Additionally QR codes as a phishing vector are in use by the group. A tactic that I feel may be a lil too techy for the clientele they seem to love picking on. Whether embedded in a doc or inline in the email, they seem to be testing this idea.
In typical fashion their immediate concern for the APT is to get them off of the main channels, opting for side chats or excuses like "I have issues with email and service in the building, can reach me on Whatsapp" etc.
APT43 activity with multiple European embassies being spoofed and likely targeted. Rapport building themes and lures center around DPRK Human Rights and reactions to DPRKs official stance on NK troops in Russia cc @jennytown.bsky.social@elias.foxhold.net@garyfreasbysm.bsky.social
Kim Chaek Uni of Tech. DPRK IT Workers supplying money to sanctioned Ryonbong. Client countries: US,UK, JP, UA, CN, BR.
Cha Gang Song JangMyongSong KimMunSong Li Song Ryong Mun Ri Yong Kim Su Jin Choe Song Guk Paek Myong Ho Paek Choe Hyon Pyo Se Il Cha Gang Song home.treasury.gov/news/press-r...
Much like their APT45 homies at times, DPRK ITW searching out regime priorities. Our goon's collect, Keygen, after analysis shows in 2024. Drone-UAV-Defense-Countermeasure Intelligence with ties to a certain DPRK College. 👀
