The threat posed by a hacker group known as “Reaper,” working on behalf of the North Korean government, has been overlooked, according to California-based cybersecurity vendor FireEye, even as a new analysis finds “that the group’s operations are expanding in scope and sophistication.”
FireEye’s February 20 analysis found that the group has primarily targeted South Korea, but Japan, Vietnam and Middle Eastern countries have also been targeted.
Reaper’s exploitation of the Hangul Word Processor and Adobe Flash have demonstrated the group’s “access to zero-day vulnerabilities,” or, ability to find unknown security vulnerabilities, “and the ability to incorporate them into operations,” FireEye said.
“It’s like your security system is a big wall, but someone knows that there’s a hole somewhere in that wall and can crawl through it,” John Hultquist, director of intelligence analysis for FireEye, told the Washington Post.
“It’s fairly rare,” he said, adding that it points to a maturing, more sophisticated toolkit brandished by North Korean hackers.
The group has “a diverse suite of malware for initial intrusions and exfiltration,” the cybersecurity company said. These malware programs can be used for traditional cyber espionage as well as destructive purposes.
FireEye assessed with “high confidence” that Reaper’s activity is “carried out on behalf of the North Korean government, given malware development artifacts and targeting that aligns with North Korean state interests.”
Affected targets have included public and private sector groups, according to FireEye. Reaper has targeted chemicals, electronics, manufacturing, automotive and aerospace industries, the report said.
“We expect the heavily sanctioned North Korea to use cyber operations to raise funds and to gather intelligence or launch attacks on South Korea and the United States,” the US intelligence community said in a Worldwide Threat Assessment published last week.
“Pyongyang probably has a number of techniques and tools it can use to achieve a range of offensive effects with little or no warning,” the assessment noted.