N Korean Hacking Widens To Target Multinationals

The North Korean–linked hacking group known as Reaper is expanding its operations in both scope and sophistication, and it has now graduated to the level of an advanced persistent threat.

According to FireEye, the threat actor has carried out long-term targeting of North Korea’s interests in South Korea since 2013, but it’s now focusing on multinational campaigns using advanced capabilities. 

For instance, the group recently exploited a zero-day vulnerability in Adobe Flash Player, CVE-2018-4878, which represents a concerning level of technical sophistication.

“The slow transformation of regional actors into global threats is well established,” the firm said in a report on the group, which has added a new moniker to its name: APT37. “Minor incidents in Ukraine, the Middle East and South Korea have heralded the threats, which are now impossible to ignore. 
“In some cases, the global economy connects organisations to aggressive regional actors. In other cases, a growing mandate draws the actor on to the international stage. Ignored, these threats enjoy the benefit of surprise, allowing them to extract significant losses on their victims, many of whom have never previously heard of the actor.”

Reaper has set its sights primarily on corporations in vertical industries, including chemicals, electronics, manufacturing, aerospace, automotive and healthcare, and has been seen recently targeting Japan, Vietnam and the Middle East. 
It uses social engineering tactics tailored specifically to desired targets, strategic web compromises and torrent file-sharing sites to distribute malware more indiscriminately.

That malware represents a diverse bag of tricks to be used for both initial intrusion and data exfiltration, including custom malware used for espionage purposes. Its tool set includes access to zero-day vulnerabilities and destructive wiper malware, say FireEye. 

The firm also noted that it’s possible that APT37’s distribution of malware via torrent websites could assist in creating and maintaining botnets for future distributed denial-of-service (DDoS) attacks, or for other activity such as financially motivated campaigns or disruptive operations.

As far as attribution, “disruptive and destructive cyber-threat activity (including the use of wiper malware, public leaks of proprietary materials by false hacktivist personas, DDoS attacks and electronic warfare tactics such as GPS signal jamming) is consistent with past behavior by other North Korean actors,” the firm said. FireEye also detected malware development artifacts that points to Pyongyang, and the targeting aligns with North Korean state interests.

“North Korea has repeatedly demonstrated a willingness to leverage its cyber capabilities for a variety of purposes, undeterred by notional redlines and international norms,” FireEye noted. 
“Though they have primarily tapped other tracked suspected North Korean teams to carry out the most aggressive actions, APT37 is an additional tool available to the regime, perhaps even desirable for its relative obscurity. We anticipate APT37 will be leveraged more and more in previously unfamiliar roles and regions, especially as pressure mounts on their sponsor.

Infosecurity:

You Might Also Read: 

North Korea's Cyber Army Has A New Battalion:

Corporate Defence Plan Against Cyberattacks:

 

« Three Sectors Being Transformed By AI
Blockchain & Cryptocurrency May Soon Underpin Cloud Storage »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Sapphire

Sapphire

Sapphire deliver flexible and scalable cybersecurity solutions, helping organisations to detect, protect, respond and remediate against cyber threats.

Black Kite

Black Kite

Black Kite (formerly NormShield) provides comprehensive Security-as-a-Service solutions focused on cyber threat intelligence, vulnerability management and continuous perimeter monitoring.

_cyel

_cyel

_cyel is introducing a new cybersecurity strategy: not a new generation of patches and firewalls, but moving target security – we take away the targets. Without replacing your existing system.

DFI

DFI

DFI is a global leading provider of high-performance computing technology across multiple embedded industries.

EOL IT Services

EOL IT Services

EOL IT Services is the UK’s most accredited provider of IT Asset Disposal (ITAD), Lifecycle Services and Data Destruction.

HITRUST Alliance

HITRUST Alliance

HITRUST provides widely-adopted common risk and compliance management frameworks, related assessment and assurance methodologies.

US Marine Corps Forces Cyberspace Command (MARFORCYBER)

US Marine Corps Forces Cyberspace Command (MARFORCYBER)

US Marine Corps Forces Cyberspace Command (MARFORCYBER) conducts full spectrum military cyberspace operations in order to enable freedom of action in cyberspace and deny the same to the adversary.

CyberCatch

CyberCatch

CyberCatch provides an innovative cybersecurity Software-as-a-Service (SaaS) platform designed for SMBs.

Babble

Babble

Babble is a Unified Comms, Contact Centre and Cyber Solutions provider. We believe in making next-generation technology simple to use, deploy and manage.

Lab 1

Lab 1

Lab 1 turns criminal data breaches and attacks into insights. Get alerts of data breaches or ransomware attack incidents as they happen.

FTx Identity

FTx Identity

FTx Identity is the world's most advanced age verification technology (AVT) and identity management system.

CYTUR

CYTUR

CYTUR provide trusted and secured maritime cybersecurity solutions to keep ships safe, protecting them, their crews, cargo and all stakeholders from maritime cyber threats.

CERT.ar

CERT.ar

CERT.ar is the national Computer Emergency Response Team for the technical-administrative management of computer security incidents in the National Public Sector of Argentina.

BioID

BioID

BioID are a German company offering deepfake detection, liveness detection, facial authentication & identity verification as a Service. 

QPoint Technologies

QPoint Technologies

QPoint provides solutions and consulting in areas including software engineering, testing, cybersecurity, ICT, web, mobile, project management, and complex integration processes.

Pacific Certifications

Pacific Certifications

Pacific Certifications provide accredited certification, training and support services to help you improve processes, performance and products and services.