What is APT38 report?

This report is a threat actor profile on APT38 and the various operations the group engages in. APT38 is a nation-state level threat group associated with the North Korean regime whose sole purpose is to collect sensitive financial data.

What is APT38 cyber heist?

Unlike other North Korean threat groups, APT38’s attacks are almost exclusively cyber heists whose likely goal is to raise money for the regime. On the other hand, unlike typical cybercrime operations, APT38’s campaigns are more similar to espionage.

What makes APT38 unique?

APT38 is unique in that it is not afraid to aggressively destroy evidence or victim networks as part of its operations. This attitude toward destruction is probably a result of the group trying to not only cover its tracks, but also to provide cover for money laundering operations.

How long does APT38 stay in your network?

"On average, we have observed APT38 remain within a victim network approximately 155 days, with the longest time within a compromised system believed to be 678 days (almost two years)." But the group also stood out because it did what very few others financially-motivated groups did.