APT / THREAT GROUP💰 FINANCIALHIGH

TA444

🇰🇵North Korea-attributed
1
campaigns
1
aliases
Last seen:Mar 17, 2026

Intelligence Profile

TA444 is a North Korea state-sponsored threat actor that primarily focuses on financially motivated operations. They have been active since at least 2017 and have recently shifted their attention to targeting cryptocurrencies. TA444 employs various infection methods and has a diverse range of malware and backdoors at their disposal. They have been attributed to stealing hundreds of millions of dollars' worth of cryptocurrency and related assets.

Threat Analysis

TA444 is a high-sophistication threat actor attributed to North Korea, engaged in cyber operations with a primary motivation of financial.

Financially motivated threat actors like TA444 prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.

With high sophistication, TA444 is capable of targeted intrusions using adapted commodity tools alongside custom implants, maintaining operational security and evading standard detection mechanisms.

Known Campaigns

TA444 — Active Operations March 2026

TA444 is a financial threat actor attributed to North Korea. TA444 is a North Korea state-sponsored threat actor that primarily focuses on financially motivated operations. They have been active since at least 2017 and have recently shifted their attention to targeting cryptocurrencies. TA444 employs various infection methods and has a div...

ACTIVEMEDIUM2026

External References

Quick Facts

TypeAPT / Threat Group
Motivation💰 financial
Sophisticationhigh
Origin🇰🇵 North Korea
Aliases1
SourceMalpedia

Also Known As

TA444

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.