North Korea steps up cyber powers with shadowy ‘Reaper’ hacker group
North Korea is stepping up its cyber capabilities to target international aerospace and defence industries through a shadowy and sophisticated hackers group called Reaper, a new report revealed on Tuesday.
The group, also known as APT37, was identified in research by American private security company FireEye, which tracks cyber-attackers around the world.
They reported that it is using malware to infiltrate computer networks and now represents “an advanced persistent threat” that has dramatically increased the reach of North Korea’s already formidable cyber operations.
Fears have been rising for some time about a growing North Korean cyber army of an estimated 6,000 hackers, handpicked by Pyongyang’s cyberwarfare agency, Bureau 121, and trained to plunder international banks, military espionage and to attack critical infrastructure.
Click Here: camisetas de futbol baratas
The latest analysis by FireEye describes APT37 as an “additional tool” in Pyongyang’s online armoury, claiming that the group’s activities are “expanding in scope and sophistication,” and will likely be used further.
“We assess with high confidence that this activity is carried out on behalf of the North Korean government,” the report says. “We judge that APT37’s primary mission is covert intelligence gathering in support of North Korea’s strategic military, political and economic interests.”
FireEye believes APT37 was founded in 2012 and is based in North Korea. From 2014 to 2017, its hackers concentrated primarily on the South Korean government, military defence, industrial base and media sectors.
However, last year it expanded its targets beyond the Korean Peninsula to include Japan, Vietnam, and the Middle East, focusing on a wider range of industries that encompassed chemicals, electronics, manufacturing, aerospace and the automotive and health sectors.
According to the security firm, APT37 has used a wide range of penetration techniques, and has planted custom-coded malware on targets’ computers capable of everything from eavesdropping via an infected microphone to completely wiping data.
“Their malware is characterised by a focus on stealing information from victims, with many set up to automatically exfiltrate data of interest,” the report says.
One piece of malware called DogCall allows the group’s hackers to steal screenshots, log keystrokes and access cloud storage services like Dropbox. It was used to target South Korean government and military organisations in March and April 2017.
“North Korea is not alone in having developed these capabilities, but the country’s disregard for international norms in cyber operations should be cause for concern,” Benjamin Read, FireEye’s Senior Manager for Cyber Espionage, told the Telegraph.
“North Korea has previously used cyber capabilities for financial gain and to destructive purposes,” he warned.
APT37 had consistently targeted South Korean public and private entities, and recently expanded, he pointed out. “Public and private sector organisations should gauge their risk and their ability to quickly detect and respond to these attacks,” said Mr Read.
North Korea war puff
FireEye’s report highlights companies and individuals who have already fallen foul of the group’s nefarious actions.
They include a Middle Eastern company that entered into a joint venture with the North Korean government in 2017 to provide a telecommunications service to the country, and may have been targeted when a business deal with a local company went wrong.
In May of last year, APT37 hit another Middle Eastern company by using a bank liquidation letter as a spear phishing lure against a board member.
The specially crafted email included an attachment that contained malware to create a backdoor to the victim’s compromised computer, enabling hackers to collect information, take screenshots and download malicious files.
Other known targets included the general director of a Vietnamese international trading company, a North Korean defector, a researcher and journalist associated with human rights issues, a Japanese entity associated with the United Nation’s missions on sanctions, and possibly Olympic officials.
Prior to APT37, North Korea’s most prolific hacking group, broadly referred to as Lazarus, has been blamed for pulling off audacious attacks around the world, including the leaking and destroying of Sony Pictures’ data in 2014.
In December, the US confirmed that Pyongyang was behind May’s WannaCry ransomware attack, which affected over 230,000 computers in over 150 countries.
Financial security experts believe the reclusive state is honing in on virtual coin markets to inject cash into its flagging economy, which is struggling under the weight of severe international sanctions over its nuclear and missiles programmes.
Most recently, authorities believe, but without proof, that North Korean hackers got away with £380 million from Tokyo-based exchange operator Coincheck in January, making it one of the largest cryptocurrency heists in history.
In December suspected North Korean hackers targeted a South Korean cryptocurrency exchange, stealing at least $7m worth of digital money and forcing one company, Youbit, into bankruptcy.
However, recent reports suggest that western powers may attempt to turn the tables on North Korea’s cyber army by launching their own online assaults to cripple Pyongyang’s online communications and ability to control its military, and to counter its targeting of cryptocurrencies.
Inside North Korea
Quoting senior US intelligence sources, Foreign Policy magazine said there has been a “nearly unprecedented scramble inside the agencies responsible for spying and cyber warfare” aimed at the Korean Peninsula.
In the last six months, the US has been covertly laying the groundwork for cyber attacks that would be routed through South Korea and Japan, where the US has extensive military facilities.
The preparations include installing fibre cables into the region and setting up remote bases and listening posts from where hackers will attempt to gain access to North Korea’s version of the internet, which is walled off from the rest of the world.
Meanwhile, the Defence Clandestine Service, a division of the Defence Intelligence Agency, has reportedly increased its presence in Asia and is “working on putting the elite of the elite on the peninsula to collect and respond,” an intelligence official told the magazine.