Formally attributedActiveMITRE G0082 →

APT38

Coverage omission — Eastern

APT38 is a North Korean state-sponsored threat group that specializes in financial cyber operations; it has been attributed to the Reconnaissance General Bureau. Active since at least 2014, APT38 has targeted banks, financial institutions, casinos, cryptocurrency exchanges, SWIFT system endpoints, and ATMs in at least 38 countries worldwide. Significant operations include the 2016 Bank of Bangladesh heist, during which APT38 stole $81 million, as well as attacks against Bancomext and Banco de Chile ; some of their attacks have been destructive. North Korean group definitions are known to have significant overlap, and some security researchers report all North Korean state-sponsored cyber activity under the name Lazarus Group instead of tracking clusters or subgroups.

Compare attribution across sources →

Attribution signal

?Score = mentions × confidence weight, summed across all attributed sources. Higher source diversity increases the score.≥ 10 High≥ 3 Moderate< 3 Low

0.0

None signal strength

Mentions0

Sources0

High conf.0

First observed

2019-01-29

Last active

Active

Origin

North Korea — attributed by US Treasury and multiple Western governments

Aliases

Techniques

Campaigns

North Korea — attributed by US Treasury and multiple Western governmentshigh confidence

TargetsFinancialCryptocurrency

RegionsGlobalApacAfricaLatam

Attribution signals

No attribution signals extracted yet — signals populate automatically as articles are processed.