APT45
| Actor Type | Nation State |
|---|---|
| Attributed to Nation | North Korea |
| Directly Linked Intrusion Sets | Onyx Sleet , Andariel |
| Associated Threat Actor | North Korean Reconnaissance General Bureau |
| Associated MITRE ATT&CK Group | Andariel (G0138) |
APT45 is a group observed carrying out campaigns as early as 2009 and graduated to APT status by researchers at Google's Mandiant in July 2024. The group is assessed as operating out of the Democratic People's Republic of Korea (DPRK) with Mandiant attributing the group to North Korea's Reconnaissance General Bureau.
Having conducted predominantly espionage focused campaigns historically, the group expanded into financially-motivated operations including suspected development and deployment of ransomware.
The group is notable for frequent targeting of critical infrastructure and use of publicly available tools alongside a set of custom malware.
Cyber Threat Graph Context
Explore how this Intrusion Set relates to the wider threat graph
APT45 Threat Reports
APT45: North Korea’s Digital Military Machine
This report from threat intelligence analysts at Google's Mandiant marks the graduation of this cyber actor to a fully designated APT - APT45. The ...