North Korea appears to be planning major international cyber-attacks, with espionage group APT37 (Reaper) seen to be expanding its scope and sophistication with new zro day vulnerabilities and wiper malware according to a new report from FireEye.
FireEye previously published a blog detailing the use of an Adobe Flash zero-day vulnerability (CVE-2018-4878) this suspected North Korean cyber espionage group which it says it assess with high confidence as working on behalf of the North Korean government and that the group is aligned with the activity publicly reported as Scarcruftand Group123.
Key points of the report, as noted by FireEye, are as follows:
- “Targeting: Primarily South Korea – though also Japan, Vietnam and the Middle East – in various industry verticals, including chemicals, electronics, manufacturing, aerospace, automotive, and healthcare.
- “Initial Infection Tactics: Social engineering tactics tailored specifically to desired targets, strategic web compromises typical of targeted cyber-espionage operations, and the use of torrent file-sharing sites to distribute malware more indiscriminately.
- “Exploited Vulnerabilities: Frequent exploitation of vulnerabilities in Hangul Word Processor (HWP), as well as Adobe Flash. The group has demonstrated access to zero-day vulnerabilities (CVE-2018-0802), and the ability to incorporate them into operations.
- “Command and Control Infrastructure: Compromised servers, messaging platforms, and cloud service providers to avoid detection. The group has shown increasing sophistication by improving their operational security over time.
- “Malware: A diverse suite of malware for initial intrusion and exfiltration. Along with custom malware used for espionage purposes, APT37