APT45, a North Korean cyber operator, has continued to target the healthcare and pharmaceutical sectors, a July 25 report from cybersecurity firm Mandiant found.
APT45 is one of North Korea's longest-operating cyber groups, and their actions reflect the country's geopolitical interests, according to the report. Over time, their focus has expanded from traditional cyber espionage targeting government and defense sectors to also include healthcare and agricultural science.
Five things to know about APT45:
- APT45 has been active since at least 2009, conducting espionage campaigns with moderate sophistication.
- Of the groups believed to operate from the Democratic People's Republic of Korea, APT45 has been the most commonly observed targeting critical infrastructure.
- According to the report, during the early stages of the COVID-19 pandemic, several groups linked to North Korea (DPRK) targeted the healthcare and pharmaceutical sectors. However, APT45 has continued to focus on these areas for a longer time than the others. This suggests that APT45 still has orders to gather information related to healthcare and pharmaceuticals.
- Observed activity from APT45 shows that the group has ongoing interest in health-related research.
- In 2022, the U.S. Cybersecurity and Infrastructure Security Agency documented North Korean state-sponsored actors deploying MAUI ransomware against the healthcare and public health sectors.