Another group of North Korean hackers is now targeting major international companies, according to a new report.
The group, dubbed Reaper, stepped up its efforts to spy on big South Korean conglomerates last year, cybersecurity research firm FireEye said in a report published Tuesday.
"We're talking multinationals, they have offices all over the world. Companies like that, any effect can reverberate, because it's global already," said John Hultquist, FireEye's director of intelligence analysis.
Most of the global cyberattacks previously tied to North Korea have been attributed to a group known as Lazarus. FireEye said Reaper is now another threat that governments and companies need keep an eye on.
"We expect very aggressive activity in the near future," Hultquist said.
He declined to name the target firms but said they are Fortune Global 500 companies that are "the crown jewels" of the South Korean economy.
Samsung Electronics, Hyundai and LG Electronics all fit that description.
A spokeswoman for LG said she is not aware of any cyberattacks by North Korea against the company. Samsung and Hyundai did not immediately respond to a request for comment.
FireEye said Reaper has been active since at least 2012. It drew little attention as it discreetly spied on South Korea's government, military, defense and media sectors. But last year, the hackers became more ambitious, targeting big South Korean conglomerates in industries like aerospace, electronics, automotive and manufacturing.
So far, their efforts have taken the form of "classic espionage" by focusing on covert intelligence gathering, Hultquist said. But he warned that they are capable of inflicting serious damage.
"If you wanted to target South Korea's economy, it could be as easy as a ransomware attack on a series of major companies," he said.
Kim Jong Un's regime has repeatedly denied involvement in international cyberattacks. But FireEye says it is highly confident that Reaper is acting on behalf of the North Korean government.
"They have shown very little regard for norms and red lines, and again and again pushed the limits of acceptable behavior for a nation state," Hultquist said.
Reaper is already expanding beyond South Korea by pursuing targets in the Middle East, Japan and Vietnam.
A Middle Eastern telecommunications company was targeted last year after a business deal in North Korea went bad, according to FireEye. It "may have been an attempt by the North Korean government to gather information on a former business partner," the report said.
Other targets include the director of a Vietnamese international trading and transport company, and people in Japan working with organizations related to the Olympics.
- Here's a new North Korean hacking threat to worry about
- How serious is the North Korean anthrax threat?
- Justice Dept. announces charges against North Korean programmer for Sony hack
- US charges North Korean programmer
- South Korean leader welcomes North Korean Olympic participation
- Tillerson confronts North Korean diplomat at UN
- North Korean soldier defects across demilitarized zone
- Russia's hidden world of North Korean labor
- North, South Korean leaders to meet again
- Japan military budget grows for seventh year in face of North Korean threat