A North Korean hacking group has expanded its target range from the South Korean government and private sector to a more international stage, according to a top cybersecurity firm report.
US cybersecurity firm FireEye said the state-backed “Reaper” hacking organisation, which it dubbed “APT 37,” have been spying on South Korean targets since at least 2012, but that it seems to have expanded its targets to include Japan, Vietnam and the Middle East last year.
The North Korean cyber espionage group previously operated in the shadows of Lazarus Group, a better-known North Korean spying and cybercrime group widely blamed for the 2014 Sony Pictures and 2017 WannaCry attacks.
Although APT 37’s primary focus remains spying on the South Korean government, military, defense industrial organisations and media, it now has eyes on an organisation in Japan associated with United Nations missions on human rights and sanctions against the regime. The director of a Vietnamese trade and transport firm is also reportedly being targeted.
The target list stretches to a Middle Eastern financial company as well as an unnamed mobile network operator, which FireEye said had provided mobile phone service in North Korea until business dealings with the government fell apart.
The group is expected to continue attacking North Korean defectors and human rights groups in South Korea.
The report came after revelations the spy group is capable of rapidly exploiting multiple “zero-day” bugs — previously unknown software glitches that leave security firms no time to defend against attacks, John Hultquist, FireEye’s director of intelligence analysis said, according to CNN.
North Korea’s overall cyber operations and hacking skills are becoming more sophisticated, another security firm noted.
According to a separate report by security firm CrowdStrike, North Korea’s malware is “capable of stealing documents from the air-gapped or disconnected networks.” Primary targets include the government, military, defense, finance, energy and electric utility sectors, it added.
Analysts warn that it’s crucial for the international community to cooperate in dealing with North Korea’s cyberattacks and for respective nations to be aware of the risks.
“Cyberattacks can be seen as a crucial part of North Korea’s key strategy in dealing with the international community, in line with its nuclear and missile program,” Lee Kyung-ho, a professor at Korea University’s Graduate School of Information Security, told The Korea Herald.
“It’s a cost-efficient method that can be used to confuse nations without literally launching missiles or making ‘physical’ provocations,” he added.
Lee said that it’s difficult for sanctions to directly ban such cyberattacks, but cooperation in drawing sanctions in other sectors can enhance cybersecurity.
South Korea has been hit by North Korean cyberattacks in recent years with the latest events linked to the fast-growing cryptocurrency market.
The South Korean spy agency said earlier this year that North Korea continues to make hacking attempts to steal cryptocurrency, in a National Assembly intelligence briefing.
———
© 2018 the Asia News Network (Hamburg, Germany)
Distributed by Tribune Content Agency, LLC.