Breaking News
0
Ad-Free Version. Upgrade your Investing.com experience. Save up to 40% More details

Lesser-known North Korea cyber-spy group goes international: report

TechnologyFeb 20, 2018 11:58AM ET
Saved. See Saved Items.
This article has already been saved in your Saved Items
 
© Reuters. Illustration photo of binary code against a North Korean flag

By Eric Auchard

FRANKFURT (Reuters) - A North Korean cyber espionage group previously known only for targeting South Korea's government and private sector deepened its sophistication and hit further afield including in Japan and the Middle East in 2017, security researchers said on Tuesday.

Cyber attacks linked by experts to North Korea have targeted aerospace, telecommunications and financial companies in recent years, disrupting networks and businesses around the world. North Korea rejects accusations it has been involved in hacking.

U.S. cyber security firm FireEye said the state-connected Reaper hacking organization, which it dubbed APT37, had previously operated in the shadows of Lazarus Group, a better-known North Korean spying and cybercrime group widely blamed for the 2014 Sony Pictures and 2017 global WannaCry attacks.

APT37 had spied on South Korean targets since at least 2012 but has been observed to have expanded its scope and sophistication to hit targets in Japan, Vietnam and the Middle East only in the last year, FireEye said in a report.

The reappraisal came after researchers found that the spy group showed itself capable of rapidly exploiting multiple "zero-day" bugs - previously unknown software glitches that leave security firms no time to defend against attacks, John Hultquist, FireEye's director of intelligence analysis said.

"Our concern is that their (international) brief may be expanding, along with their sophistication," Hultquist said.

"We believe this is a big thing".

APT37 has focused on covert intelligence gathering for North Korea, rather than destructive attacks or financial cyber crime, as Lazarus Group and other similar hacking groups have been shown to engage in order to raise funds for the regime, it said.

The group appears to be connected to attack groups previously described as ScarCruft by security researchers at Kaspersky and Group123 by Cisco's Talos unit, FireEye said.

"We assess with high confidence that this activity is carried out on behalf of the North Korean government given malware development artefacts and targeting that aligns with North Korean state interests," the security report said.

From 2014 until 2017, APT37 concentrated mainly on South Korean government, military, defense industrial organizations and the media sector, as well as targeting North Korean defectors and human rights groups, the report said.

Since last year, its focus has expanded to include an organization in Japan associated with the United Nations missions on human rights and sanctions against the regime and the director of a Vietnamese trade and transport firm.

Its spy targets included a Middle Eastern financial company as well as an unnamed mobile network operator, which FireEye said had provided mobile phone service in North Korea until business dealings with the government fell apart.

FireEye declined to name the firm involved, but Egypt's Orascom (CA:OTMT) provided 3G phone service in the country via a joint venture from 2002 to 2015, until the North Korean regime seized control of the venture, according to media reports.

Asked for comment, a spokeswoman for Orascom said she had no immediate knowledge of the matter and was looking into it.

Lesser-known North Korea cyber-spy group goes international: report
 

Related Articles

Big Tech critic Khan becomes U.S. FTC chair
Big Tech critic Khan becomes U.S. FTC chair By Reuters - Jun 15, 2021 6

By David Shepardson, Nandita Bose and Diane Bartz WASHINGTON (Reuters) -Lina Khan, an antitrust researcher focused on Big Tech's immense market power, was sworn in on Tuesday as...

Add a Comment

Comment Guidelines

We encourage you to use comments to engage with users, share your perspective and ask questions of authors and each other. However, in order to maintain the high level of discourse we’ve all come to value and expect, please keep the following criteria in mind: 

  • Enrich the conversation
  • Stay focused and on track. Only post material that’s relevant to the topic being discussed.
  • Be respectful. Even negative opinions can be framed positively and diplomatically.
  •  Use standard writing style. Include punctuation and upper and lower cases.
  • NOTE: Spam and/or promotional messages and links within a comment will be removed
  • Avoid profanity, slander or personal attacks directed at an author or another user.
  • Don’t Monopolize the Conversation. We appreciate passion and conviction, but we also believe strongly in giving everyone a chance to air their thoughts. Therefore, in addition to civil interaction, we expect commenters to offer their opinions succinctly and thoughtfully, but not so repeatedly that others are annoyed or offended. If we receive complaints about individuals who take over a thread or forum, we reserve the right to ban them from the site, without recourse.
  • Only English comments will be allowed.

Perpetrators of spam or abuse will be deleted from the site and prohibited from future registration at Investing.com’s discretion.

Write your thoughts here
 
Are you sure you want to delete this chart?
 
Post
Post also to:
 
Replace the attached chart with a new chart ?
1000
Your ability to comment is currently suspended due to negative user reports. Your status will be reviewed by our moderators.
Please wait a minute before you try to comment again.
Thanks for your comment. Please note that all comments are pending until approved by our moderators. It may therefore take some time before it appears on our website.
 
Are you sure you want to delete this chart?
 
Post
 
Replace the attached chart with a new chart ?
1000
Your ability to comment is currently suspended due to negative user reports. Your status will be reviewed by our moderators.
Please wait a minute before you try to comment again.
Add Chart to Comment
Confirm Block

Are you sure you want to block %USER_NAME%?

By doing so, you and %USER_NAME% will not be able to see any of each other's Investing.com's posts.

%USER_NAME% was successfully added to your Block List

Since you’ve just unblocked this person, you must wait 48 hours before renewing the block.

Report this comment

I feel that this comment is:

Comment flagged

Thank You!

Your report has been sent to our moderators for review
Disclaimer: Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. All CFDs (stocks, indexes, futures) and Forex prices are not provided by exchanges but rather by market makers, and so prices may not be accurate and may differ from the actual market price, meaning prices are indicative and not appropriate for trading purposes. Therefore Fusion Media doesn`t bear any responsibility for any trading losses you might incur as a result of using this data.

Fusion Media or anyone involved with Fusion Media will not accept any liability for loss or damage as a result of reliance on the information including data, quotes, charts and buy/sell signals contained within this website. Please be fully informed regarding the risks and costs associated with trading the financial markets, it is one of the riskiest investment forms possible.
Continue with Google
or
Sign up with Email