Full Report
2025-03-12 • Lookout • Lookout • apk.kospy Open article on Malpedia
Analysis Summary
# Threat Actor: APT37 (Lookout Discovery)
## Attribution & Identity
Attributed to North Korea (DPRK). The analysis was conducted by Lookout. Associated with the discovery of a new spyware.
## Activity Summary
The article focuses on the discovery of a new spyware deployed by APT37. Specific campaigns besides this new spyware deployment are not detailed in the provided context snippet.
## Tactics, Techniques & Procedures
- The actor is deploying new spyware.
- *Note: No specific TTPs or MITRE ATT&CK IDs were provided in the context.*
## Targeting
- Sectors: *Not explicitly mentioned in the context.*
- Geography: Implied focus related to North Korea's typical targeting patterns, but not specified here.
- Victims: *Not explicitly mentioned in the context.*
## Tools & Infrastructure
- Malware families used: New Spyware (associated with the identifier `apk.kospy`).
- Infrastructure (C2, domains, IPs): *None provided in the context.*
## Implications
APT37 continues to develop and deploy sophisticated mobile surveillance capabilities, demonstrating an ongoing commitment to intelligence gathering via mobile platforms.
## Mitigations
- Focus defense efforts on monitoring and mitigating the TTPs associated with the newly discovered spyware (referenced as `apk.kospy`).
- Maintain vigilance for mobile platform compromise attempts from known North Korean threat actors.