← All Threat Actors
Threat Actor Profile

Higaisa

G0126
▲ High Threat
The organization often uses important North Korean time nodes such as holidays and North Korea to conduct fishing activities. The bait includes New Year blessings, Lantern blessings, North Korean celebrations, and important news, overseas personnel contact lists and so on. In addition, the attack organization also has the attack capability of the mobile terminal. The targets of the attack also include diplomatic entities related to North Korea (such as embassy officials in various places), government officials, human rights organizations, North Korean residents abroad, and traders. The victim countries currently monitored include China, North Korea, Japan, Nepal, Singapore, Russia, Poland, Switzerland, etc.
Origin South Korea
Sponsor Korea (Republic of)

Target Sectors

Government

Known TTPs

Visual Basic
Native API
Exfiltration Over C2 Channel
DLL
System Time Discovery
Internal Proxy
Malicious File
Encrypted/Encoded File
Scheduled Task
System Information Discovery
Spearphishing Attachment
Web Protocols
Protocol or Service Impersonation
Exploitation for Client Execution
Scheduled Transfer
JavaScript
Binary Padding
Compression
XSL Script Processing
Hidden Window
Symmetric Cryptography
Local Storage Discovery
Registry Run Keys / Startup Folder
Process Discovery
Masquerade Task or Service
System Network Configuration Discovery
Windows Command Shell
Deobfuscate/Decode Files or Information

External Resources

CISA Advisories ↗

Related Intelligence

Hacking the mainframe…

LINK COPIED TO CLIPBOARD