← All Threat Actors
Threat Actor Profile

APT37

APT 37 APT-C-28 ATK4 G0067 Group 123 Group123 InkySquid Moldy Pisces Operation Daybreak Operation Erebus Reaper Reaper Group Red Eyes Ricochet Chollima ScarCruft TEMP.Reaper Venus 121
▲ High Threat
APT37 has likely been active since at least 2012 and focuses on targeting the public and private sectors primarily in South Korea. In 2017, APT37 expanded its targeting beyond the Korean peninsula to include Japan, Vietnam and the Middle East, and to a wider range of industry verticals, including chemicals, electronics, manufacturing, aerospace, automotive and healthcare entities
Origin North Korea
Sponsor Korea (Democratic People's Republic of)

Target Sectors

Government Private sector

Known TTPs

Registry Run Keys / Startup Folder
Peripheral Device Discovery
Python
Ingress Tool Transfer
Web Protocols
Steganography
Bidirectional Communication
System Information Discovery
Malicious File
Invalid Code Signature
Bypass User Account Control
System Owner/User Discovery
Credentials from Web Browsers
System Shutdown/Reboot
Data from Local System
Dynamic Data Exchange
Native API
Exploitation for Client Execution
Process Injection
Obfuscated Files or Information
Drive-by Compromise
Process Discovery
Command and Scripting Interpreter
Windows Command Shell
Spearphishing Attachment
Audio Capture
Visual Basic
Scheduled Task
Disk Structure Wipe

External Resources

CISA Advisories ↗

Related Intelligence

Hacking the mainframe…

LINK COPIED TO CLIPBOARD