Group123, also known as ScarCruft, Reaper, and APT37, is described as a suspected North Korea-origin espionage group active since at least January 2012. The profile says its targeting expanded from an early focus on South Korea to Japan, Vietnam, the Middle East, Russia, Hong Kong, and other regions, with affected sectors including manufacturing, aerospace, automotive, healthcare, finance, research, public administration, and IT services. Its intrusion tradecraft includes tailored social engineering, spear-phishing with compressed attachments and document-disguised shortcut files, malicious RTF and HTA stages, PowerShell execution, HWP and Adobe Flash exploitation, and malware distribution through torrent file-sharing sites. Reported activity between 2016 and 2020 included operations linked to Daybreak and Erebus, while later reporting cited Dolphin backdoor capabilities such as file theft, keylogging, screenshots, removable-device monitoring, and browser credential theft, plus frequent macOS targeting in 2023.