#
DPRK
#
Adversary Overview
Threat actors linked to the Democratic People's Republic of Korea (DPRK) conduct cyber operations primarily targeting financial institutions (cryptocurrency, banking, blockchain) as well as the defense and the technology sectors. These actors are known to conduct comprehensive research on specific targets, often taking a personalized approach to build rapport and frequently impersonating legitimate contacts or organizations to enhance credibility. DPRK-affiliated adversaries have expanded their targeting to include macOS systems, employing social engineering techniques to compel users to execute malware disguised as legitimate software, launching sophisticated supply chain attacks, masquerading malicious files as legitimate applications, and evading detection while maintaining control over victim environments. Actions on objectives for these actors typically involve the theft of sensitive information such as admin passwords, session cookies, and macOS keychains. DPRK state-sponsored actors continue to refine their targeting, leveraging their campaigns to fund the advancement of their nuclear capabilities.