A lesser known hacker group believed to be working on behalf of the North Korean government has been expanding the scope and sophistication of its campaigns, according to a report published on Tuesday by FireEye.
The threat actor is tracked by FireEye as APT37 and Reaper, and by other security firms as Group123 (Cisco) and ScarCruft (Kaspersky). APT37 has been active since at least 2012, but it has not been analyzed as much as the North Korea-linked
Lazarus group, which is said to be responsible for high-profile attacks targeting Sony and
financial organizations worldwide.
Cisco published a report in January detailing some of the
campaigns launched by the threat actor in 2017, but APT37 only started making headlines in early February when researchers revealed that it had been using a
zero-day vulnerability in Adobe Flash Player to
deliver malware to South Korean users.
..............................
..............................
ScarCruft Uses RokRAT Malware in Operation HanKook Phantom Targeting South Korean Academics
ScarCruft APT Group Gears Up to Target Cybersecurity Pros