NORTH KOREA’S MOST prolific hacking group, broadly known within the security community under the name Lazarus, has over the last half-decade proven itself one of the world’s most internationally aggressive teams of intruders. It has pulled off audacious attacks around the globe, from leaking and destroying Sony Pictures’ data to siphoning of tens of millions of dollars from banks in Poland and Bangladesh. Now, security researchers have detailed the capabilities of a far more obscure North Korean group, with its own distinct and diverse hacking arsenal.
Tuesday, security firm FireEye released a new report describing a group of sophisticated state-sponsored hackers it calls APT37—also known by the names ScarCruft and Group123—that it has followed for the last three years, tracing the operation to North Korea. The company notes that the hackers have, for the most part, remained focused on South Korea targets, which has allowed the team to keep a far lower profile than Lazarus. But FireEye says APT37 isn’t necessarily any less skillful or well-resourced. It has used a broad range of penetration techniques, and has planted custom-coded malware on victims’ computers capable of everything from eavesdropping via an infected PC’s microphone to Sony-style data-wiping attacks.