Mandiant Catches Another North Korean Gov Hacker Group

Cybersecurity experts are reporting that researchers at the security firm, Mandiant, have identified a new North Korean hacker group that is linked to the nation’s government. This news is the latest in the ongoing battle between cyber attackers and defenders as governments around the world wrestle with the threat of state-sponsored cyber espionage and malicious activities.

What We Know

Mandiant is a FireEye company that specializes in threat intelligence and incident response services. Their security experts have recently identified a new North Korean state-sponsored hacking group that has been active since 2019. The hacker group, tracked by Mandiant as APT37, is also known as “Reaper,” “Group123,” and “ScarCruft” and is relatively quiet, though it has been active since 2012.

The group was identified after its activities were linked to earlier reported attacks that were carried out by North Korea’s Global Communication Network. APT37 initially targeted military, defense, and media organizations in South Korea and Japan, but they have expanded their operations to other nations, including the United States, the United Kingdom, Israel, Syria, and other countries in the Middle East and Southeast Asia.

APT37’s Tools and Tactics

APT37 employs a wide range of tactics, techniques, and procedures, according to Mandiant’s report. The group has developed and used several custom-crafted malware tools, such as “BabyShark,” “HighShell,” “Hangman,” and “MataHari,” to conduct their operations. In addition, they have also leveraged existing malware tools, such as “BONDUPDATER” and “WINDSHIELD,” and command-and-control servers located in countries around the world.

In addition to leveraging malicious tools, APT37 is also adept at leveraging social engineering techniques to propagate their attacks. They have been known to send emails with malicious attachments to potential targets in attempts to gain a foothold within compromised networks and systems.

Mitigation Strategies

Given the sophistication and vast array of tools and techniques employed by APT37, it is clear that organizations and individuals must take steps to ensure their networks, systems, and data are properly secured. Here are some tips from Mandiant Security experts to help protect your organization from this and other advanced persistent threats:

• Develop and implement a comprehensive cybersecurity strategy that addresses all potential threats.

• Harden networks and systems with the latest security patches and software updates.

• Strictly control access to critical assets and systems.

• Monitor user accounts and access privileges.

• Educate and train users on proper cyber hygiene.

• Monitor and log all user activities.

• Implement security controls and technology solutions, such as multi-factor authentication and end-to-end encryption.

• Implement a strong incident response plan and incident response team.


APT37 is yet another threat that organizations must be aware of and take steps to mitigate. The group’s arsenal of tools and tactics is highly sophisticated and must be taken seriously, as their activities have been linked to the North Korean government and could portend more significant cyber attacks.

It’s time to take the necessary steps to protect your organization from the threat of APT37 and other advanced persistent threats. Share this article with your colleagues and other organizations to spread awareness of the potential risks.

Leave a Comment