Delaware, USA – February 22, 2018 – Known by numerous cyber espionage campaigns against South Korea, APT37 hacker group is spotted in attacks against organizations in the countries of the Middle East, Vietnam and Japan. Researchers from FireEye published a report linking the activities of this group with the government of North Korea. The researchers also found evidence that this threat actor is behind the attacks exploiting the zero-day vulnerability in Adobe Flash and analyzed the malware they use. APT37 has been active since 2012, but due to the fact that most of their campaigns targeted South Korea, they are less known than the Lazarus group. The hackers use a wide range of cyber espionage and data wiping tools. They are also suspected of creating botnets for DDoS attacks.
Exploiting of zero-day vulnerabilities in recent campaigns and expanding their operations in scope may indicate both an increase in the skills of group members and other hacker groups’ aid. Hackers from APT37 develop custom malware for their campaigns, and standard anti-virus protection often unable to detect their operations. APT Framework enables SIEM to spot sophisticated spyware and data wiper activities, using Cyber Kill Chain methodology to uncover cyber threats.