ATIP_2023_Apr_Threat-Trend-Report-on-APT-Groups.pdf (290 KB)

AhnLab’s April 2023 APT groups report is a broad monthly roundup, but its DPRK-relevant sections highlight Kimsuky, Lazarus, and RedEyes/APT37 activity rather than the unrelated Russian and other actor coverage. For Kimsuky, ASEC noted AppleSeed execution changes and distribution of a Google Chrome Remote Desktop setup script through an AppleSeed-related domain, raising questions about whether the group was temporarily or strategically changing its remote-control tooling. For Lazarus, the report cites Kaspersky’s coverage of the DeathNote/Operation Dream Job campaign, describing its shift from cryptocurrency targeting in 2019 toward defense-industry targeting from 2020 and recent activity involving Korea. The source also lists RedEyes/APT37/ScarCruft as a covered APT group, making the report relevant to DPRK-focused tracking while requiring analysts not to treat unrelated APT28 or other actor sections as North Korea activity.