G0067
G0067APT37
Description
[APT37](https://attack.mitre.org/groups/G0067) is a North Korean state-sponsored cyber espionage group that has been active since at least 2012. The group has targeted victims primarily in South Korea, but also in Japan, Vietnam, Russia, Nepal, China, India, Romania, Kuwait, and other parts of the Middle East. [APT37](https://attack.mitre.org/groups/G0067) has also been linked to the following campaigns between 2016-2018: Operation Daybreak, Operation Erebus, Golden Time, Evil New Year, Are you Happy?, FreeMilk, North Korean Human Rights, and Evil New Year 2018.(Citation: FireEye APT37 Feb 2018)(Citation: Securelist ScarCruft Jun 2016)(Citation: Talos Group123)
North Korean group definitions are known to have significant overlap, and some security researchers report all North Korean state-sponsored cyber activity under the name [Lazarus Group](https://attack.mitre.org/groups/G0032) instead of tracking clusters or subgroups.
References
- https://attack.mitre.org/groups/G0067
- https://www.volexity.com/blog/2021/08/17/north-korean-apt-inkysquid-infects-victims-using-browser-exploits/
- https://www.crowdstrike.com/adversaries/ricochet-chollima/
- https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf
- https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/
- https://blog.talosintelligence.com/2018/01/korea-in-crosshairs.html
- https://securelist.com/operation-daybreak/75100/
Software attributed to this8
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Software | WINERACKs0219 | 100% | live |
| Software | SLOWDRIFTs0218 | 100% | live |
| Software | DOGCALLs0213 | 100% | live |
| Software | KONNIs0356 | 100% | live |
| Software | NOKKIs0353 | 100% | live |
| Software | KARAEs0215 | 100% | live |
| Software | BLUELIGHTs0657 | 100% | live |
| Software | CORALDECKs0212 | 95% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.