One of North Korea's most prominent hacking organisations is looking to launch attacks on targets beyond South Korea, researchers at security firm FireEye has warned.
Its latest report claims that the so-called APT37 hacking group, which has been strongly linked with North Korea's government, is working on attacks targeting government, media, entertainment, aerospace and defence, not just in South Korea, but against targets globally.
The group was behind malware that exploited a zero-day vulnerability in Adobe Flash Player, which Adobe was particularly slow to patch, used to target South Korean researchers. FireEye said this demonstrates that the organisation is new working with a "concerning level of technical sophistication".
The researchers added that they are highly confident that this "activity is carried out on behalf of the North Korean government".
Much of the organisation's attacks are aligned with North Korea's state interests. In particular, it is now targeting Japan, Vietnam and the Middle East, as well as South Korea with which it technically remains in a state of war.
In these countries, North Korean state hackers are looking to infiltrate industry verticals such as electronics, manufacturing, healthcare, automotive and aerospace.
The hackers are using a plethora of tactics to infect victims. FireEye said they are using "engineering tactics tailored specifically to desired targets and strategic web compromises typical of targeted cyber espionage operations".
Another focus of the organisation is exploiting vulnerabilities. In particular, capitalising on security flaws in the Hangul Word Processor, popular in South Korea, and Adobe Flash as part of their attack methodology.
FireEye added that the organisation is using compromised servers, messaging platforms and cloud service providers in a bid to stay under the radar. "The group has shown increasing sophistication by improving their operational security over time," the report warned.
In other words, they are learning from their mistakes, in a country with few computers and no internet access on which private individuals can teach themselves.
The group has also created "a diverse suite of malware for initial intrusion and exfiltration", according to FireEye. They added: "Along with custom malware used for espionage purposes, APT37 also has access to destructive malware."
Fraser Kyne, EMEA chieft technology officer of security firm Bromium, said that North Korea is not the only rogue state launching cyber attacks - indeed, the Edward Snowden disclosures indicated that for spy agencies worldwide the internet is something of a free-for-all.
"We have already seen these attacks can have a huge impact on everyday life - just look at all the hospital appointments that had to be cancelled last year following WannaCry.
Some parts of Atacama have not received rainfall for 500 years - but a sudden deluge of water upset the Desert's delicate biological balance
Spitzer Space Telescope could not spot Oumuamua, suggesting that it is actually pretty small
Greenland crater one of the 25 largest impact craters on Earth
This long-sought progenitor star was identified in an image captured by Hubble in 2007