North Korean cyber-spy group “Reaper” is emerging as a global threat, conducting espionage well beyond the Korean peninsula in support of Pyongyang’s military and economic interests, says US cybersecurity firm FireEye Inc.
The group, known also as APT37, in 2017 began attacking targets in Japan, Vietnam and the Middle East after having focused on its southern neighbor for years, FireEye said in a report. The hacking group — traced to an IP address in North Korea — now infiltrates a range of industries from electronics and aerospace to automotive and health care, the cybersecurity firm said.
Reaper joins a growing list of hacking units linked to Kim Jong-un’s regime, including “Lazarus,” which the US blamed for a 2014 data theft at Sony Pictures Entertainment. North Korea has been widening its cyber-operations in pursuit of cash and intelligence in an attempt to cushion the impact of international sanctions, and Reaper underscores the challenge in fending them off.
Photo: AP
照片:美聯社
Reaper has been active since at least 2012, and typically sends its targets e-mails laced with malware to steal confidential information. Its targets have included a Middle Eastern telecommunications company doing business in North Korea, a Japan-based entity associated with a United Nations group on sanctions and the general director of a Vietnamese trading company, FireEye said, declining to name the victims.
“North Korea appears to be confident about hacking South Korea and now wants to look beyond,” said Shin Jin, a professor of political science at South Korea’s Chungnam National University. “Foreign nations are an unexplored market and many of them have security infrastructure weaker than South Korea.”
The group came under FireEye’s scrutiny when South Korea warned last month about a security vulnerability in Adobe Flash. A developer believed to belong to Reaper made the mistake of revealing his or her North Korean IP address, John Hultquist, FireEye’s director of intelligence analysis said. It’s unclear how large the group is, he added. “Ignored, these threats enjoy the benefit of surprise, allowing them to extract significant losses on their victims, many of whom have never previously heard of the actor,” FireEye said in an emailed statement.
(Bloomberg)
美國網路安全公司火眼指出,北韓網路間諜組織「死神」為了平壤的軍事與經濟利益,進行間諜情報的活動範圍已遠遠超出朝鮮半島,逐漸浮現成為全球性的威脅。
火眼公司在報告中表示,這個組織又以「APT37」為人所知,數年來皆針對南韓發動網路攻擊,然而該組織卻從二○一七年開始攻擊位於日本、越南、以及中東地區等地的目標。網路安全公司火眼的報告指出,此駭客組織──其網際網路協定位址(IP地址)可追溯到北韓境內──現在已滲透到許多產業中,範圍包括電子業和航太工業,以至於汽車產業與健康照護產業。
「死神」被歸類為與金正恩政權密切相關的多組駭客團隊之一,該名單內的成員不斷增加,其中名為「拉撒路」的團隊被美國認為是二○一四年索尼影視娛樂公司資料遭竊的幕後黑手。近年來,北韓持續擴展他們的網路攻擊行動範圍,為的是籌措更多現金與情報資訊,以減緩國際制裁帶來的衝擊,而「死神」的行動恰恰強調出北韓這類為抵禦國際制裁而帶給各國的挑戰。
「死神」至少從二○一二年開始就已展開活動,最典型的手段是將攜帶惡意軟體的電子郵件寄給攻擊目標,以竊取機密資訊。火眼公司表示,「死神」歷來鎖定的攻擊目標包括一間在北韓從事商業活動的中東電信公司、一間成立於日本並與聯合國某個制裁北韓組織相關的公司實體,以及一間越南貿易公司的總經理,不過火眼公司拒絕提出明確的受害者名單。
南韓忠南國立大學政治學系教授申進(音)表示:「北韓看起來對於向南韓發動駭客攻擊已經胸有成竹,所以現在想要向外尋找其它目標。」他也指出:「外國對北韓而言就像是未經開發的市場,而且其中多數國家的網路安全基礎建設都比南韓差。」
南韓在上個月曾經提出警告,指出常見的多媒體程式播放器 Adobe Flash 有某項安全漏洞,北韓的駭客集團就在此時被火眼公司盯上。火眼公司情報分析主任霍奎斯特表示,一位據信隸屬於「死神」團隊的程式開發人員不小心洩漏了他/她在北韓的網際網路協定位址。霍奎斯特補充說,目前並無法確知這個駭客集團的規模有多大。不過,火眼公司以電子郵件發送的聲明稿中提到:「由於長期不為人所知,這些安全威脅便得以攻人於不備,造成受害者極為嚴重的損失,而許多受害者甚至之前從來都沒有聽過這個駭客團隊的名號。」
(台北時報章厚明譯)
Follow up
課後練習
Reading Comprehension
1. In addition to stealing military secrets, Reaper is also engaged in industrial espionage.
(True/false)
2. Ransomware is used by hackers to steal information, whereas malware is used to extort money from its victims. (True/false)
3. Which industries are known to have been targeted by the Reaper cyber-spy group?
4. Why have international sanctions on North Korea been linked to an increase in cyberattacks from the country’s hacking groups?
5. If you were the owner of a business, what would you do to protect your company from hacking attacks?
(Edward Jones, Taipei Times)
The strongest earthquake to hit Taiwan in 25 years killed at least 16 people and damaged dozens of buildings, but the destruction was largely contained thanks to decades of preparedness work. Taiwan sits on the “Ring of Fire,” an arc of intense seismic activity along the Pacific Rim, and — much like neighboring Japan — has a long history of catastrophic quakes. How does April 3 compare with other recent quakes? The April 3 earthquake, which measured 7.4 on the moment magnitude scale, was felt across Taiwan. It was the most severe since a 7.6 magnitude quake in 1999 killed
Around the time of the Dragon Boat Festival in June, the streets of Taiwan are filled with the delightful aroma of zongzi, a traditional snack made of sticky rice wrapped in leaves. The leaves are folded into a cone and then filled with sticky rice and other ingredients such as braised pork belly, peanuts and salted duck egg yolks. The filled leaves are then tightly tied with kitchen twine and ready for cooking. 每到六月端午時節,街頭巷尾就會飄出粽子的香氣。粽子是將糯米包進粽葉的傳統美食,先將粽葉折成圓錐狀塞入糯米,以及紅燒肉、花生、鹹鴨蛋黃等配料,用棉線綁緊後即可烹煮。 Dragon Boat Festival (n. phr.) 端午節 aroma
Everyone has seen a piece of fruit turn brown after being cut. Have you ever wondered why that happens? It is a common phenomenon that occurs due to a chemical reaction called enzymatic browning. The appearance, flavor and nutritional value of the fruit are all affected by this reaction. Some fruits, such as apples, pears, bananas, avocados and peaches, are more prone to enzymatic browning than others. These fruits contain high levels of an enzyme called polyphenol oxidase, or PPO for short. __1__ This causes a chain of chemical reactions that ultimately transforms the phenolic compounds into
A: As well as Eid al-Fitr, Southeast Asia is celebrating the Water Festival this week. B: And this year, Thailand is expanding the celebration between April 12 and 16 for the event, officially known as the Songkran Festival, expecting to make 24.3 billion Thai baht in tourism revenue. A: Does Taiwan celebrate the Water Festival? B: Some local cities and counties do have similar activities. A: Let’s go experience the festival then. A: 除了「開齋節」外,東南亞「潑水節」本週也盛大登場! B: 泰國今年從4月12日到16日擴大「宋干節」連假,預估觀光收入可高達243億泰銖。 A: 台灣會慶祝「潑水節」嗎? B: 有些縣市會舉辦類似活動。 A: 那我們也去體驗一下吧。 (By Eddy Chang, Taipei Times/台北時報張聖恩)