top of page
Search
  • Writer's pictureMichael Paulyn

North Korean Hacker Group APT37, using New M2RAT Malware to Attack the South

The North Korean-backed hacker group, APT37, is working on using some new malware known as M2RAT in hopes of attacking South Korea. Recently, APT37 also worked under the following aliases Reaper, RedEyes, Ricochet Chollima, and ScarCruft.

This group has direct links to North Korea's Ministry of State Security (MSS), unlike the Lazarus and Kimsuky threat clusters that are part of the Reconnaissance General Bureau (RGB).


Information from the Google-owned Mandiant shares that the MSS is responsible for "domestic counterespionage and overseas counterintelligence activities." The APT37's primary aim is to work to attack defectors and human rights activists.

Beyond just that, Mandiant explains that "APT37's assessed primary mission is covert intelligence gathering in support of DPRK's strategic military, political, and economic interests." This DPRK agency uses custom tools like Chinotto, RokRat, BLUELIGHT, GOLDBACKDOOR, and Dolphin to gather sensitive data from unsuspecting victims.


Hungry for more? Join me each week, where I'll break down complex topics and dissect the latest news within the cybersecurity industry and blockchain ecosystem, simplifying the tech world.


4 views0 comments
bottom of page