Cyber Resilience

Threat actor · all actors

APT37G0067 state

🇰🇵 KP

aka APT37, InkySquid, ScarCruft, Reaper, Group123, TEMP.Reaper, Ricochet Chollima, APT 37, Group 123, Operation Daybreak, Operation Erebus, Reaper Group, Red Eyes, Venus 121, ATK4, G0067, Moldy Pisces, APT-C-28

Last updated: 2026-07-03

4attributed CVEs
40ATT&CK techniques
17.2IDF score (tooling uniqueness)
4exclusive CVEs
2014–2016years active

About this actor

[APT37](https://attack.mitre.org/groups/G0067) is a North Korean state-sponsored cyber espionage group that has been active since at least 2012. The group has targeted victims primarily in South Korea, but also in Japan, Vietnam, Russia, Nepal, China, India, Romania, Kuwait, and other parts of the Middle East. [APT37](https://attack.mitre.org/groups/G0067) has also been linked to the following campaigns between 2016-2018: Operation Daybreak, Operation Erebus, Golden Time, Evil New Year, Are you Happy?, FreeMilk, North Korean Human Rights, and Evil New Year 2018.(Citation: FireEye APT37 Feb 2018)(Citation: Securelist ScarCruft Jun 2016)(Citation: Talos Group123) North Korean group definitions are known to have significant overlap, and some security researchers report all North Korean state-sponsored cyber activity under the name [Lazarus Group](https://attack.mitre.org/groups/G0032) instead of tracking clusters or subgroups.

Source: MITRE ATT&CK

Activity timeline

Profile

CVERiskCVSSEPSSPublishedProducts
CVE-2015-3105 8.00.00.97322015-06-10see CVE
CVE-2013-4979 6.00.00.11712014-01-31see CVE
CVE-2016-0147 6.08.80.26422016-04-12see CVE
CVE-2013-0808 0.00.00.0000see CVE

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-430 / 4075%
CM-226 / 4065%
CM-625 / 4062%
SI-325 / 4062%
AC-619 / 4048%
CM-717 / 4042%
AC-316 / 4040%
CA-716 / 4040%
SI-216 / 4040%
SC-714 / 4035%
SI-714 / 4035%
AC-413 / 4032%
AC-212 / 4030%
CM-89 / 4022%
RA-59 / 4022%

Co-occurring actors

None.

Similar actors

Similar TTPs