Dubai firm exposes dirty tricks by North Korean hacker team
▶ FireEye says company was targeted for cancelling deal with Pyongyang
A network of North Korean hackers has targeted companies worldwide, including one in the Middle East, in retaliation for a failed business deal.
The network, known as Reaper or APT37, has been operating since 2012, but has become more active and sophisticated in recent months, a new report reveals.
Cyber security company FireEye says the network’s victims included at least one company in the region after it pulled out of a telecommunications deal with the government of North Korea.
FireEye, which has offices in Dubai, says the organisation was hit because “it had been involved with a North Korean company and a business deal that went bad”.
“The firm was targeted shortly after media reports of this schism had gone public,” it said.
FireEye declined to identify the company. It says the Reaper network has expanded operations worldwide.
Mohammed Abukhater, FireEye’s regional vice president for sales, told The National the Reaper network had come to the attention of the company’s team of undercover investigators in 2015 but had lately become “very sophisticated and expanded their scope”.
Mr Abukhater said that there was a lack of awareness in the region about the dangers of these attacks and that he “would not be surprised if there are more”.
Complete protection against hackers was impossible, he said, “but you need to have the right measures in place to minimise the risk”.
While the motivation for the attack on the Egyptian company was revenge, other incidents were designed to steal secrets or for extortion, Mr Abukhater said.
In December, it was reported that the Egyptian telecommunications giant Orascom had pulled out of a mobile phone service it was providing to North Korea.
The deal was set up in 2008, as a collaboration to establish the country’s only 3G service with an estimated 300,000 customers.
Orascom’s chairman, billionaire Naguib Sawaris, told
The Wall Street Journal that he was not aware of any North Korean attack.
The company said it has always followed United Nations requirements on trading with Kim Jong-un’s regime.
The timing of the attacks appears to be linked to increasing pressure by the US and the UN to enforce sanctions against Pyongyang as a result of its nuclear weapons and ballistic missile programme.
Last September, South Korean news agencies reported that Egypt’s Defence Minister, Sodki Sobhi, had agreed during a visit to Seoul to cut all military ties to the North.
“The targeting effort may have been an attempt by the North Korean government to gather information on a former business partner,” FireEye said.
It reported that in May last year, APT37 used a bank liquidation letter as a front for a phishing attack on a board member of a Middle East company.
Phishing is a tactic in which an email closely resembles a genuine communication but can include attachments with malware or viruses.
In this instance, the report says, the board member was sent an attachment that exploited a weakness in Microsoft Office that allowed the North Koreans to install a tool that could collect information and install malicious files.
Other attacks have used a vulnerability in Adobe Flash.
FireEye says it has “high confidence” that the Reaper attacks originate from North Korea because the culprit inadvertently revealed IP addresses based in the country in at least one case.
The timing of the attacks is also consistent with North Korean time zones, while most were aimed at defectors and South Korean organisations.
Last year, Reaper hackers expanded the range of their targets to include companies and organisations in Japan, Vietnam and the Middle East, and in the fields of health care, electronics and aerospace.
In the past, North Korea has been blamed for the WannaCry ransomware, which infected an estimated 200,000 users, and the hacking of Sony Pictures, releasing confidential material, apparently in retaliation for the film The Interview, a comedy that imagined the assassination of Mr Kim by American agents.
North Korea has lashed out at former business partners and a movie company deemed to have offended Mr Kim