NEW: Group Profiler — instant APT intel lookup. Try it →

← threatfilter.dev / all groups / Higaisa

Higaisa

G0126 South Korea MITRE ATT&CK →

Overview

Higaisa is a threat group suspected to have South Korean origins. Higaisa has targeted government, public, and trade organizations in North Korea; however, they have also carried out attacks in China, Japan, Russia, Poland, and other nations. Higaisa was first disclosed in early 2019 but is assessed to have operated as early as 2009.

Targets

Government

Regions

China · Japan · Nepal · North Korea · Poland · Russia · Singapore · Switzerland

Capabilities

  • Exploitation of public-facing / client applications — ATT&CK T1203

TTPs — 28 techniques across 7 tactics

Tools & malware (3)

PlugX · certutil · gh0st RAT

Reporting (3)