North Korea-Linked Group Launches New Cyber Attack Campaign Named “Artemis”

A cyber hacking group linked to North Korea has initiated a new cyber attack campaign known as “Artemis,” as revealed in a report on Monday. The Genians Security Center (GSC), a South Korean cybersecurity institute, identified this operation, believed to be conducted by APT37, a cyber hacking group supported by Pyongyang. The report disclosed that the threat actors inserted malicious object linking and embedding (OLE) code within Hangul Word Processor (HWP) documents. When a user permits the opening of the document’s content and clicks a hyperlink in the file, an attack chain is activated. HWP is a widely used document file format in South Korea.
These findings come after a report in October by 38 North, a U.S.-based website monitoring North Korea, which highlighted that North Korean cyber operators have frequently exploited the HWP format to breach government, military, and crucial industrial networks in South Korea. The GSC report stated, “This attack showcases APT37’s continuous pattern of sophisticated reconnaissance and infiltration activities.” It also suggests that the group is enhancing its capabilities by utilizing advanced technical methods.
In a separate incident in November, a North Korea-linked hacking group launched a novel form of cyberattack that remotely controls Android smartphones and personal computers (PCs) to erase essential data like photos, documents, and contact information. This group, likely associated with Pyongyang-sponsored groups Kimsuky or APT37, infiltrated victims’ smartphones and PCs through malware distributed via KakaoTalk and pilfered account information for Google and major domestic IT services. They remotely reset the smartphones using Google’s location-based tracking system to confirm that the victims were away from their homes or offices. This remote reset disrupted normal device functions, hindering notification and message alerts from messenger apps, thereby impeding the account owner’s awareness channel and delaying detection and response. Consequently, crucial data stored on the infected devices, such as photos, documents, and contacts, were entirely erased.