Suspected North Korean cyber espionage group reportedly expands operations' sophistication and scope

By on
Cyber security
People pose in front of a display showing the word 'cyber' in binary code, in this picture illustration taken in Zenica December 27, 2014. Reuters/Dado Ruvic

The operations of a suspected North Korean cyber-espionage group are expanding in sophistication and scope, a new analysis suggests. There are fears that the group’s recent activity has laid the groundwork for attacks.

Earlier this month, California-based cybersecurity company FireEye published a blog that details the use of an Adobe Flash zero-day vulnerability (CVE-2018-4878) by a suspected North Korean cyber-espionage group. FireEye now tracks the group under the label APT37 (Reaper).

An analysis of APT37’s activity has found that the group’s operations are expanding, with a toolset that includes access to zero-day vulnerabilities and wiper malware. “We assess with high confidence that this activity is carried out on behalf of the North Korean government given malware development artifacts and targeting that aligns with North Korean state interests,” FireEye wrote.

It appears that North Korea has been utilising previously unidentified holes on the internet to carry out cyber-espionage. This could possibly lead to cyber attacks.

There have been allegations that North Korean leader Kim Jong Un’s cyber warriors have been causing huge disruptions in the past few years. Incidents include a hack on Sony Pictures in 2014 as well as the WannaCry ransomware worm last year, which affected companies, banks and hospitals around the world. There were also reported attacks on South Korean servers.

The North Korean regime has reportedly funnelled a large amount of money and invested time building a cyber-army that could outsmart technologically advanced countries like South Korea. The North has been accused of attacks against the South, which include hacking of the latter's cryptocurrency exchange.

FireEye has “high confidence” that a cyber-espionage group was responsible for a number of attacks not only in South Korea but also in Japan, Vietnam and the Middle East. There are reports that Lazarus, the collective that launched the attack on Sony, has links to the North Korean regime.

Meanwhile, intelligence sources have reportedly revealed that the United States is drawing up plans for cyber attacks on North Korea after Pyongyang announced its readiness for "both dialogue and war.” Washington's potential plans could focus on digital instead of conventional warfare, thereby preventing the loss of lives and crippling Pyongyang's online communications that could impact the ability to control its military. The Worldwide Threat Assessment has forecasted an increased potential for attacks in the cyber-realm.