Threat Intelligence Reports

Report: APT37 (Reaper): The Overlooked North Korean Actor

Learn more about a suspected North Korean cyber espionage group that we now track as APT37 (Reaper).

  • Targeting: Primarily South Korea – though also Japan, Vietnam and the Middle East – in various industry verticals, including chemicals, electronics, manufacturing, aerospace, automotive, and healthcare.
  • Initial Infection Tactics: Social engineering tactics tailored specifically to desired targets, strategic web compromises typical of targeted cyber espionage operations, and the use of torrent file-sharing sites to distribute malware more indiscriminately.
  • Exploited Vulnerabilities: Frequent exploitation of vulnerabilities in Hangul Word Processor (HWP), as well as Adobe Flash. The group has demonstrated access to zero-day vulnerabilities (CVE-2018-0802), and the ability to incorporate them into operations.
  • Command and Control Infrastructure: Compromised servers, messaging platforms, and cloud service providers to avoid detection. The group has shown increasing sophistication by improving their operational security over time.
  • Malware: A diverse suite of malware for initial intrusion and exfiltration. Along with custom malware used for espionage purposes, APT37 also has access to destructive malware.
APT37 (REAPER) report cover

Cyber threat intelligence on advanced attack groups and technology vulnerabilities

FireEye regularly publishes cyber threat intelligence reports that describe the members of Advanced Persistent Threat (APT) groups, how they work and how to recognize their tactics, techniques and procedures. Cyber threat intelligence reports also cover vulnerabilities of specific business technologies, such as email, sandboxes and mobile devices. With access to such details cyber security experts can build better defenses against these APT groups and advanced cyber attacks.

FIN10: Anatomy of a Cyber Extortion Operation

A set of financially motivated intrusion operations being carried out by an actor dubbed FIN10 are targeting casinos and mining organizations in North America (with a focus on Canada).

Download report

APT28: At the center of the Russian cyber storm

Is the threat actor group, APT28, sponsored by the Russian government? Read about their decade-long cyber support of Russia's strategic interests, impacting the Syrian conflict, the 2016 U.S. presidential election and more.

Download report

Follow the Money: Dissecting the operations of the cyber crime group FIN6

Learn more about FIN6 threat group, their operations to steal payment card data and how they sell that information to an underground card shop.

Download report

Threat Intelligence: Independent Research

Threat Intelligence: Attack Groups

Threat Intelligence: Technologies