RedEyes

Threat Actor updated 4 days ago (2024-10-21T09:00:55.571Z)
Download STIX
Preview STIX
RedEyes, also known as APT37, TA-RedAnt, Reaper, ScarCruft, Group123, InkSquid, BadRAT, and Ricochet Chollima, is a North Korea-linked threat actor known for its malicious cyber activities. It recently exploited an Internet Explorer zero-day vulnerability (CVE-2024-38178 with a CVSS score of 7.5) in a supply chain attack. The group has been observed using a new malware called FadeStealer to steal information from targeted systems and send it to a command-and-control (C2) server. RedEyes' attacks are typically aimed at specific individuals such as North Korean defectors, human rights activists, and university professors. In addition to exploiting vulnerabilities, the group has been spreading malicious emails related to Cambodian affairs in the Khmer language to lure targets. This strategy suggests a shift in tactics and demonstrates their adaptability. Moreover, they have been deploying CloudMensis malware that attempts to identify where SIP is disabled in order to load its own malicious database. While not considered highly sophisticated, this malware is designed to steal various information from compromised machines that can be used as stepping-stones for future attacks. ASEC and Securonix, among other cybersecurity entities, are actively monitoring the activities of the RedEyes group and taking steps to mitigate further damage. The state-sponsored group's recent use of an infostealer targeting North Korean defectors, human rights activists, and university professors underscores the persistent threat they pose. As these attacks continue, organizations are urged to remain vigilant and proactive in their cybersecurity measures to counteract the ongoing threats posed by RedEyes.
Description last updated: 2024-10-21T08:39:13.340Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Reaper is a possible alias for RedEyes. Reaper, also known as APT37, Inky Squid, RedEyes, or ScarCruft, is a threat actor group attributed to North Korea. It deploys ROKRAT, a malicious tool that has been used in cyber exploitation since the 1970s. This group is also tied to the NOKKI malware family, which originated from research surroun
3
APT37 is a possible alias for RedEyes. APT37, also known as RedEyes, TA-RedAnt, Reaper, ScarCruft, and Group123, is a threat actor suspected to be linked with North Korea. This group has been active since at least 2012 and targets various industry verticals primarily in South Korea, but also in Japan, Vietnam, and the Middle East. These
3
ScarCruft is a possible alias for RedEyes. ScarCruft, also known as APT37, Inky Squid, RedEyes, Reaper, or Group123, is a North Korean threat actor group associated with malicious cyber activities. Their actions have been linked to the execution of targeted attacks against individual Android devices, as outlined in a VB2023 paper titled "Int
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
State Sponso...
Infostealer
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the RedEyes Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Securityaffairs
4 days ago
DARKReading
22 days ago
DARKReading
6 months ago
DARKReading
6 months ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
InfoSecurity-magazine
a year ago