North Korea hacker group expands scope to include Japan, Vietnam targets: FireEye

North Korea hacker group expands scope to include Japan, Vietnam targets: FireEye

The group, codenamed APT37 (Reaper), is likely to have been active since 2012, and is expected to be used more in “previously unfamiliar roles and regions”, the cybersecurity vendor says.

SINGAPORE: A North Korean hacking group, codenamed APT37 (Reaper), has been assessed to be working on behalf of the North Korean government to target both public and private sector of not just South Korea, but also Japan, Vietnam and the Middle East.

This is according to the latest report released by cybersecurity vendor FireEye on Tuesday (Feb 20).

The group has likely been active since at least 2012 and focuses on targeting the public and private sectors primarily in South Korea, the report said, but added it has expanded its scope to include Japan, Vietnam and the Middle East in 2017. APT37 is also looking at a wider range of industry verticals such as chemicals, electronics, manufacturing, aerospace, automotive and healthcare organisations, it added.

The group's primary mission is covert intelligence gathering of North Korea's strategic military, political and economic interests, FireEye said, basing its assessment on the "consistent targeting of South Korean public and private entities and social engineering".

As for the latest developments, one piece of evidence the report cited was the targeting of North Korean defectors and human rights activists. These targets include a research fellow, advisory member and journalist associated with different North Korean human rights issues and strategic organisations.

An entity in Japan associated with the United Nations missions on sanctions and human rights was also targeted, the FireEye report said.

This is not the first time Japan has been identified being in the crosshairs of North Korea. A Reuters report earlier this month said South Korea's intelligence agency had told lawmakers that North Korean hackers could have been behind the US$530 million theft of virtual coins from cryptocurrency exchange Coincheck. 

Nearer home, the report also identified a general director of a Vietnamese international trading and transport company as one of APT37’s targets.

“We assess with high confidence that this activity is carried out on behalf of the North Korean government given malware development artifacts and targeting that aligns with North Korean state interests,” FireEye said in the report.

Going forward, the cybersecurity company expects APT37 to be used “more and more in previously unfamiliar roles and regions”, especially as pressure mounts on its sponsor.

“North Korea has repeatedly demonstrated a willingness to leverage its cyber capabilities for a variety of purposes, undeterred by notional redlines and international norms,” FireEye wrote.

“Though they have primarily tapped other tracked suspected North Korean teams to carry out the most aggressive actions, APT37 is an additional tool available to the regime, perhaps even desirable for its relative obscurity.”

Source: CNA/kk