ATIP_2023_Jun_Threat-Trend-Report-on-APT-Groups.pdf (254 KB)

AhnLab’s June 2023 APT trend report reviews public reporting on multiple nation-state groups and includes several DPRK-relevant sections such as Andariel, Kimsuky, Lazarus, and Red Eyes/APT37. In the available excerpt, the Andariel section notes active exploitation of Log4j and the addition of malware families such as YamaBot and MagicRat, with commercial tools including 3Proxy, Dumpert, ForkDump, Powerline, PuTTY, NTDSDumpEx, and Supremo also observed. The same excerpt notes that EarlyRat infrastructure overlapped with servers used in the HolyGhost and Maui ransomware campaigns. Because this is a broad multi-actor report, the summary should be read as a DPRK-focused extraction rather than coverage of every APT group in the PDF.