The Korea Herald


[Newsmaker] NK hackers expand targets beyond South Korea: reports

By Jung Min-kyung

Published : Feb. 21, 2018 - 15:49

    • Link copied

A North Korean hacking group has broadened its scope of attack from the South Korean government and private sector to other nations as well, according to a top cybersecurity firm report. 

Workers at the Korea Internet and Security Agency in Seoul, South Korea, monitored the spread of ransomware cyberattacks. (Yonhap) Workers at the Korea Internet and Security Agency in Seoul, South Korea, monitored the spread of ransomware cyberattacks. (Yonhap)

US cybersecurity firm FireEye said the state-backed “Reaper” hacking organization, which it dubbed “APT 37,” expanded its target list to include Japan, Vietnam and the Middle East last year. It has been spying on South Korean targets since at least 2012.

The North Korean cyber espionage group previously operated in the shadows of Lazarus Group, a better-known North Korean spying and cybercrime group widely blamed for the 2014 Sony Pictures and 2017 WannaCry attacks.

Although APT 37’s primary focus remains spying on the South Korean government, military, defense, industrial organizations and media, it now has eyes on an organization in Japan associated with United Nations missions on human rights and sanctions against the regime. A Vietnamese trade and transport firm is also reportedly being targeted.

The target list stretches to a Middle Eastern financial company as well as an unnamed mobile network operator, which FireEye said had provided mobile phone service in North Korea until business dealings with the government fell apart.

The group is also expected to continue attacking North Korean defectors and human rights groups in South Korea.

The report came after revelations the spy group is capable of rapidly exploiting multiple “zero-day” bugs -- previously unknown software glitches that leave security firms no time to defend against attacks, John Hultquist, FireEye’s director of intelligence analysis said, according to CNN.

North Korea’s overall cyber operations and hacking skills are becoming more sophisticated, another security firm noted.

According to a separate report by security firm CrowdStrike, North Korea’s malware is “capable of stealing documents from the air-gapped or disconnected networks.” Primary targets include the government, military, defense, finance, energy and electric utility sectors, it added.

Analysts warn that it’s crucial for the international community to cooperate in dealing with North Korea’s cyberattacks and for respective nations to be fully aware of the scale of damage it is capable of causing.

“Cyberattacks can be seen as a crucial part of North Korea’s key strategy in dealing with the international community, in line with its nuclear and missile program,” Lee Kyung-ho, a professor at Korea University’s Graduate School of Information Security, told The Korea Herald.

“It’s a cost-efficient method that can be used to confuse nations without literally launching missiles or making ‘physical’ provocations,” he added.

Lee said that it’s difficult for sanctions to directly ban such cyberattacks, but cooperation in drawing sanctions in other sectors can enhance cybersecurity.

South Korea has been hit by North Korean cyberattacks in recent years with the latest events linked to the fast-growing cryptocurrency market.

The South Korean spy agency said in a National Assembly intelligence briefing earlier this year that North Korea is responsible for recent cryptocurrency thefts and that it continues to make other hacking attempts.

By Jung Min-kyung (