North Korean Government on Verge of Expanding Cyber-Espionage Operations, Security Firm Says


A cybersecurity firm in California, FireEye, has concluded with high confidence that a North Korean cyber-espionage group known as APT37 has expanded its operations in both scope and sophistication, and that it’s working on behalf of the North Korean government, according to a report released by the firm today.

FireEye says that APT37’s primary mission is covert intelligence gathering in support of North Korea’s military, political and economic interests.  The group had almost exclusively targeted South Korean government, military and media sectors up until last year, when it began targeting countries beyond the Korean peninsula, including Japan, Vietnam and the Middle East.

The group works most often through the use of malicious computer programs called malware that infect host computers through the download spam emails as well as videos.  The malware, once downloaded, enables APT37 to collect information on the host computer’s system, take screenshots and download additional malicious files to the victim computer.

FireEye believes that the tool will be leveraged more and more by the North Korean government into previously unfamiliar roles and regions, as pressure continues to mount on the regime.

Tensions have thawed somewhat on the Peninsula in the last few weeks in light of the both Koreas marching under a unified flag at the Winter Olympics, being held in South Korea.  U.S. Vice President Mike Pence, who led the U.S. delegation to the Olympic Games, has indicated a willingness to engage with the North Koreans but has said that sanctions leveled against the country for their pursuit of nuclear weapons would only be lifted if there are meaningful steps toward denuclearization.

“So the maximum pressure campaign is going to continue and intensify.  But if you want to talk, we’ll talk,” Pence said.


Join the discussion