Researchers from South Korean-based ESTsecurity Security Response Center (ESRC) identified the latest APT37 campaign carried out by the state-sponsored North Korean group named ‘Geumseong121’ in early March 2020. The North Korean hackers have been running a spear-phishing email operation targeting North Korean refugees.
‘Geumseong121’, also known as APT37, has been conducting state-sponsored espionage activities in South Korean cyberspace for years, mainly targeting those who are engaged in unification, foreign affairs, or national security, the leaders of the organizations specializing in North Korean issues, along with North Korean refugees.
A report titled “The stealthy mobile APT attack carried out by Geumseong121 APT hacking group” published in November last year, reveals that the group has attempted to perform cyber-attacks targeting a wide range of devices including computers and mobile devices.
Their latest campaign, Operation Spy Cloud, entices its victims to click links that appear to be about North Korean refugees. Instead the links download malicious files, in an attempt to take over computers and gather information from the owners of the hacked computers.