APT
ATLAS
Atlas
Actors
Sectors
Requirements
⌘K
▸
sign in
Atlas
Actors
Sectors
Requirements
LOADING
APT43 (aka Kimsuky, Emerald Sleet) · APT Atlas
Actors
/
Nation-state / APT
/
Asia
APT43
APT
KP · North Korea
AKA
Kimsuky · Emerald Sleet · Sparkling Pisces · Springtail · Black Banshee · Archipelago · ITG16 · KTA082
Microsoft
:
Thallium
CrowdStrike
:
Velvet Chollima
Targets
22
Sectors
17
Threat types
1
GIRs covered
0/480
Active since
2012
Pin to atlas
Watch
Share
Export
Victimology
Geographic footprint · 22 countries
Region filter
Export
origin · North Korea
targeted countries · 22
OCEANIA ·
1
Australia
EUROPE ·
10
Belgium
·
Switzerland
·
Germany
·
France
·
United Kingdom
·
Netherlands
·
Norway
·
Russia
·
Sweden
·
Slovakia
ASIA ·
7
China
·
Indonesia
·
India
·
Japan
·
South Korea
·
Singapore
·
Thailand
AFRICA ·
2
Egypt
·
South Africa
AMERICAS ·
2
Cayman Islands
·
United States
Sectors targeted
17 of 40
Government
83 actors
Defense
60 actors
Aerospace
49 actors
Financial Services
61 actors
Cryptocurrency
17 actors
Healthcare
38 actors
Pharmaceutical
24 actors
Technology
51 actors
Retail & Hospitality
25 actors
NGOs & Dissidents
47 actors
Energy / Utilities
49 actors
Oil and Gas
19 actors
Education & Research
50 actors
Manufacturing (man)
40 actors
Media & Journalism
41 actors
Consulting / Professional Services
26 actors
Private Sector (generic)
28 actors
Tactics, techniques, procedures
Threat types + MITRE ATT&CK mapping
THREAT TYPES
ESP · Espionage
MITRE ATT&CK · 96 techniques
Reconnaissance
· 8
T1589.002
Email Addresses
T1589.003
Employee Names
T1591
Gather Victim Org Information
T1593.001
Social Media
T1594
Search Victim-Owned Websites
T1596
Search Open Technical Databases
T1598
Phishing for Information
T1682
Query Public AI Services
Resource Development
· 5
T1583
Acquire Infrastructure
T1583.004
Server
Initial Access
· 4
T1190
Exploit Public-Facing Application
Execution
· 9
T1053.005
Scheduled Task
Persistence
· 3
Credential Access
· 7
T1003.001
LSASS Memory
Discovery
· 9
T1007
System Service Discovery
T1012
Query Registry
Lateral Movement
· 3
T1021.001
Remote Desktop Protocol
T1534
Internal Spearphishing
Collection
· 8
T1005
Data from Local System
T1113
Screen Capture
T1114.002
Remote Email Collection
Exfiltration
· 3
T1020
Automated Exfiltration
T1041
Exfiltration Over C2 Channel
T1567.002
Exfiltration to Cloud Storage
Impact
· 2
T1489
Service Stop
Command And Control
· 8
T1071.001
Web Protocols
T1071.002
File Transfer Protocols
T1071.003
Mail Protocols
Defense Impairment
· 3
T1112
Modify Registry
Stealth
· 24
T1027
Obfuscated Files or Information
GIR coverage
0 / 480 requirements satisfied
Open matrix
No GIRs mapped yet for this actor.
Related actors
By origin and actor type
APT2
nation-state
China · 6 targets · since 2010
APT5
nation-state
China · 15 targets · since 2007
APT8
nation-state
China · 5 targets · since —
APT14
nation-state
China · 15 targets · since —
APT17
nation-state
China · 10 targets · since 2009
APT20
nation-state
China · 14 targets · since 2011
T1583.006
Web Services
T1585
Establish Accounts
T1587
Develop Capabilities
T1566
Phishing
T1566.001
Spearphishing Attachment
T1566.002
Spearphishing Link
T1059.001
PowerShell
T1059.003
Windows Command Shell
T1059.005
Visual Basic
T1059.006
Python
T1059.007
JavaScript
T1106
Native API
T1204.001
Malicious Link
T1204.004
Malicious Copy and Paste
T1176.001
Browser Extensions
T1543.003
Windows Service
T1547.001
Registry Run Keys / Startup Folder
T1040
Network Sniffing
T1111
Multi-Factor Authentication Interception
T1552.001
Credentials In Files
T1552.004
Private Keys
T1555.003
Credentials from Web Browsers
T1557
Adversary-in-the-Middle
T1016
System Network Configuration Discovery
T1033
System Owner/User Discovery
T1057
Process Discovery
T1083
File and Directory Discovery
T1124
System Time Discovery
T1217
Browser Information Discovery
T1680
Local Storage Discovery
T1550.002
Pass the Hash
T1114.003
Email Forwarding Rule
T1115
Clipboard Data
T1185
Browser Session Hijacking
T1560.001
Archive via Utility
T1560.003
Archive via Custom Method
T1657
Financial Theft
T1102.001
Dead Drop Resolver
T1102.002
Bidirectional Communication
T1105
Ingress Tool Transfer
T1219.002
Remote Desktop Software
T1568
Dynamic Resolution
T1685
Disable or Modify Tools
T1686
Disable or Modify System Firewall
T1027.002
Software Packing
T1027.007
Dynamic API Resolution
T1027.010
Command Obfuscation
T1027.015
Compression
T1036.004
Masquerade Task or Service
T1036.005
Match Legitimate Resource Name or Location
T1036.007
Double File Extension
T1055
Process Injection
T1055.001
Dynamic-link Library Injection
T1055.012
Process Hollowing
T1070.004
File Deletion
T1078.003
Local Accounts
T1140
Deobfuscate/Decode Files or Information
T1205
Traffic Signaling
T1218.005
Mshta
T1218.010
Regsvr32
T1218.011
Rundll32
T1564.002
Hidden Users
T1564.003
Hidden Window
T1564.011
Ignore Process Interrupts
T1620
Reflective Code Loading
T1678
Delay Execution
T1684.001
Impersonation