Nation-State Actor
APT38
North Korea • Active since 2014
APT38 is North Korea's bank robbery team. They hack into banks around the world and steal money by manipulating the SWIFT system that banks use to transfer funds. They have stolen over a billion dollars to fund North Korea.
Overview
APT38 is a North Korean threat group focused on financial theft to generate revenue for the DPRK regime. They specialize in attacks against banks and financial institutions using the SWIFT network, having stolen over $1 billion.
Also Known As
Stardust Chollima, BlueNoroff, BeagleBoyz
Target Industries
Banking, Financial Services, Cryptocurrency, FinTech
Target Regions
Global, Bangladesh, Vietnam, Taiwan, Mexico, Africa
Is your business exposed?
Tactics, Techniques & Procedures
- • SWIFT network manipulation
- • Watering hole attacks
- • Spear-phishing
- • Destructive malware deployment
- • Cryptocurrency theft
Known Tools & Malware
DYEPACK, HERMES, NACHOCHEESE, NESTEGG, KEYLIME
Notable Campaigns
Bangladesh Bank Heist (2016)
Attempted to steal $951 million from Bangladesh Central Bank via SWIFT, succeeding with $81 million.
Far Eastern International Bank Attack (2017)
Stole $60 million from a Taiwanese bank using compromised SWIFT access.
MITRE ATT&CK Techniques
T1195, T1566.001, T1059, T1485, T1486
Defense Recommendations
- 1.
Implement SWIFT Customer Security Programme controls
- 2.
Deploy SWIFT transaction monitoring
- 3.
Air-gap SWIFT systems from general network
Related Threat Actors
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required