Financial Institutions in Asia and the US are Spoofed by North Korea-Aligned TAG-71
Insikt Group has discovered malicious cyber threat activity spoofing several financial institutions and venture capital firms in Japan, Vietnam, and the United States. The group responsible, referred to as Threat Activity Group 71 (TAG-71), has significant overlaps with the North Korean state-sponsored APT38. Between September 2022 and March 2023, Insikt Group discovered 74 domains and 6 malicious files associated with TAG-71's activities.
TAG-71 has previously been observed spoofing domains belonging to financial firms and cloud services in Japan, Taiwan, and the United States. In March 2022, Insikt Group identified 18 malicious servers tied to TAG-71, which were also linked to the publicly reported CryptoCore campaign. These servers were used for malware delivery, phishing, and comma...








