Threat Intelligence Tarot
Vol. II · 126
North Korea (Reconnaissance General Bureau)
G1004
risk 4/5
The Hungry Banshee
APT43
Black Banshee · Kimsuky-adjacent · Thallium-related · Emerald Sleet
South Korean policy researchersUS think tanksCryptocurrency exchangesKorean Peninsula academia
Active since ~2018 · Strategic intelligence, Cryptocurrency theft, Nuclear program funding
The Hungry Banshee feeds the regime that fed it. Each stolen briefing, each drained wallet, becomes calories for a state that learned long ago that intelligence and theft are the same skill, applied differently.
Tactics & Techniques
RCN
RDV
INI
EXC
PRS
PRV
EVA
CRD
DSC
LAT
COL
C2
EXF
IMP
T1566.002
Spearphishing Link
Initial Access
T1059.001
PowerShell
Execution
T1027
Obfuscated Files or Information
Defense Evasion
T1071.001
Web Protocols
Command and Control
T1567.002
Exfiltration to Cloud Storage
Exfiltration
T1657
Financial Theft
Impact
Notable Operations
  • Persona-based engagement of North Korea policy researchers
  • Mandiant APT43 disclosure (March 2023)
  • Cryptocurrency theft cycles funding regime operations
  • Long-term cultivation of think tank and academic relationships
Defenses
Reversed: Their Weakness
Researcher-targeted phishing-resistant authentication and persona verification (out-of-band confirmation of new contacts) starve this operator of its preferred currency.

Share this adversary profile

Compare →

swipe to browse

← PreviousThe Mirage LocksmithNext →The Sapphire Heist
Related Adversaries
The Sapphire Heist
BlueNoroff
5 shared TTPs
The Desert Hawk
Stealth Falcon
3 shared TTPs
The Many-Headed Whisper
DarkHydrus
3 shared TTPs
Data sourced from MITRE ATT&CK. For educational purposes.