The infamous hacker group from North Korea – DPRK – whom recently used Adobe Flash zero-day cybersecurity vulnerability – CVE-2018-4878 – has just expanded its operations.
They created a cybersecurity trouble maker tool that uses zero-day vulnerabilities, destructive malware and is lack of concern elevated tensions in Northeast Asia.
Researchers say with high confidence that this activity is carried out on behalf of the North Korean government. Their high confidence comes from some data points that includes personal information behind some Reaper’s malicious payloads and also from the DPRK’s time zone that is used by the group in all attacks that are being carried.
This infamous DPRK or Reaper group is also known as Group123 or ScarCruft.
Reaper is an intelligence gathering operation that has mostly focused on targeting public and private sector organizations in South Korea and is being active since 2012.
In 2017, the group expanded operations to include targets in Japan, Vietnam, and the Middle East. Their targets are industries of chemicals, electronics, aerospace, healthcare, automotive, and manufacturing. Foreign government and defense industrial base, as well as media and NGOs, are targeted too by the same group.
Their most recent attacks that have caused big cybersecurity problems were targeted a Middle Eastern company and individuals involved in international affairs and those working with the Olympics.
Reaper group uses some methods to pull off their attacks. Social engineering and phishing operations are not generic but instead tailored to their targets for maximum impact. The group also compromises legitimate websites to host customized malware, which is later used in their targeted socially-based attacks.
All of this attacks can be evaded by practicing good cybersecurity habits and by installing a reliable cybersecurity solution like an antivirus in every system you use. Consider using antivirus for Windows or antivirus for Mac, depending on what OS do you have installed, every time you use the internet.
Their new malware itself is developed to target flaws in Hangul Word Processor (HWP) due to its popularity in South Korea. Reaper hacker group also weaponize exploits in Flash after they become public knowledge, and even discovered their zero-day vulnerabilities.
North Korea has repeatedly demonstrated a willingness to leverage its cyber capabilities.
North Korea carries out the most aggressive cybersecurity threats by using the APT37 group as a tool available to the regime. Our cybersecurity team anticipates that APT37 will be leveraged more and more shortly.
If you are a company implementing a robust cybersecurity solution like an antivirus might be not enough that is why hiring trimestrial, a cybersecurity company that offers professional cybersecurity services like penetration testing or ethical hacking tests it is always a good idea because only then your company will be adequately protected.