KPKorea (Democratic People's Republic of)confidence: 50G0067
APT37APT37
Also known as: APT 37 · Group 123 · Group123 · InkySquid · Operation Daybreak · Operation Erebus · Reaper Group · Reaper · Red Eyes · Ricochet Chollima · ScarCruft · Venus 121 · ATK4 · G0067 · Moldy Pisces · APT-C-28 · APT37
Origin
KP
Known aliases
17
Target sectors
2
Attribution
State-sponsored
Profile
APT37 has likely been active since at least 2012 and focuses on targeting the public and private sectors primarily in South Korea. In 2017, APT37 expanded its targeting beyond the Korean peninsula to include Japan, Vietnam and the Middle East, and to a wider range of industry verticals, including chemicals, electronics, manufacturing, aerospace, automotive and healthcare entities
Aliases· 17
APT 37Group 123Group123InkySquidOperation DaybreakOperation ErebusReaper GroupReaperRed EyesRicochet ChollimaScarCruftVenus 121ATK4Moldy PiscesAPT-C-28APT37
Target sectors· 2
GovernmentPrivate sector
Known victims· 3
- South Korea
- Japan
- Vietnam
MITRE ATT&CK Group crosswalk
References
- https://www.volexity.com/blog/2021/08/17/north-korean-apt-inkysquid-infects-victims-using-browser-exploits/
- https://www.fireeye.com/blog/threat-research/2018/02/apt37-overlooked-north-korean-actor.html
- https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf
- http://blog.talosintelligence.com/2018/01/korea-in-crosshairs.html
- https://twitter.com/mstoned7/status/966126706107953152
- https://www.cfr.org/interactive/cyber-operations/apt-37
- https://www.bleepingcomputer.com/news/security/report-ties-north-korean-attacks-to-new-malware-linked-by-word-macros/
- https://unit42.paloaltonetworks.com/unit42-freemilk-highly-targeted-spear-phishing-campaign/
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.