Understanding Attacks Linked to APT38
Overview
APT38 is a North Korean backed cyber threat group, that has actively targeted banks, financial institutions, casinos, cryptocurrency exchanges, SWIFT system endpoints, ATMs, etc. in various countries since 2014.
Some of their significant as well as destructive attacks include the Bank of Bangladesh heist of 2016 which resulted in stolen $81 million, the attack on Bancomext and Banco de Chile in 2018, etc.
Targeting Pattern
This cyber threat group has targeted more than 16 organizations in at least 13 countries which indicates that the group is very large and laced with extensive resources. Some of their target details are as follows:
- The total number of targeted organizations may be higher due to the low incident reporting rate from the affected organization.
- Their attacks are always planned, they are subtle in their operations with mixed operating system environments, they always use custom-made tools, and completely destroys all the compromised machines afterwards.
- Their attacks are very calculated and careful with aspiration of longer access to the victim's environment in order to understand the network layout, technology, and required permissions to be successful in their goals.
Impact
- Loss as well as compromise of sensitive user information and high-value user accounts.
- Its illicit transactions via victim's infrastructure may lead to loss of monetary funds.
- A successful compromise may lead to regulatory fines like GDPR, or PCI DSS penalties if gross negligence is discovered.
Remedy
It is highly recommended to patch your public-facing network and use Mimikatz defense guide along with the other defensive techniques in order to improve your defensive stance as well as minimize its impact to your business operations.
To know more about it, you can go through my detailed document by clicking here
Comments
Post a Comment