rpt-apt38-2018-web_v5.pdf (3 MB)

FireEye profiles APT38 as a financially motivated North Korean regime backed group specializing in bank intrusions and destructive operations. The report says the group has attempted to steal more than $1.1 billion, compromised more than 16 organizations in at least 13 countries, and spends extended time inside victim networks before attempting fund transfers. APT38 shares malware development resources with TEMP.Hermit but is treated as a distinct cluster focused on financial institutions, SWIFT environments, reconnaissance, evasion, and evidence destruction.