One of North Korea's most prominent hacking organisations is looking to launch attacks on targets beyond South Korea, researchers at security firm FireEye has warned.
Its latest report claims that the so-called APT37 hacking group, which has been strongly linked with North Korea's government, is working on attacks targeting government, media, entertainment, aerospace and defence, not just in South Korea, but against targets globally.
The group was behind malware that exploited a zero-day vulnerability in Adobe Flash Player, which Adobe was particularly slow to patch, used to target South Korean researchers. FireEye said this demonstrates that the organisation is new working with a "concerning level of technical sophistication".
The researchers added that they are highly confident that this "activity is carried out on behalf of the North Korean government".
Much of the organisation's attacks are aligned with North Korea's state interests. In particular, it is now targeting Japan, Vietnam and the Middle East, as well as South Korea with which it technically remains in a state of war.
In these countries, North Korean state hackers are looking to infiltrate industry verticals such as electronics, manufacturing, healthcare, automotive and aerospace.
The hackers are using a plethora of tactics to infect victims. FireEye said they are using "engineering tactics tailored specifically to desired targets and strategic web compromises typical of targeted cyber espionage operations".
Another focus of the organisation is exploiting vulnerabilities. In particular, capitalising on security flaws in the Hangul Word Processor, popular in South Korea, and Adobe Flash as part of their attack methodology.
FireEye added that the organisation is using compromised servers, messaging platforms and cloud service providers in a bid to stay under the radar. "The group has shown increasing sophistication by improving their operational security over time," the report warned.
In other words, they are learning from their mistakes, in a country with few computers and no internet access on which private individuals can teach themselves.
The group has also created "a diverse suite of malware for initial intrusion and exfiltration", according to FireEye. They added: "Along with custom malware used for espionage purposes, APT37 also has access to destructive malware."
Fraser Kyne, EMEA chieft technology officer of security firm Bromium, said that North Korea is not the only rogue state launching cyber attacks - indeed, the Edward Snowden disclosures indicated that for spy agencies worldwide the internet is something of a free-for-all.
"We have already seen these attacks can have a huge impact on everyday life - just look at all the hospital appointments that had to be cancelled last year following WannaCry.
Geoengineering on the sea floor near glaciers would form a new ice shelf to prevent melting
Alterations in capillary blood flow can be caused by body position change
Curiosity rover is in 'normal mode' but not transmitting scientific data back to base
NatWest outage comes a day after Barclays' IT systems shut out customers and staff