eset-apt-activity-report-q2-2024-q3-2024.pdf (1 MB)

ESET says North Korea-aligned groups continued advancing regime priorities through attacks on financial and technology targets, especially where cryptocurrency businesses blur the two sectors. The DPRK section notes frequent abuse of cloud services such as Google Drive, Microsoft OneDrive, Dropbox, Yandex Disk, pCloud, GitHub, Bitbucket, and Zoho, with ScarCruft observed abusing Zoho for the first time. ESET also highlights Kimsuky use of Microsoft Management Console files, which can execute Windows commands despite their administrative appearance. The excerpt places these findings inside a broader APT review, but the relevant evidence is the DPRK use of cloud services, MMC files, and financially motivated targeting.