1055.012 #T1587 #T1078.003 #T1071.002 #T1562.004 #T1550.002 #T1111 #T1071.003 #T1591 #T1003.001 #T1218.011 #T1593.002 #T1586.002 #T1588.005 #T1583.004 #T1036.004 #T1589.003 #T1594 #T1218.010 #T1557 #T1593.001 #T1218.005 #T1589.002 #T1584.001 #T1070.006 #T1021.001 #T1560.001 #T1176 #T1136.001 #T1543.003 #T1012 #T1534 #T1560.003 #T1007 #T1564.003 #T1114.003 #T1114.002 #T1564.002 #T1040 #T1546.001 #T1505.003

Shares tags: Kimsuky, T1082, T1059.003 • Same author: Cyfirma

2025-08-13 • 48% Match

APT PROFILE – LAZARUS GROUP

Cyfirma

#Lazarus #T1102.002 #T1082 #T1059.003 #T1567.002 #T1140 #T1584.004 #T1005 #T1070.004 #T1587.001 #T1041 #T1560 #T1608.001 #T1071.001 #T1046 #T1083 #T1056.001 #T1204.001 #T1036 #T1027 #T1204.002 #T1566.002 #T1566.003 #T1124 #T1057 #T1059.005 #T1583.006 #T1566.001 #T1547.001 #T1585.002 #T1053.005 #T1583.001 #T1059.001 #T1036.005 #T1132.001 #T1001.003 #T1585.001 #T1497.001 #T1105 #T1553.002 #T1620 #T1574.002 #T1562.001 #T1027.002 #T1489 #T1078 #T1008 #T1571 #T1491.001 #T1218 #T1220 #T1203 #T1189 #T1049 #T1564.001 #T1098 #T1016 #T1074.001 #T1588.002 #T1562.004 #T1591 #T1218.011 #T1583.004 #T1036.004 #T1588.003 #T1218.010 #T1593.001 #T1218.005 #T1589.002 #T1584.001 #T1070.006 #T1048.003 #T1134.002 #T1027.007 #T1021.001 #T1106 #T1090.001 #T1573 #T1070 #T1047 #T1574.013 #T1561.001 #T1036.003 #T1529 #T1055.001 #T1614.001 #T1010 #T1021.002 #T1033 #T1543.003 #T1485 #T1090.002 #T1542.003 #T1560.002 #T1012 #T1110 #T1547.009 #T1110.003 #T1534 #T1588.004 #T1104 #T1591.004 #T1561.002 #T1608.002 #T1202 #T1221 #T1557.001 #T1087.002 #T1560.003 #T1070.003 #T1021.004

Shares tags: Lazarus, T1082, T1059.003 • Same author: Cyfirma

2024-07-15 • 46% Match

Kimsuky APT: The TrollAgent Stealer Analysis

Darkatlas

#Kimsuky #TrollAgent #T1082 #T1059.003 #T1005 #T1070.004 #T1041 #T1113 #T1071.001 #T1083 #T1036 #T1555.003 #T1057 #T1518.001 #T1539 #T1027.002 #T1016 #T1087.001 #T1218.011

Shares tags: Kimsuky, T1082, T1059.003 • Published within a week

2024-07-31 • 45% Match

Emulating the Politically Motivated North Korean Adversary Andariel – Part 2

Attack IQ

#Andariel #Blacksmith #T1082 #T1083 #T1057 #T1518.001 #T1003 #T1105 #T1049 #T1098 #T1087 #T1016 #T1018 #T1003.001 #T1562 #T1047 #T1136.001 #T1033 #T1543.003 #T1012 #T1069 #T1654

Shares tags: Andariel, T1082, T1083 • Published within a month

2024-07-25 • 44% Match

North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs

USCISA

#Andariel #YARA #T1090 #T1587.001 #T1560 #T1083 #T1027 #T1567 #T1071 #T1059 #T1003 #T1190 #T1592 #T1087 #T1591 #T1596 #T1048 #T1021.002 #T1021 #T1040 #T1572 #T1595 #T1039 #T1587.004

Shares tags: Andariel, T1090, T1560 • Published within a week

2024-08-05 • 43% Match

북한 해킹조직의 건설ㆍ기계 분야 기술절취 주의

KRNCSC

#Andariel #Kimsuky #TrollAgent #DoraRAT #T1119 #T1005 #T1041 #T1113 #T1071.001 #T1083 #T1036 #T1204.002 #T1195 #T1027.002 #T1189 #T1573.002 #T1074.001 #T1217

Shares tags: Andariel, Kimsuky, T1005 • Published within a month

« Back