North-Korean-TTPs-for-Revenue-Generation.pdf (946 KB)

Indicators of Potential North Korean Cyber Operations The remote-access Trojan (RAT) Manuscrypt is among the most notable malware that North Korean actors—including Lazarus Group and APT38—use to target companies. This product provides an overview of the common tactics, techniques, and procedures (TTPs) North Korean cyber actors use to target and gain access to financial institutions and entities associated with cryptocurrency for cyber exploitation and revenue generation. Advanced persistent threat (APT) 37 and the Lazarus Group are the most likely North Korean cyber groups to use software exploits and quickly weaponize zero-day vulnerabilities. North Korean cyber actors compromise software firms or third-party IT providers to insert malicious code into a company’s software and also target cryptocurrency customers through legitimate but compromised applications.