A Middle Eastern telecoms organisation was targeted by a cyber espionage threat from North Korea, a report has revealed.
The targeting effort may have been on behalf of the North Korean government in an attempt to gather information on a former business partner, the report by security firm FireEye suggests.
In a blog post released by FireEye, it said that the espionage group was now being tracked as ‘APT37’ or Reaper.
“Our analysis of APT37’s recent activity reveals that the group’s operations are expanding in scope and sophistication, with a toolset that includes access to zero-day vulnerabilities and wiper malware,” the post said. “We assess with high confidence that this activity is carried out on behalf of the North Korean government given malware development artifacts and targeting that aligns with North Korean state interests. FireEye iSIGHT Intelligence believes that APT37 is aligned with the activity publicly reported as Scarcruft and Group123.”
The report also suggested that APT37 has likely been active since at least 2012 and focuses on targeting the public and private sectors primarily in South Korea. In 2017, APT37 expanded its targeting beyond the Korean peninsula to include Japan, Vietnam and the Middle East, and to a wider range of industry verticals, including chemicals, electronics, manufacturing, aerospace, automotive and healthcare entities, the report added.
With regards to the involvement of the Middle Eastern telecoms organisation, the report said, “We believe a Middle Eastern organisation was targeted by APT37 because it had been involved with a North Korean company and a business deal went bad. This firm was targeted shortly after media reports of this schism had gone public. The targeting effort may have been an attempt by the North Korean government to gather information on a former business partner. The operation exemplifies APT37’s tactics, techniques and procedures (TTPs), and reflects the advanced capabilities of this espionage group.”