FILE - In this undated file photo distributed on Sept. 16, 2017, by the North Korean government, North Korean leader Kim Jong Un, right, celebrates what was said to be the test launch of an intermediate range Hwasong-12 missile at an undisclosed location in North Korea. North Korea says it will never give up its nuclear weapons as long as the United States and its allies continue their “blackmail and war drills” at its doorstep. Independent journalists were not given access to cover the event depicted in this image distributed by the North Korean government. The content of this image is as provided and cannot be independently verified. (Korean Central News Agency/Korea News Service via AP, File)
A previously unknown network of North Korean hackers has targeteding companies worldwide, including one in the Middle East, in retaliation for a failed business deal. Korean Central News Agency / KoreShow more

Revealed: How North Korea's 'Reaper' hackers target the Middle East

James Langton

A previously unknown network of North Korean hackers has targeted companies worldwide, including one in the Middle East, in retaliation for a failed business deal.

The network, known as 'Reaper' or APT37, has been operating since 2012, but has become increasingly active and sophisticated in recent months, a new report reveals.

According the cyber-security company FireEye, its victims included at least one company in the region, after it pulled out of a telecommunications deal with the regime of Kim Jong-un.

FireEye, which has offices in Dubai, says the organisation was hit because “it had been involved with a North Korean company and a business deal that went bad".

“The firm was targeted shortly [after] media reports of this schism had gone public," it said.

FireEye has declined to name the company, beyond saying it is based in Egypt, has “extensive relationships inside North Korea”, and that the Reaper network has expanded its sphere of operations worldwide and to a range of industries.

Mohammed Abukhater, FireEye's vice president for sales in the Middle East, said the Reaper network had come to the attention of the company's team of undercover investigators in 2015 but, speaking to The National, said they had recently become "very sophisticated and expanded their scope".

Mr Abukhater said that there was a lack of awareness in the region about the dangers of these attacks and that he "would not be surprised if there are more".

Complete protection against hackers was impossible, he said "but you need to have the right measures in place to to minimise the risk".


Read more:

UAE terminates diplomatic presence in North Korea and blocks entry visas into the Emirates


While the motivation in the attack on the Egyptian company was revenge, other incidents were designed to steal secrets or for extortion, Mr Abukhater said.

In December it was reported that the Egyptian telecommunications giant Orascom had pulled out of a mobile phone service it was providing to North Korea.

The deal had been set up in 2008, as a collaboration that established the country’s only 3G service with an estimated 300,000 new customers.

Orascom's chairman, the billionaire Naguib Sawaris, has told The Wall Street Journal that he was not aware of any North Korean cyberattack.

The company has also previously insisted that it has always followed UN requirements on trading with the regime.

The timing of the attacks appears to be linked to increasing pressure by the United States and the UN to enforce sanctions against Pyongyang as a result of its nuclear weapons and ballistic missile programme.

Last September, South Korean news agencies reported that Egypt’s defence minister, Sodki Sobhi, had agreed to cut all military ties to the North on a visit to Seoul.

According to FireEye: “The targeting effort may have been an attempt by the North Korean government to gather information on a former business partner.”

It reported that in May last year, APT37 used a bank liquidation letter as a front for a phishing attack on a board member of a company in the Middle East.

Phishing is a tactic in which an email closely resembles a genuine communication but can include attachments with malware or viruses.

In this instance, the report says, the board member was sent an attachment that exploited a known weakness in Microsoft Office that allowed the North Koreans to install a tool which could collect information and install more malicious files. Other attacks have used a vulnerability in Adobe Flash.

FireEye says it has “high confidence” that the Reaper attacks originate from North Korea because it inadvertently revealed IP addresses based in the country in at least one case.

Almost unknown until now, APT37: “has expanded its operations in both scope and sophistication”.

The timing of the attacks is also consistent with North Korean time zones, while the majority were aimed at defectors and South Korean organisations.

Last year the Reaper hackers expanded the range of their targets to include companies and organisations in Japan, Vietnam and the Middle East and in the fields of health care, electronics and aerospace.

In the past, North Korea has been blamed for the WannaCry ransomware, which infected an estimated 200,000 users, and the hacking of Sony Pictures, releasing confidential material, apparently in retaliation for the film The Interview, a comedy which imagined the assassination of Kim Jong-un by bumbling American agents.

UAE currency: the story behind the money in your pockets
The Specs

Engine: 1.6-litre 4-cylinder petrol
Power: 118hp
Torque: 149Nm
Transmission: Six-speed automatic
Price: From Dh61,500
On sale: Now

Company Profile

Company name: Namara
Started: June 2022
Founder: Mohammed Alnamara
Based: Dubai
Sector: Microfinance
Current number of staff: 16
Investment stage: Series A
Investors: Family offices


Manchester United 2 Tottenham Hotspur 1
Man United: Sanchez (24' ), Herrera (62')
Spurs: Alli (11')


Developer: SCE Studio Cambridge
Publisher: Sony Computer Entertainment
Console: PlayStation, PlayStation 4 and 5
Rating: 3.5/5

How does ToTok work?

The calling app is available to download on Google Play and Apple App Store

To successfully install ToTok, users are asked to enter their phone number and then create a nickname.

The app then gives users the option add their existing phone contacts, allowing them to immediately contact people also using the application by video or voice call or via message.

Users can also invite other contacts to download ToTok to allow them to make contact through the app.


Fitness problems in men's tennis

Andy Murray - hip

Novak Djokovic - elbow

Roger Federer - back

Stan Wawrinka - knee

Kei Nishikori - wrist

Marin Cilic - adductor

Confirmed bouts (more to be added)

Cory Sandhagen v Umar Nurmagomedov
Nick Diaz v Vicente Luque
Michael Chiesa v Tony Ferguson
Deiveson Figueiredo v Marlon Vera
Mackenzie Dern v Loopy Godinez

Tickets for the August 3 Fight Night, held in partnership with the Department of Culture and Tourism Abu Dhabi, went on sale earlier this month, through and


Name: Xpanceo

Started: 2018

Founders: Roman Axelrod, Valentyn Volkov

Based: Dubai, UAE

Industry: Smart contact lenses, augmented/virtual reality

Funding: $40 million

Investor: Opportunity Venture (Asia)

The UAE Today

The latest news and analysis from the Emirates

      By signing up, I agree to The National's privacy policy
      The UAE Today