North Korean Cyber Army Poses Increasing Risks as It Expands Its Global Reach, Cybersecurity Group Warns

North Korea is preparing to launch more sophisticated cyberattacks against its enemies and is improving its hackers’ cyber espionage skills, according to a report published Tuesday.

North Korea is an impoverished country with few resources, but it has poured much of whatever money it has into the development of nuclear weapons and cyber espionage. Several months ago, the U.S. blamed the rogue nation’s hacker group Lazarus for carrying out the WannaCry cyberattack, a ransomware attack that infected the computer networks of banks, hospitals and companies around the world. The malware demanded hundreds of dollars to reopen infected computers. It also briefly shut down Britain’s National Health Service.

Cybersecurity professionals also say Lazarus was behind a cyberattack against Bangladesh’s central bank, an operation that stole around $81 million.

Now, the cybersecurity firm FireEye says that another North Korean hacker group, called Reaper, also known as APT37, is spying on companies, the government, the military and the media in South Korea, and is expanding its cyberespionage capabilities to other countries around the globe.

“Our analysis of APT37’s recent activity reveals that the group’s operations are expanding in scope and sophistication,” reads the report by the cybersecurity firm FireEye. “We assess with high confidence that this activity is carried out on behalf of the North Korean government given malware development artifacts and targeting that aligns with North Korean state interests.”

One of the data strings included in a Reaper hack was named after a Christian missionary group that works with North Korean defectors. 

The Reaper group is especially adept at “zero-day vulnerability” attacks, when hackers find and exploit software flaws before developers can create patches to fix them. The primary targets of this North Korean cyber espionage are South Korea, Japan, Vietnam and the Middle East, the report details.

The Lazarus group is believed to have hackers stationed around the world, all of whom send money back to North Korea. In contrast, the Reaper group appears to be based primarily in Pyongyang, FireEye said.

Cyberattacks allow the North Korean government to bring in hundreds of millions of dollars to fund the development of nuclear weapons capable of hitting the U.S., experts warn.  

North Korea has denied its involvement in cyberattacks.

Editor's Pick