On Feb. 2, 2018, we published a href="https://www.fireeye.com/blog/threat-research/2018/02/attacks-leveraging-adobe-zero-day.html">blog
detailing the use of an Adobe Flash zero-day
vulnerability (CVE-2018-4878) by a suspected North Korean cyber
espionage group that we now track as APT37 (Reaper).
Our analysis of APT37’s recent activity reveals that the group’s
operations are expanding in scope and sophistication, with a toolset
that includes access to zero-day vulnerabilities and wiper malware. We
assess with high confidence that this activity is carried out on
behalf of the North Korean government given malware development
artifacts and targeting that aligns with North Korean state interests.
FireEye iSIGHT Intelligence believes that APT37 is aligned with the
activity publicly reported as href="https://cdn.securelist.com/files/2017/10/Guerrero-Saade-Raiu-VB2017.pdf">Scarcruft
and Group123.
Download our report,
href="https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf">APT37
(Reaper): North Korean Cyber Espionage Group Expands its Focus and
Capabilities, to learn more about our assessment that this
threat actor is working on behalf of the North Korean government, as
well as various other details about their operations:
More information on this threat actor is found in our report,
href="https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf">APT37
(Reaper): North Korean Cyber Espionage Group Expands its Focus and
Capabilities. You can also href="https://www2.fireeye.com/WBNR-APT37-Overlooked-North-Korean-Threat.html">register
for our upcoming webinar for additional insights into this group.