© 2019 SourceMedia. All rights reserved.

North Korea hacker unit `Reaper' now global threat, FireEye says

(Bloomberg) -- North Korean cyber-spy group “Reaper” is emerging as a global threat, conducting espionage well beyond the Korean peninsula in support of Pyongyang’s military and economic interests, FireEye Inc. said.

The group, known also as APT37, in 2017 began attacking targets in Japan, Vietnam and the Middle East after having focused on its southern neighbor for years, FireEye said in a report. The hacking group -- traced to an IP address in North Korea -- now infiltrates a range of industries from electronics and aerospace to automotive and health care, the cybersecurity firm said.

Reaper joins a growing list of hacking units linked to Kim Jong Un’s regime, including “Lazarus,” which the U.S. blamed for a 2014 data theft at Sony Pictures Entertainment. North Korea has been widening its cyber-operations in pursuit of cash and intelligence in an attempt to cushion the impact of international sanctions, and Reaper underscores the challenge in fending them off.

“They’ve laid low on the radar for a long time,” John Hultquist, director of FireEye’s intelligence unit, said by phone. “They are probably not getting their due, considering this is a tool of the regime that can be used in all the same ways that Lazarus is being used.”

north korean hacker unit reaper.jpg
Green light illuminates data cable terminals inside a communications room at an office in London, U.K., on Monday, May 15, 2017. Governments and companies around the world began to gain the upper hand against the first wave of an unrivaled global cyberattack, even as the assault was poised to continue claiming victims this week. Photographer: Chris Ratcliffe/Bloomberg

Reaper has been active since at least 2012, and typically sends its targets emails laced with malware to steal confidential information. Its targets have included a Middle Eastern telecommunications company doing business in North Korea, a Japan-based entity associated with a United Nations group on sanctions and the general director of a Vietnamese trading company, FireEye said, declining to name the victims.

The group came under FireEye’s scrutiny when South Korea warned last month about a security vulnerability in Adobe Flash. A developer believed to belong to Reaper made the mistake of revealing his or her North Korean IP address, Hultquist said. It’s unclear how large the group is, he added.

“Ignored, these threats enjoy the benefit of surprise, allowing them to extract significant losses on their victims, many of whom have never previously heard of the actor,” FireEye said in an emailed statement.