Palo Alto Networks threat intelligence team, Unit 42 has released new research about the cybercriminal Reaper group, suspected by a range of cybersecurity organisations to be from North Korea.
This research builds off of last week’s Unit 42 report on the NOKKI malware family, and directly links it to the Reaper group.
In this blog, Unit 42 describes how Reaper is using a newly discovered malware family, (named Final1stspy), to deploy remote access trojans. The attacks in question began in July 2018, and targeted World Cup fans in Russia through a publicly available online ESPN article. An online article regarding the United States and North Korea summit in Singapore was also used to lure victims.