North Korea targeted ME telco over business dispute, says FireEye

FireEye report says that North Korean state-sponsored hackers attempted to infiltrate telco

Tags: FireEye (www.fireeye.com)North Korea
  • E-Mail
North Korea targeted ME telco over business dispute, says FireEye FireEye said that the APT37 group has focused on a number of targets related to North Korea's strategic interests.
By  Mark Sutton Published  February 21, 2018

North Korean hackers targeted a Middle Eastern telco after a failed business deal with a North Korean company, according to FireEye.

In a report issued today, the security company says that hackers, almost certainly working on behalf of the North Korean government, attempted to plant malware on computers for the unnamed telco sometime last year.

FireEye did not name the telecoms company, but said that it had "been involved with a North Korean company and the business deal went bad".

The attackers, which FireEye identified as ‘APT37' or ‘Reaper', targeted the telco shortly after media reports of the issues with the deal went public.

The targeting effort may have been an attempt by the North Korean government to gather information on a former business partner. FireEye said that the tactics, techniques and procedures used were all indicative of this group, which has previously focused on targets in South Korea.

FireEye also said that in May 2017, APT37 used a bank liquidation letter as a spear phishing lure against a board member of a Middle Eastern financial company.

The APT37 team, which FireEye says has been in operation since at least 2012, have been observed using a variety of tools for surveillance, file theft and planting malware. Their targets to date have primarily been South Korean. Attacks have been detected that FireEye believes align with North Korean state interests, mainly against South Korean government, military, industry and media. APT37 has also targeted North Korean defectors to South Korea and those involved with reunification efforts.

In 2017, the group appears to have widened its scope, to target entities in Vietnam and Japan, as well as the Middle East attacks, and to have targeted new sectors including chemicals, electronics, manufacturing, aerospace, automotive and healthcare entities.

FireEye stated in the report: "We judge that APT37's primary mission is covert intelligence gathering in support of North Korea's strategic military, political and economic interests... We assess with high confidence that this activity is carried out on behalf of the North Korean government given malware development artefacts and targeting that aligns with North Korean state interests."

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code