Threat actor · all actors
APT37G0067 state
🇰🇵 KP
aka APT37, InkySquid, ScarCruft, Reaper, Group123, TEMP.Reaper, Ricochet Chollima, APT 37, Group 123, Operation Daybreak, Operation Erebus, Reaper Group, Red Eyes, Venus 121, ATK4, G0067, Moldy Pisces, APT-C-28
Last updated: 2026-07-03
About this actor
[APT37](https://attack.mitre.org/groups/G0067) is a North Korean state-sponsored cyber espionage group that has been active since at least 2012. The group has targeted victims primarily in South Korea, but also in Japan, Vietnam, Russia, Nepal, China, India, Romania, Kuwait, and other parts of the Middle East. [APT37](https://attack.mitre.org/groups/G0067) has also been linked to the following campaigns between 2016-2018: Operation Daybreak, Operation Erebus, Golden Time, Evil New Year, Are you Happy?, FreeMilk, North Korean Human Rights, and Evil New Year 2018.(Citation: FireEye APT37 Feb 2018)(Citation: Securelist ScarCruft Jun 2016)(Citation: Talos Group123) North Korean group definitions are known to have significant overlap, and some security researchers report all North Korean state-sponsored cyber activity under the name [Lazarus Group](https://attack.mitre.org/groups/G0032) instead of tracking clusters or subgroups.
Source: MITRE ATT&CK
Activity timeline
- 2016 — 1 CVE published
- 2015 — 1 CVE published
- 2014 — 1 CVE published
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
CVE-2015-3105 | 8.0 | 0.0 | 0.9732 | 2015-06-10 | see CVE |
CVE-2013-4979 | 6.0 | 0.0 | 0.1171 | 2014-01-31 | see CVE |
CVE-2016-0147 | 6.0 | 8.8 | 0.2642 | 2016-04-12 | see CVE |
CVE-2013-0808 | 0.0 | 0.0 | 0.0000 | see CVE |
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
SI-4 | 30 / 40 | 75% |
CM-2 | 26 / 40 | 65% |
CM-6 | 25 / 40 | 62% |
SI-3 | 25 / 40 | 62% |
AC-6 | 19 / 40 | 48% |
CM-7 | 17 / 40 | 42% |
AC-3 | 16 / 40 | 40% |
CA-7 | 16 / 40 | 40% |
SI-2 | 16 / 40 | 40% |
SC-7 | 14 / 40 | 35% |
SI-7 | 14 / 40 | 35% |
AC-4 | 13 / 40 | 32% |
AC-2 | 12 / 40 | 30% |
CM-8 | 9 / 40 | 22% |
RA-5 | 9 / 40 | 22% |
Co-occurring actors
None.
Similar actors
Similar TTPs
- Windshift 0.39
- Patchwork 0.36
- BRONZE BUTLER 0.32
- Inception 0.32
- Frankenstein 0.32
Active in same years
- 2016 Ukraine Electric Power Attack 1.00
- 2015 Ukraine Electric Power Attack 1.00
- NEODYMIUM 1.00
- PROMETHIUM 1.00
- APT38 1.00
Same nation-state
- Operation Dream Job 1.00
- 3CX Supply Chain Attack 1.00
- Lazarus Group 1.00
- APT38 1.00
- Kimsuky 1.00
Same category
- Night Dragon 1.00
- FunnyDream 1.00
- C0011 1.00
- Operation Wocao 1.00
- Operation Dream Job 1.00