AppleJeus

Overview

AppleJeus is a North Korean state-sponsored threat group attributed to the Reconnaissance General Bureau. Associated with the broader Lazarus Group umbrella of actors, AppleJeus has been active since at least 2018 and is closely aligned in resources with TEMP.hermit, another DPRK-affiliated group under the same umbrella. The group’s primary mission is to generate and launder revenue to provide financial support to the government. AppleJeus primarily targets the cryptocurrency industry and is most notably responsible for the 3CX Supply Chain Attack. The group traditionally deploys malicious cryptocurrency software in combination with Phishing. From these compromised environments, it selectively deploys additional backdoors to enable extended operations against high-value financial targets.

Targets

Government · Private sector

Regions

Australia · Bangladesh · Bangladesh Bank · Brazil · Canada · China · Cryptocurrency exchanges in South Korea · France · Germany · Guatemala · Hong Kong · India · Japan · Sony Pictures Entertainment · South Korea · Thailand · United Kingdom · United States

TTPs — 2 techniques across 2 tactics

Reporting (3)

• Exposing DPRK's Cyber Syndicate and Hidden IT Workforce — Michael “Barni” Barnhart, DTEX, and Anonymous SMEs
• Tempted to Classifying APT Actors: Practical Challenges of Attribution in the Case of Lazarus’s Subgroup — 佐々木勇人 Hayato Sasaki
• Threat Assessment: North Korean Threat Groups — Unit 42