Introduction
AppleJeus is a North Korean state-sponsored threat group attributed to the Reconnaissance General Bureau. Associated with the broader Lazarus Group umbrella of actors, AppleJeus has been active since at least 2018 and is closely aligned in resources with TEMP.hermit, another DPRK-affiliated group under the same umbrella. dtex DPRK 2025 structure ITworkers The groupβs primary mission is to generate and launder revenue to provide financial support to the government. AppleJeus primarily targets the cryptocurrency industry and is most notably responsible for the 3CX Supply Chain Attack. Mandiant 3cx UNC4736 2023 The group traditionally deploys malicious cryptocurrency software in combination with Phishing. From these compromised environments, it selectively deploys additional backdoors to enable extended operations against high-value financial targets. Mandiant DPRK Groups 2023 JPCert Blog Laz Subgroups 2025
Activities and Tactics
Country of Origin: π°π΅ North Korea
Notable Campaigns
Information pending cataloguing.
Tactics, Techniques, and Procedures (TTPs)
Information pending cataloguing.
Notable Indicators of Compromise (IOCs)
No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.
Malware and Tools
Information pending cataloguing.
Attribution and Evidence
Country of Origin: North Korea Additional attribution information pending cataloguing.
References
[1] MITRE ATT&CK MITRE ATT&CK entry [2] dtex DPRK 2025 structure ITworkers [3] Mandiant 3cx UNC4736 2023 [4] Mandiant DPRK Groups 2023 [5] JPCert Blog Laz Subgroups 2025