According to a recent article in the Wall Street Journal, concerns are escalating over one of North Korea’s three major hacking organizations because of both their adeptness and sheer brazenness. APT37 aka, “Reaper,” is the hacking group is well known for attacking South Korea, but has since decided to attack companies in Japan, Vietnam and the Middle East. What is especially noteworthy about its recent slew of attacks is the heightened level of sophistication — and that they have made little effort to disguise their bad deeds.
Cybersecurity company FireEye, Inc. monitors Reaper’s attacks and in a report issued earlier this month reveals that Reaper is utilizing a toolset that includes access to zero-day vulnerabilities and wiper malware. Reaper has shown preference to hacking information within companies involved in automotive, aerospace, chemicals, and health care industries. They also recently attacked South Korea when they discovered a vulnerability with Adobe Flash which was then able to install malware on infected computers who opened the corrupt Adobe Flash files.
FireEye squarely points the finger at the North Korean government as the true face of Reaper due to malware development artifacts and targeting that supports state interests. FireEye claims to easily trace these attacks back to the Pyongyang IP addresses that Reaper has been using.
Reaper is just one of a growing collection of hacking groups linked to North Korean leader Kim Jong Un’s regime, including “Lazarus,” which the US blamed for the Sony pictures Entertainment data theft in 2014. Bloomberg Technology posits that North Korea has been widening its cyber-operations to gather cash and intelligence to offset the penalties of international sanctions. The sanctions against North Korea have been on the rise, yet North Korea seems unconcerned and continues to ramp up attacks on foreign countries.
Whether your company is a Reaper target or potentially attractive to another cyber-criminal, attacks are on the rise. Being vigilant within your own company is mission-critical to prevent losing data. The best defense to a cyber-attack is to have a comprehensive and tested disaster recovery plan in place that include an air-gapped backup. You may still be vulnerable to cyber threats, but your day-to-day impact is significantly minimized.