rpt_APT37.pdf (3 MB)

FireEye assesses APT37, also known as Reaper, as a North Korean cyber espionage group active since at least 2012 and aligned with Scarcruft and Group123 reporting. The group primarily targeted South Korean public and private entities, then expanded in 2017 to Japan, Vietnam, the Middle East, and sectors including chemicals, electronics, manufacturing, aerospace, automotive, and healthcare. The report highlights spear phishing, strategic web compromises, torrent delivery, CVE-2017-0199 and Flash zero-day use, Korean peninsula themed lures, SHUTTERSPEED, KARAE, POORAIM, SLOWDRIFT, and wiper capabilities.