Formally attributedUnknown

APT45

North Korean state-sponsored threat actor active since at least 2009, conducting espionage against government and defence sectors as well as financially motivated operations including ransomware development. Linked to the Reconnaissance General Bureau (RGB).

Compare attribution across sources →

Attribution signal

?Score = mentions × confidence weight, summed across all attributed sources. Higher source diversity increases the score.≥ 10 High≥ 3 Moderate< 3 Low

0.8

Low signal strength

Mentions1

Sources1

High conf.1

Last seenMay 2026

First observed

—

Last active

—

Origin

North Korea

Aliases

Techniques

Campaigns

North Korea

TargetsGovernmentDefenceHealthcareFinancial

RegionsGlobal

Attribution signals

1 mention · 1 source

#1observedhigh

TTP match

mandiant

May 2026

"we have observed APT45 sending thousands of repetitive prompts that recursively analyze different CVEs and validate PoC exploits."

Hedge terms observed

observed