Cyber Threat Report: 'APT37 (REAPER) - The Overlooked North Korean Actor'

This special report by FireEye discusses an investigation into APT37, a suspected North Korean cyber espionage group. According to the report, APT37 has been active since at least 2012 and focuses on covert intelligence gathering in support of North Korea's strategic military, political and economic interests. The group mainly targets South Korea, but also Japan, Vietnam and the Middle East in various sectors. The report outlines the diverse suite of malware used for initial intrusion and exfiltration, and describes how the group has access to zero-day vulnerabilities and wiper malware. The group uses compromised servers, messaging platforms and cloud service providers for command and control, and leverages social engineering, spear phishing, strategic web compromises and torrent file-sharing sites to deliver malware. FireEye assesses with high confidence that APT37 acts in support of the North Korean government and is primarily based in North Korea, based on multiple factors such as malware development artifacts, targeting profile, and probable links to a North Korean individual believed to be the developer of several of APT37's proprietary malware families.