PowerShell and Dropbox Utilized by North Korean APT43 in Focused Cyberattacks on South Korea

AndyC 14 February 2025

An affiliated threat entity connected to North Korea has been identified in an active operation aimed at South Korean enterprises, government offices, and digital currency industries.

An affiliated threat entity connected to North Korea has been identified in an active operation aimed at South Korean enterprises, government offices, and digital currency industries.
Securonix has named this targeted offensive as DEEP#DRIVE, crediting the orchestrated efforts to a cyber unit identified as Kimsuky. This group is also recognized by various aliases including APT43, Black Banshee, Emerald Sleet, Sparkling Pisces, Springtail, TA427, and Velvet.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , ,

More Stories

Fix SOC Blind Spots: See Threats to Your Industry & Country in Real Time

Fix SOC Blind Spots: See Threats to Your Industry & Country in Real Time

AndyC 18 December 2025
China-Linked Ink Dragon Hacks Governments Using ShadowPad and FINALDRAFT Malware

China-Linked Ink Dragon Hacks Governments Using ShadowPad and FINALDRAFT Malware

AndyC 18 December 2025
GhostPoster Malware Found in 17 Firefox Add-ons with 50,000+ Downloads

GhostPoster Malware Found in 17 Firefox Add-ons with 50,000+ Downloads

AndyC 18 December 2025
Compromised IAM Credentials Power a Large AWS Crypto Mining Campaign

Compromised IAM Credentials Power a Large AWS Crypto Mining Campaign

AndyC 17 December 2025
Rogue NuGet Package Poses as Tracer.Fody, Steals Cryptocurrency Wallet Data

Rogue NuGet Package Poses as Tracer.Fody, Steals Cryptocurrency Wallet Data

AndyC 17 December 2025
Amazon Exposes Years-Long GRU Cyber Campaign Targeting Energy and Cloud Infrastructure

Amazon Exposes Years-Long GRU Cyber Campaign Targeting Energy and Cloud Infrastructure

AndyC 17 December 2025

You may have missed

The 12 Months of Innovation: How Salt Security Helped Rewrite API & AI Security in 2025

Google Chrome Extension is Intercepting Millions of Users’ AI Chats

AndyC 18 December 2025
The 12 Months of Innovation: How Salt Security Helped Rewrite API & AI Security in 2025

How Passkeys Work (Explained Simply)

AndyC 18 December 2025
Server revenue hits record in Q3

Merriam-Webster names “slop” the word of the year 2025

AndyC 18 December 2025
Blog-9-300x200-1.jpg

Why “Strong Passwords” Aren’t Enough Anymore—and What to Do Instead

AndyC 18 December 2025
Askul data breach exposed over 700,000 records after ransomware attack

Askul data breach exposed over 700,000 records after ransomware attack

AndyC 18 December 2025

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.