North Korean Reaper APT Uses Zero-day Vulnerabilities to Spy on Governments

Home / Articles / External Non-Government


April 30, 2018 | Originally published by Date Line: April 30 on

A hacking group has been utilizing an array of zero-day vulnerabilities to conduct surveillance on behalf of North Korea, researchers have warned.

According to cybersecurity firm FireEye, the advanced persistent threat (APT) group, dubbed “Reaper,” uses a range of zero-day vulnerabilities and malware to carry out attacks against victims related to the North Korean government”s interests.

On Tuesday, FireEye said in a blog post that Reaper primarily targets South Korea. However, Japan, Vietnam, and the Middle East are also now in the group”s sights.

In addition to government targets, the group, also known as APT37, strikes industrial players such as those in the chemical, military, electronics, aerospace, automotive, healthcare, and manufacturing sectors.

In a report (.PDF) documenting the firm”s findings, FireEye says that Reaper”s primary goal is to gather intelligence valuable to the North Korean government.

In order to avoid detection, Reaper makes use of compromised servers in South Korea and beyond, messaging platforms, and cloud service providers.

Due to IP address evidence and the activity of Reaper following the North Korean working day, as well as the targets selected by the threat actors, FireEye believes that the group must come from this country.

As the APT group has also developed its own malware and appears to have vast resources at hand, it is most likely that Reaper is state-sponsored.

For additional information directly from FireEye.