APT37

APT37 is an intrusion set originally identified by FireEye iSight Intelligence and linked to North Korean state interests. The group has reportedly been active since at least 2012 with reported overlap with 'Scarcruft' and 'Group123'.

According to FireEye, APT 37 has been observed exploiting zero day vulnerabilities and targeting primarily public and private sectors in South Korea.

www.mandiant.com

https://www.mandiant.com/resources/blog/north-korea-cyber-structure-alignment-2023

www2.fireeye.com

https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf

web.archive.org

https://web.archive.org/web/20200326004232/https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf

www.mandiant.com

https://www.mandiant.com/resources/blog/apt37-overlooked-north-korean-actor

services.google.com

https://services.google.com/fh/files/misc/apt37-reaper-the-overlooked-north-korean-actor.pdf