Link Search Menu Expand Document

APT37

State-backed: North Korean

Associated Groups : Group123, Starcruft, Reaper, Reaper Group, Red Eyes, Ricochet Chollima, StarCruft, Operation Daybreak, Operation Erebus, Venus 121.

Estimated time of origin: 2012

Target: Various industries primarily in South Korea - though also Japan, Vietnam and the Middle East

Strategy : Spear phising with zeroday and wiper malware. Exploit vulnerability in Hangul Word Processor (HWP).

Malwares: various

Noteworthy:

  • Uses torrent to distribute malware.

Reference

MITRE ATT&CK FireEye Reaper Malpedia