Reaper

Reaper (also known as APT37 or ScarCruft) is a North Korean cyber espionage group that has been active since at least 2012. The group has used a wide variety of tools, including custom malware, legitimate tools, and publicly available exploit code.

It is believed to be primarily tasked with intelligence gathering supporting the North Korean government's interests. The group primarily targets South Korean entities, but has also targeted individuals and entities in the US, Europe, Japan, Vietnam, and Middle Eastern countries. Reaper mainly focuses on South Korean government institutions, military, defense industries, media outlets, financial institutions, and individuals who are politically active with ties to North Korean topics.

Reaper has employed a wide variety of tools and targeted previously unknown zero-day vulnerabilities in its attacks. Specifically, the group has been observed using custom backdoors and remote access tools (RATs), as well as off-the-shelf tools, such as Cobalt Strike. Tools used by Reaper include (but are not limited to): ROKRAT, GOLDBACKDOOR, Dolphin, CORALDECK, ScarCruft Bluetooth Device Harvester, RokRat, SYSCON/DORIS, MILKDROP, Amadey.