APT GROUP123
Contents
Published On : 2025-05-14
Group123 is a North Korean state-sponsored advanced persistent threat (APT) group active since at least 2012. It is also tracked under other names such as APT37, Reaper, and ScarCruft by various cybersecurity firms. The group is known for its cyber espionage campaigns primarily targeting South Korea, however since 2017 it has expanded its operations to Japan, Vietnam, the Middle East, and other regions.
Alias:
Cloud Dragon, InkySquid, APT37, ITG10, Reaper, Red Eyes, RedAnt, Ricochet Chollima, ScarCruft, TEMP.Reaper
Target Technologies:
Office Suites Software, Operating System, Web Application
Motivation:
Information Theft, Espionage
Targeted Regions:
East Asia, Southeast Asia, Middle East
Targeted Country:
South Korea, Japan, Vietnam, China, Russia, Nepal, India, Kuwait, Romania, Czechia, Poland, Middle East countries, and the United States
Targeted Industries:
Tools Used by Group123:
SLOWDRIFT, MS Office exploits, Konni, Oceansalt, HAPPYWORK, Freenki Loader, N1stAgent, KevDroid, PoohMilk Loader, WINERACK, KARAE, RUHAPPY, GELCAPSULE, Flash Exploits, RICECURRY, SOUNDWAVE, ZUMKONG, Nokki, Syscon, CARROTBALL, GreezeBackdoor, NavRAT, RokRat, CVE-2016-4117, DOGCALL, CARROTBAT, CORALDECK, POORAIM, MILKDROP, SHUTTERSPEED, …
Group123 is a North Korean state-sponsored advanced persistent threat (APT) group active since at least 2012. It is also tracked under other names such as APT37, Reaper, and ScarCruft by various cybersecurity firms. The group is known for its cyber espionage campaigns primarily targeting South Korea, however since 2017 it has expanded its operations to Japan, Vietnam, the Middle East, and other regions.
Alias:
Cloud Dragon, InkySquid, APT37, ITG10, Reaper, Red Eyes, RedAnt, Ricochet Chollima, ScarCruft, TEMP.Reaper
Target Technologies:
Office Suites Software, Operating System, Web Application
Motivation:
Information Theft, Espionage
Targeted Regions:
East Asia, Southeast Asia, Middle East
Targeted Country:
South Korea, Japan, Vietnam, China, Russia, Nepal, India, Kuwait, Romania, Czechia, Poland, Middle East countries, and the United States
Targeted Industries:
Tools Used by Group123:
SLOWDRIFT, MS Office exploits, Konni, Oceansalt, HAPPYWORK, Freenki Loader, N1stAgent, KevDroid, PoohMilk Loader, WINERACK, KARAE, RUHAPPY, GELCAPSULE, Flash Exploits, RICECURRY, SOUNDWAVE, ZUMKONG, Nokki, Syscon, CARROTBALL, GreezeBackdoor, NavRAT, RokRat, CVE-2016-4117, DOGCALL, CARROTBAT, CORALDECK, POORAIM, MILKDROP, SHUTTERSPEED, …