A New North Korean Hacker Group Is Making a Name for Itself (created a lot of custom malware)

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
A lesser-known North Korean cyber-espionage outfit has become more active on the international scene in 2017, after spending the previous five years targeting only South Korean government agencies and North Korean defectors.

A history of the group's activities, which have been going on since 2012, have been compiled in a report released yesterday by US cyber-security company FireEye.

Lazarus Group's smaller brother
The report refers to the group by the codename of APT37 (also Reaper), but other companies track it as Group123 (Cisco Talos), FreeMilk (Palo Alto Networks), or StarCruft, Operation Daybreak, Operation Erebus (Kaspersky Lab).

The group has been quite active, but because it targeted mainly South Korean targets, it has not received the same amount of press coverage that fellow North Korean hacking group Lazarus Group has received.

Fair enough, hacking Sony Movie Pictures and a bunch of banks across the world, gets you more attention than going after North Korean defectors and small-time South Korean government agencies.
Click to expand...
Group expands activity to international targets
But Lazarus Group will now have a rival for media coverage, and the reason is that APT37 has expanded its operations to include foreign targets.

New targets targeted in 2017 and 2018 include companies and government agencies in Japan, Vietnam and many Middle East countries. FireEye says it detected APT37 attacks right after business deals between North Korea and companies in Vietnam and the Middle East went sideway.
..
-----
---
Click to expand...
APT37 has created a lot of custom malware
At the technical level, the group is no slouch either. APT37 has been credited with creating multiple malware families in the past six years. In fact, it was APT37 behind the recent Adobe Flash Player zero-day Bleeping Computer wrote about at the start of the month.

The FireEye report paints a pretty good picture of how the group often relied on Flash vulnerabilities to infect targets, and how they varied their operations for different targets.

APT37 created several malware families across the years, ranging from backdoors to data wipers. They also used an ever-shifting infrastructure, relying on AOL Instant Messenger, pCloud, and Dropbox for their command-and-control servers, and on spear-phishing, hacked websites, and torrent files for spreading their malicious payloads.

Their malware and exploit arsenal is also something to behold, the group being behind several interesting and quite well-built tools, such as:
...
.......
..
..............
Click to expand...
 
  • Like
Reactions: spaceoctopus, harlan4096, Deleted member 65228 and 1 other person
You must log in or register to reply here.

Similar threads

MuzzMelbourne
    • Like
APT37 hackers deploy new FadeStealer eavesdropping malware
Replies
1
Views
1,126
News Archive
Stenographers
Stenographers
[correlate]
    • Like
    • +Reputation
    • Wow
The Unintentional Leak: A glimpse into the attack vectors of APT37
Replies
0
Views
517
News Archive
[correlate]
[correlate]
vtqhtr413
    • +Reputation
    • Like
Security News ScarCruft APT Group Gears Up to Target Cybersecurity Pros
Replies
0
Views
1,250
Security News
vtqhtr413
vtqhtr413

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top