APT / THREAT GROUP🕵️ ESPIONAGEADVANCED

APT37

🇰🇵North Korea-attributed
1
campaigns
6
aliases
Last seen:Mar 17, 2026

Intelligence Profile

[APT37](https://attack.mitre.org/groups/G0067) is a North Korean state-sponsored cyber espionage group that has been active since at least 2012. The group has targeted victims primarily in South Korea, but also in Japan, Vietnam, Russia, Nepal, China, India, Romania, Kuwait, and other parts of the Middle East. [APT37](https://attack.mitre.org/groups/G0067) has also been linked to the following campaigns between 2016-2018: Operation Daybreak, Operation Erebus, Golden Time, Evil New Year, Are you Happy?, FreeMilk, North Korean Human Rights, and Evil New Year 2018.(Citation: FireEye APT37 Feb 2018)(Citation: Securelist ScarCruft Jun 2016)(Citation: Talos Group123)

North Korean group definitions are known to have significant overlap, and some security researchers report all North Korean state-sponsored cyber activity under the name [Lazarus Group](https://attack.mitre.org/groups/G0032) instead of tracking clusters or subgroups.

Threat Analysis

APT37 is a advanced-sophistication threat actor attributed to North Korea, engaged in cyber operations with a primary motivation of espionage.

The group's espionage-oriented operations suggest a state-sponsored or state-aligned mandate, typically focused on stealing intellectual property, government secrets, or military intelligence. Targets are usually selected for strategic value rather than financial gain.

Classified as an advanced threat actor, APT37 likely develops or acquires zero-day exploits, employs custom malware toolchains, and demonstrates long-term persistence capabilities — hallmarks of a well-resourced operation consistent with nation-state backing.

Known Campaigns

APT37 — Active Operations March 2026

APT37 is a espionage threat actor attributed to North Korea. APT37 has likely been active since at least 2012 and focuses on targeting the public and private sectors primarily in South Korea. In 2017, APT37 expanded its targeting beyond the Korean peninsula to include Japan, Vietnam and the Middle East, and to a wider range of industry ver...

ACTIVEHIGH2026

Intelligence Reports Mentioning APT37

External References

Quick Facts

TypeAPT / Threat Group
Motivation🕵️ espionage
Sophisticationadvanced
Origin🇰🇵 North Korea
Aliases6
SourceMalpedia

Also Known As

InkySquidScarCruftReaperGroup123TEMP.ReaperRicochet Chollima

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.