North Korea's 'Reaper' hacking group is stepping up its cyber warfare capabilities and is an 'advanced persistent threat'

  • The cyber espionage group hit targets in Japan and the Middle East last year 
  • Security firm FireEye said the group was only known for targeting South Korea   
  • In a report, FireEye say the group, which they dubbed APT37, is state-connected

North Korea's Reaper hacking group is stepping up its cyber warfare capabilities and is an 'advanced persistent threat, a leading US cybersecurity firm has warned.

FireEye identified the Pyongyang-linked group it dubbed 'APT37' - standing for 'advanced persistent threat' - in a report on Tuesday.

It's the first time that FireEye had used the designation for a North Korean-based group.

Analysts say the isolated and impoverished, but nuclear-armed North has stepped up hacking operations partly to raise money for the cash-strapped regime, which is subject to multiple sanctions over its atomic weapons and ballistic missile programmes.

FireEye said the cyber espionage group, previously known only for targeting South Korea's government and private sector, has become more sophisticated. 

Scroll down for video 

Analysts say the isolated and impoverished, but nuclear-armed North has stepped up hacking operations partly to raise money for the cash-strapped regime. Pictured, North Korean leader Kim Jong-un

Analysts say the isolated and impoverished, but nuclear-armed North has stepped up hacking operations partly to raise money for the cash-strapped regime. Pictured, North Korean leader Kim Jong-un

Last year, it hit further afield including in Japan and the Middle East, the security researchers said.

Cyber attacks linked by experts to North Korea have targeted aerospace, telecommunications and financial companies in recent years, disrupting networks and businesses around the world. 

But North Korea rejects accusations it has been involved in hacking.

FireEye said the state-connected Reaper hacking organisation, which it dubbed APT37, had previously operated in the shadows of Lazarus Group, a better-known North Korean spying and cybercrime group widely blamed for the 2014 Sony Pictures and 2017 global WannaCry attacks.

APT37 had spied on South Korean targets since at least 2012, but has been observed to have expanded its scope and sophistication to hit targets in Japan, Vietnam and the Middle East only in the last year, FireEye said in a report.

White House homeland security adviser Tom Bossert speaks about the WannaCry virus  during a briefing at the White House last December

White House homeland security adviser Tom Bossert speaks about the WannaCry virus during a briefing at the White House last December

John Hultquist, FireEye's director of intelligence analysis, said the reappraisal came after researchers found that the spy group showed itself capable of rapidly exploiting multiple 'zero-day' bugs - previously unknown software glitches that leave security firms no time to defend against attacks.

'Our concern is that their (international) brief may be expanding, along with their sophistication,' Hultquist said. 'We believe this is a big thing'.

APT37 has focused on covert intelligence gathering for North Korea, rather than destructive attacks or financial cyber crime, as Lazarus Group and other similar hacking groups have been shown to engage in order to raise funds for the regime, it said.

The group appears to be connected to attack groups previously described as ScarCruft by security researchers at Kaspersky and Group123 by Cisco's Talos unit, FireEye said.

'We assess with high confidence that this activity is carried out on behalf of the North Korean government given malware development artefacts and targeting that aligns with North Korean state interests,' the security report said. 

APT37 concentrated mainly on South Korean government, military, defence industrial organisations and the media sector, as well as targetting North Korean defectors and human rights groups, from 2014 until 2017, according to the report.

But since last year, its focus has expanded to include an organisation in Japan associated with the United Nations missions on human rights and sanctions against the regime and the director of a Vietnamese trade and transport firm.

Its spy targets included a Middle Eastern financial company as well as an unnamed mobile network operator, which FireEye said had provided mobile phone service in North Korea until business dealings with the government fell apart.

FireEye declined to name the firm involved, but Egypt's Orascom provided 3G phone service in the country via a joint venture from 2002 to 2015, until the North Korean regime seized control of the venture, according to media reports.

Asked for comment, a spokeswoman for Orascom said she had no immediate knowledge of the matter and was looking into it.