Cyber attacks linked by experts to North Korea have targeted aerospace, telecommunications and financial companies in recent years, disrupting networks and businesses around the world. North Korea rejects accusations it has been involved in hacking. After all, a nation which is led by an Apple fanboy is not going to be that technically sophisticated.
But cyber security outfit FireEye said that while Kim Jong Un might be an Apple fanboy he apparently lets his hackers dubbed APT37 use proper computers. This group APT37 has been doing a lot of work spying on South Korean targets since at least 2012 but has been observed to have expanded its scope and sophistication to hit targets in Japan, Vietnam and the Middle East only in the last year, FireEye said in a report.
The reappraisal came after researchers found that the spy group showed itself capable of rapidly exploiting multiple “zero-day” bugs - previously unknown software glitches that leave security firms no time to defend against attacks, John Hultquist, FireEye’s director of intelligence analysis said.
“Our concern is that their brief may be expanding, along with their sophistication”, Hultquist said.
“We believe this is a big thing”.
APT37 has focused on covert intelligence gathering for North Korea, rather than destructive attacks or cyber financial crime, as Lazarus Group and other similar hacking groups have been shown to engage to raise funds for the regime, it said.
From 2014 until 2017, APT37 concentrated mainly on South Korean government, military, defence industrial organizations and the media sector, as well as targeting North Korean defectors and human rights groups, the report said.
Since last year, its focus has expanded to include an organisation in Japan associated with the United Nations missions on human rights and sanctions against the regime and the director of a Vietnamese trade and transport firm.
Its spy targets included a Middle Eastern financial company as well as an unnamed mobile network operator, which FireEye said had provided mobile phone service in North Korea until business dealings with the government fell apart.
FireEye declined to name the firm involved, but Egypt’s Orascom provided 3G phone service in the country via a joint venture from 2002 to 2015, until the North Korean regime seized control of the venture, according to media reports.