APT38 is a financially-motivated threat group that is backed by the North Korean regime. The group mainly targets banks and financial institutions and has targeted more than 16 organizations in at least 13 countries since at least 2014.
North Korean group definitions are known to have significant overlap, and the name Lazarus Group is known to encompass a broad range of activity. Some organizations use the name Lazarus Group to refer to any activity attributed to North Korea. Some organizations track North Korean clusters or groups such as Bluenoroff, APT37, and APT38 separately, while other organizations may track some activity associated with those group names by the name Lazarus Group.
|Enterprise||T1486||Data Encrypted for Impact|
|Enterprise||T1487||Disk Structure Wipe|
|Enterprise||T1070||Indicator Removal on Host|
|Enterprise||T1105||Remote File Copy|
|Enterprise||T1494||Runtime Data Manipulation|
|Enterprise||T1071||Standard Application Layer Protocol|
|Enterprise||T1492||Stored Data Manipulation|
|Enterprise||T1049||System Network Connections Discovery|
|Enterprise||T1493||Transmitted Data Manipulation|