From
Send to

North Korean hacking group Reaper's attacks go beyond South Korea

April 5, 2018 - 15:54 By Sohn Ji-young
For years, North Korea has launched persistent cyberattacks, largely directed at its Southern neighbor, in an aim to steal key security intelligence and generate cash for the regime.

Though it’s difficult to map out the exact scope of the North’s hacking campaigns, cybersecurity company FireEye says it has newly identified a North Korean espionage group able to launch highly sophisticated cyberattacks, and out to target organizations in not only South Korea but also other countries.

Officials of FireEye, a US-based cyber securities firm, were in Seoul to participate in the Cyber Defense Live 2018 conference on Thursday.

(123RF)

“Reaper,” also known as APT37, is a North Korea-affiliated cyber-spy group thought to be active since 2012, according to FireEye. The firm has assessed with “high confidence” that APT37 operates in support of the North Korean government and launches its attacks from within the country.

In the past, APT37 has mostly targeted its attacks on South Korean government agencies involved in policy guidance as well as strategic defense industries, usually by sending targets phishing emails containing malware and by compromising frequently-visited websites, it explained.

But from 2017, the group was seen launching cyberattacks on entities overseas including a Japan-based organization associated with the United Nations’ sanctions, an executive of a Vietnamese trading firm and a Middle Eastern company involved in a failed business deal with North Korea, according to FireEye.

“They’ve got good mechanisms to specifically target not only South Korean organizations, but also other organizations (in other countries),” Tim Wellsmore, FireEye's director of threat intelligence for the Asia-Pacific region, told reporters on the sidelines of the conference.

Tim Wellsmore, FireEye's director of threat intelligence for the Asia-Pacific region (FireEye)

Despite the recent climate of peace emerging between South Korea and North Korea, Wellsmore said it was unlikely that Pyongyang would ease its cyberattacks.

The FireEye executive pointed out that cyber espionage campaigns are not used only during times of tension, but that they are prevalent even among peaceful nations.

In addition, the global cybersecurity firm warned that the organizations in Asia-Pacific should strengthen their cybersecurity barriers, as the region is the slowest to detect intruders, compared to those in North America and Europe.

The APAC region sees the highest dwell time — the number of days from the first evidence of a cyberattack made on a victim network before detection, according to FireEye’s M-Trends 2018 report.

By Sohn Ji-young (jys@heraldcorp.com)