dprk-chinese-cyber-crime-threats-us-hph.pdf (5 MB)

HHS frames North Korean cyber activity as a healthcare and public-health-sector risk because DPRK operators use cybercrime to fund state priorities while also pursuing espionage and geopolitical objectives. The North Korea section identifies the Reconnaissance General Bureau as a likely umbrella for major cyber capabilities, places Lazarus Group under Lab 110, and lists Lazarus aliases including APT38, Hidden Cobra, Labyrinth Chollima, and Diamond Sleet. It highlights APT43, also known as Kimsuky, Velvet Chollima, and Emerald Sleet, as a moderately sophisticated actor using social engineering, spoofed domains, spear phishing, credential harvesting, cover identities, and cryptocurrency laundering techniques. The presentation connects Lazarus activity to espionage, intellectual property theft, financial fraud, cryptocurrency targeting, vaccine data theft, WannaCry, VSingle, and MagicRAT, making the DPRK section relevant to defenders tracking both financially motivated and intelligence-led threats to HPH organizations.