Report: North Korean Hacking Group Ramps Up Operations

Hackers previously connected to attacks primarily targeting South Korea have expanded their operations to include campaigns against industries in Asia and the Middle East, security researchers warned in a report Tuesday.

Known by names including "APT37" and "Reaper," the suspected North Korean state-sponsored hacking outfit has made gains recently in terms of both the scale and sophistication of its cyberattacks, FireEye's iSIGHT research group said in the report.

Previously linked mostly to attacks against Seoul and South Korea's private sector starting in 2012, last year the hackers launched campaigns against targets in Japan, Vietnam and the Middle East, including entities in the chemicals, electronics, manufacturing, aerospace, automotive and health care entities, the report said.

"We assess with high confidence that this activity is carried out on behalf of the North Korean government," the report said, citing malware used in the attacks and the nature of the intended victims.

While North Korea has been accused of international cyberattacks in the past, successful campaigns including the 2014 attack against Sony Pictures Entertainment have been attributed to a separate group of suspected state-sponsored hackers commonly referred to as the Lazarus Group.

Fresh off the Lazarus Group being blamed by the U.S. and other for last year's international WannaCry cyberattack, its lesser known hacking cohorts could soon be launching similarly devastating campaigns if its operations continue to increase at this rate, warned John Hultquist, FireEye's manager of analysis.

"Our concern is that their [international] brief may be expanding, along with their sophistication," Mr. Hultquist told Reuters. "We believe this is a big thing."

CrowdStrike, a competing cybersecurity firm, has also been monitoring the hacking group's activities, NBC News reported.

"Their malware is quite sophisticated and is capable of stealing documents from the air-gapped or disconnected networks," CrowdStrike analysts wrote in an intelligence report cited by the network. "Primary targets include government, military,...

Comments are closed.