Hackers previously connected to attacks primarily targeting South Korea have expanded their operations to include campaigns against industries in Asia and the Middle East, security researchers warned in a report Tuesday.
Known by names including "APT37" and "Reaper," the suspected North Korean state-sponsored hacking outfit has made gains recently in terms of both the scale and sophistication of its cyberattacks, FireEye's iSIGHT research group said in the report.
Previously linked mostly to attacks against Seoul and South Korea's private sector starting in 2012, last year the hackers launched campaigns against targets in Japan, Vietnam and the Middle East, including entities in the chemicals, electronics, manufacturing, aerospace, automotive and health care entities, the report said.
"We assess with high confidence that this activity is carried out on behalf of the North Korean government," the report said, citing malware used in the attacks and the nature of the intended victims.
While North Korea has been accused of international cyberattacks in the past, successful campaigns including the 2014 attack against Sony Pictures Entertainment have been attributed to a separate group of suspected state-sponsored hackers commonly referred to as the Lazarus Group.
Fresh off the Lazarus Group being blamed by the U.S. and other for last year's international WannaCry cyberattack, its lesser known hacking cohorts could soon be launching similarly devastating campaigns if its operations continue to increase at this rate, warned John Hultquist, FireEye's manager of analysis.
"Our concern is that their [international] brief may be expanding, along with their sophistication," Mr. Hultquist told Reuters. "We believe this is a big thing."
CrowdStrike, a competing cybersecurity firm, has also been monitoring the hacking group's activities, NBC News reported.
"Their malware is quite sophisticated and is capable of stealing documents from the air-gapped or disconnected networks," CrowdStrike analysts wrote in an intelligence report cited by the network. "Primary targets include government, military, defense, finance, energy and electric utility sectors."
North Korea has previously denied hacking U.S. targets. Nonetheless, the director of the U.S. Office of National Intelligence warned last week that Pyongyang is posed to remain a threat to computer systems American and otherwise.
"We expect the heavily sanctioned North Korea to use cyber operations to raise funds and to gather intelligence or launch attacks on South Korea and the United States," Mr. Coats said in a statement delivered during a hearing on worldwide threats Wednesday. "Pyongyang probably has a number of techniques and tools it can use to achieve a range of offensive effects with little or no warning, including distributed denial of service attacks, data deletion and deployment of ransomware."
© 2018 Washington Times under contract with NewsEdge/Acquire Media. All rights reserved.
Image credit: iStock/Artist's concept.