www.recordedfuture.com
Open in
urlscan Pro
172.64.144.145
Public Scan
URL:
https://www.recordedfuture.com/north-korea-aligned-tag-71-spoofs-financial-institutions
Submission: On November 23 via api from US — Scanned from US
Submission: On November 23 via api from US — Scanned from US
Form analysis
0 forms found in the DOMText Content
This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy. Accept * Careers * Contact Us * Login * ENJPKO EN * Platform * Solutions * Products * Services * Research * Resources * Company Get a demo Book a demo Research (Insikt) NORTH KOREA-ALIGNED TAG-71 SPOOFS FINANCIAL INSTITUTIONS IN ASIA AND US Posted: 6th June 2023 By: Insikt Group® Insikt Group has discovered malicious cyber threat activity spoofing several financial institutions and venture capital firms in Japan, Vietnam, and the United States. The group responsible, referred to as Threat Activity Group 71 (TAG-71), has significant overlaps with the North Korean state-sponsored APT38. Between September 2022 and March 2023, Insikt Group discovered 74 domains and 6 malicious files associated with TAG-71's activities. TAG-71 has previously been observed spoofing domains belonging to financial firms and cloud services in Japan, Taiwan, and the United States. In March 2022, Insikt Group identified 18 malicious servers tied to TAG-71, which were also linked to the publicly reported CryptoCore campaign. These servers were used for malware delivery, phishing, and command and control operations, often impersonating popular cloud services and cryptocurrency exchanges. The North Korean government has a history of financially motivated intrusion campaigns, targeting cryptocurrency exchanges, commercial banks, and e-commerce payment systems worldwide. TAG-71's recent activities align with this pattern, indicating North Korea's ongoing efforts to generate funds while facing international sanctions. The spoofing of investment banking and venture capital firms poses risks such as exposure of sensitive information, legal consequences, disrupted negotiations, or damage to strategic investment portfolios. Select IOCs for TAG-71 mapped to the Diamond Model of Intrusion Analysis in the Recorded Future Intelligence Cloud To mitigate TAG-71's activities, Insikt Group recommends configuring intrusion detection systems to block connections to the IP addresses and domains associated with the group. Clients of Recorded Future, Insikt Group's parent company, should also block command and control servers logged in the Command and Control Security Control Feed. Additionally, organizations should enforce security awareness among employees and customers to recognize phishing attempts, suspicious domains, and fraudulent documents. Monitoring for domain abuse and initiating takedowns of fraudulent domains through Recorded Future's Brand Intelligence module is also advised. Overall, TAG-71's campaign aligns with North Korean state-sponsored threat actors' past activities, posing risks to financial and investment firms and their customers. Implementing the recommended mitigation measures can help protect organizations from these malicious activities. To read the entire analysis with endnotes, click here to download the report as a PDF. RELATED RESEARCH (INSIKT) Research (Insikt) AS BLACK FRIDAY APPROACHES, 3 KEY TRENDS OFFER INSIGHTS FOR MITIGATING ONLINE SHOPPING SCAMS Insikt Group's analysis of high-impact scam website campaigns before Black Friday reveals key scammer themes and protective measures for consumers and businesses. View Research (Insikt) Research (Insikt) IMPROVING AUTOMATION AND ACCESSIBILITY DRIVE $100 BILLION IN PROJECTED AD FRAUD LOSSES Ad fraud, amplified by automation and accessible bot software, inflates ad metrics for personal gain, lowering entry barriers and escalating its threat. View Research (Insikt) Research (Insikt) CHARTING CHINA’S CLIMB AS A LEADING GLOBAL CYBER POWER Chinese state-sponsored cyber operations have transformed, emerging as a more mature, stealthy, and coordinated threat than in previous years. View Research (Insikt) ABOUT US * Intelligence Cloud * Services & Support * Why Recorded Future * Research * Resources * Company HELPFUL LINKS * Careers * Contact Us * Get a Demo * The Intelligence Graph -------------------------------------------------------------------------------- JOIN US ONLINE * * * * * READY TO JOIN? Contact us today Copyright © 2023 Recorded Future, Inc. * Security FAQ * Cookies * Privacy Policy * Terms & Conditions