NORTH KOREA’S cyber-espionage capabilities are expanding well beyond its neighbour South Korea and are now targeting aerospace and defence industries across Asia and the Middle East, a new study has revealed.
Researchers at the US cybersecurity firm FireEye said the state-connected Reaper hacking organisation, which it dubbed APT37, has targeted aerospace, telecommunications, and financial companies in recent years, disrupting networks and businesses around the world.
The report suggests the group has been active since 2012, but has now graduated to the level of an advanced persistent threat, targeting both the public and private sectors in South Korea and beyond.
On Feb. 2nd we published a blog post detailing the use of an Adobe Flash #0day vulnerability (CVE-2018-4878) by a suspected North Korean cyber espionage group that we now track as #APT37 (Reaper). Read our ungated report on this new group: https://t.co/7NJ8mvkW01 pic.twitter.com/YFbNlQ5T0q
— FireEye (@FireEye) February 20, 2018
In 2017, the hacker group expanded its scope to include Japan, Vietnam and the Middle East. APT37 is also looking at a broader range of industry verticals such as chemicals, electronics, manufacturing, aerospace, automotive and healthcare organisations, the report said.
The reappraisal came after researchers found that the spy group showed itself capable of rapidly exploiting multiple “zero-day” bugs – previously unknown software glitches that leave security firms no time to defend against attacks, FireEye’s director of intelligence analysis John Hultquist said.
“Our concern is that their (international) brief may be expanding, along with their sophistication,” Hultquist said. “We believe this is a big thing.”
The report comes after months of escalating rhetoric between Kim Jong Un and US President Donald Trump, as Pyongyang refuses to slow progress in developing a nuclear warhead and ballistic missile system capable of hitting the US mainland.
The Trump administration blamed North Korea for the WannaCry malware attacks that caused havoc at hospitals, banks, and other companies in May 2017. It was suggested that the UK and the US launched retaliatory cyber attacks on Pyongyang in response to the chaos caused.
From 2014 until 2017, APT37 concentrated mainly on South Korean government, military, defense industrial organisations and the media sector, as well as targeting North Korean defectors and human rights groups, the report said.
Since last year, its focus has expanded to include an organisation in Japan associated with the United Nations missions on human rights and sanctions against the regime and the director of a Vietnamese trade and transport firm.
Additional reporting from Reuters