Mandiant identifies new North Korea state-backed hacking group

• APT43 also appears to target cryptocurrency firms and services and uses the profits to fund its espionage operations, the report states.
• The group typically targets organizations in South Korea and the United States, with a special focus on government, business services, manufacturing and education and research groups.

The big picture: Mandiant has "moderate confidence" that APT43 is specifically linked to North Korea's foreign intelligence service.

• Mandiant has been tracking this gang's activities since 2018, and today's report officially elevates the group to an official state-backed hacking group.

Of note: Other companies refer to the group as "Kimsuky" or "Thallium" in their reports. Each cyber research firm uses its own naming conventions for identifying hacking groups.

Details: APT43 engages in two types of cyber activity: Spear-phishing email campaigns to harvest specific targets' credentials and high-value research, and cryptocurrency firm hacks to get funds for its own operations.

• In the spear-phishing attacks, APT43 poses as reporters and researchers to trick employees at U.S. defense and research organizations, as well as South Korea-based think tanks, into clicking on a malicious email link or responding with key intel.

• APT43 has been seen using cryptocurrency services to launder stolen currency, suggesting the group has been involved in the string of recent attacks.

Threat level: Unlike other state-backed hacking groups, APT43 has yet to be seen exploiting critical, unknown vulnerabilities in systems.

• However, the group continues to maintain "a high tempo of activity" and has collaborated with several North Korea state-backed hacking groups.

Sign up for Axios’ cybersecurity newsletter Codebook here