North Korean hacking group ‘Reaper’ grows into global threat: FireEye

According to a report by cyber security firm FireEye, a North Korean hacking group, called Reaper, has grown to become a global threat, capable of targeting a variety of sectors.

By: Bloomberg | Updated: February 23, 2018 5:26:37 pm
North Korean hackers, FireEye report, Reaper hacking group, cyber warfare, Lazarus Sony data theft, IP addresses, global cyber security, Kim Jong-un, email targets The hacking group – traced to an IP address in North Korea – now infiltrates a range of industries from electronics and aerospace to automotive and health care, the cybersecurity firm said. (Image Source: Bloomberg)

North Korean cyber-spy group ‘Reaper’ is emerging as a global threat, conducting espionage well beyond the Korean peninsula in support of Pyongyang’s military and economic interests, FireEye Inc said.

The group, known also as APT37, in 2017 began attacking targets in Japan, Vietnam and the Middle East after having focused on its southern neighbor for years, FireEye said in a report. The hacking group – traced to an IP address in North Korea – now infiltrates a range of industries from electronics and aerospace to automotive and health care, the cybersecurity firm said.

Reaper joins a growing list of hacking units linked to Kim Jong Un’s regime, including ‘Lazarus,’ which the US blamed for a 2014 data theft at Sony Pictures Entertainment. North Korea has been widening its cyber-operations in pursuit of cash and intelligence in an attempt to cushion the impact of international sanctions, and Reaper underscores the challenge in fending them off.

“They’ve laid low on the radar for a long time,” John Hultquist, director of FireEye’s intelligence unit, said by phone. “They are probably not getting their due, considering this is a tool of the regime that can be used in all the same ways that Lazarus is being used.”

Reaper has been active since at least 2012, and typically sends its targets emails laced with malware to steal confidential information. Its targets have included a Middle Eastern telecommunications company doing business in North Korea, a Japan-based entity associated with a United Nations group on sanctions and the general director of a Vietnamese trading company, FireEye said, declining to name the victims.

“North Korea appears to be confident about hacking South Korea and now wants to look beyond,” said Shin Jin, a professor of political science at South Korea’s Chungnam National University. “Foreign nations are an unexplored market and many of them have security infrastructure weaker than South Korea.”

The group came under FireEye’s scrutiny when South Korea warned last month about a security vulnerability in Adobe Flash. A developer believed to belong to Reaper made the mistake of revealing his or her North Korean IP address, Hultquist said. It’s unclear how large the group is, he added. “Ignored, these threats enjoy the benefit of surprise, allowing them to extract significant losses on their victims, many of whom have never previously heard of the actor,” FireEye said in an emailed statement.

For all the latest Technology News, download Indian Express App

Advertisement
Advertisement
Advertisement
Advertisement