The group, called Reaper (code name: APT37), was previously responsible for several attacks on private and public entities in South Korea, North Korean defectors, and even individuals involved with the Olympic organizations.
A recent report by FireEye, a cybersecurity company based in California, has brought attention to a hacker group named APT37, which has likely been active since 2012. The report, titled "APT37 (Reaper): The Overlook North Korean Actor," suggests that since 2017, the group has branched out to include multinational targets outside of the Korean Peninsula including Vietnam, Japan, and the Middle East.
Specifically, in 2017, some of the group’s victims included a general director of a Vietnamese international trading and transport company, a Japanese human rights organization that has ties with the United Nations, and a Middle Eastern telecommunications company that entered a joint venture with the North Korea government but the deal didn't go through.
The cybersecurity company believes that the hacker collective operates primarily in North Korea and that "APT37 acts in support of the North Korean government," as many of its attacks align with the country’s objectives.
In an interview with WIRED, John Hultquist, FireEye’s director of intelligence analysis, warned about how sophisticated and dangerous APT37 can be: "This operator has continued to operate in a cloud of obscurity, mostly because they’ve stayed regional. But they’re showing all the signs of a maturing asset that’s commanded by the North Korean regime and can be turned to any purpose it wants."
APT37’s most common technique to get a hold of users’ personal device is using zero-day vulnerability, which means exploiting unknown security vulnerabilities on the same day said vulnerabilities are made known. Flaws in Adobe Flash, BitTorrent, and the Hangul word processor are also utilized to spread malware via attachments.
Once a device is infected, APT37’s toolsets allow the hacker group to do a handful of disturbing things including taking computer screenshots, recording keystrokes, browsing files, stealing credentials from user’s browser memory, hijacking microphones to eavesdrop audio logs, or even destroying computer systems.
[Photo via Bloomberg]
