cyber-threats-2019-retrospect.pdf (1 MB)

PwC’s 2019 retrospective includes several North Korea-linked developments within a broader threat landscape review. PwC tied the customized DTrack/Preft backdoor used in the Kudankulam Nuclear Power Plant incident to Black Artemis, its name for Lazarus, and assessed the malware was configured with knowledge of the victim’s internal network for information theft rather than destruction. The report also notes North Korean actors Black Artemis and Black Banshee combining espionage and financially motivated activity in 2019, with attention to aerospace, defense, financial institutions, and cryptocurrency organizations. PwC further highlights abuse of valid code-signing certificates by Black Artemis and Andariel, including signed recruitment-themed payloads and a reloaded Rifdoor variant used in the ANONYBR espionage campaign.