N Korean Hacking Widens To Target Multinationals

Uploaded on 2018-03-02 in INTELLIGENCE-Hot Spots-North Korea, GOVERNMENT-National, FREE TO VIEW, NEWS-Cybersecurity News, TECHNOLOGY--Hackers

The North Korean–linked hacking group known as Reaper is expanding its operations in both scope and sophistication, and it has now graduated to the level of an advanced persistent threat.

According to FireEye, the threat actor has carried out long-term targeting of North Korea’s interests in South Korea since 2013, but it’s now focusing on multinational campaigns using advanced capabilities. 

For instance, the group recently exploited a zero-day vulnerability in Adobe Flash Player, CVE-2018-4878, which represents a concerning level of technical sophistication.

“The slow transformation of regional actors into global threats is well established,” the firm said in a report on the group, which has added a new moniker to its name: APT37. “Minor incidents in Ukraine, the Middle East and South Korea have heralded the threats, which are now impossible to ignore. 
“In some cases, the global economy connects organisations to aggressive regional actors. In other cases, a growing mandate draws the actor on to the international stage. Ignored, these threats enjoy the benefit of surprise, allowing them to extract significant losses on their victims, many of whom have never previously heard of the actor.”

Reaper has set its sights primarily on corporations in vertical industries, including chemicals, electronics, manufacturing, aerospace, automotive and healthcare, and has been seen recently targeting Japan, Vietnam and the Middle East. 
It uses social engineering tactics tailored specifically to desired targets, strategic web compromises and torrent file-sharing sites to distribute malware more indiscriminately.

That malware represents a diverse bag of tricks to be used for both initial intrusion and data exfiltration, including custom malware used for espionage purposes. Its tool set includes access to zero-day vulnerabilities and destructive wiper malware, say FireEye. 

The firm also noted that it’s possible that APT37’s distribution of malware via torrent websites could assist in creating and maintaining botnets for future distributed denial-of-service (DDoS) attacks, or for other activity such as financially motivated campaigns or disruptive operations.

As far as attribution, “disruptive and destructive cyber-threat activity (including the use of wiper malware, public leaks of proprietary materials by false hacktivist personas, DDoS attacks and electronic warfare tactics such as GPS signal jamming) is consistent with past behavior by other North Korean actors,” the firm said. FireEye also detected malware development artifacts that points to Pyongyang, and the targeting aligns with North Korean state interests.

“North Korea has repeatedly demonstrated a willingness to leverage its cyber capabilities for a variety of purposes, undeterred by notional redlines and international norms,” FireEye noted. 
“Though they have primarily tapped other tracked suspected North Korean teams to carry out the most aggressive actions, APT37 is an additional tool available to the regime, perhaps even desirable for its relative obscurity. We anticipate APT37 will be leveraged more and more in previously unfamiliar roles and regions, especially as pressure mounts on their sponsor.

Infosecurity:

You Might Also Read: 

North Korea's Cyber Army Has A New Battalion:

Corporate Defence Plan Against Cyberattacks:

 

« Three Sectors Being Transformed By AI
Blockchain & Cryptocurrency May Soon Underpin Cloud Storage »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Aptive Consulting

Aptive Consulting

Aptive is a cyber security consultancy providing Penetration Testing and Vulnerability Assessment services.

PhishLine

PhishLine

PhishLine helps Information Security Professionals meet and overcome the increasing challenges associated with social engineering and phishing.

Siscon

Siscon

Siscon delivers tailor-made compliance solutions that are based on the customer's specific wishes and reality and then supplement with many years of experience in the field.

Beame.io

Beame.io

Beame.io is an information security company that distributes open source authentication infrastructure based on encryption.

Cybrary

Cybrary

Cybrary is an open-source cyber security and IT learning and certification preparation platform.

Securicon

Securicon

Securicon provides expert consulting for application, system and network security.

Taqnia Cyber

Taqnia Cyber

Taqnia Cyber specializes in the fields of cyber security, intelligence, operations, and training. It offers its services and consultations to both public and private sectors.

Tangible Security

Tangible Security

Tangible employs the most sophisticated cyber security tools and techniques available to protect our clients’ sensitive data, infrastructure and competitive advantage.

CYRISMA

CYRISMA

CYRISMA is a revolutionary cybersecurity platform that helps organizations manage risk without the usual headaches associated with enterprise cybersecurity tools.

Commonwealth Cyber Initiative (CCI)

Commonwealth Cyber Initiative (CCI)

The Commonwealth Cyber Initiative is establishing Virginia as a global center of excellence at the intersection of security, autonomous systems, and data.

BitTrap

BitTrap

BitTrap helps companies worldwide detect attackers and put an early end to breaches, preventing data exfiltration and ransomware altogether.

Contextual Security Solutions

Contextual Security Solutions

Contextual Security Solutions is a leading provider of penetration testing services and IT security & compliance audits.

RealTyme

RealTyme

RealTyme is a secure communication and collaboration platform with privacy and human experience at its core.

Arcanna.ai

Arcanna.ai

Using a wide range of out-of-the box integrations, Arcanna.ai continuously learns from existing enterprise cybersecurity experts and scales your team’s capacity to deal with threats.

Istari

Istari

ISTARI is a new kind of cyber risk management company. We’re an agile collective of best-in-class capabilities and experts, who build ongoing partnerships with clients.

ASRC Federal

ASRC Federal

ASRC Federal’s mission is to help federal civilian, intelligence and defense agencies achieve successful outcomes and elevate their mission performance.

ThreatCaptain

ThreatCaptain

ThreatCaptain is a Cybersecurity Leadership Development Company driven to enhance and illuminate cybersecurity risk through strategic alignment and informed business decision-making.

Trovent Security

Trovent Security

Trovent was founded with a clear goal: to support medium-sized companies in significantly increasing their IT security level.