Hackers for Hire: Proxy Warfare in the Cyber Realm

In February 2018, the cybersecurity firm FireEye published a report detailing the activities of a hacker group called APT37 (also known as Reaper, TEMP.Reaper, ScarCruft, or Group123), which had carried out a series of cyberattacks across Asia. The report assessed “with high confidence” that the group was acting on behalf of the North Korean government. APT37 primarily engages in gathering intelligence on South Korean entities, particularly those affiliated with the government, military, and defense industries. It has also targeted organizations active in helping North Korean defectors and those engaged in reunification efforts on the Korean Peninsula. This is just one example of a rising trend, as states increasingly turn to “cyber proxies”—hacker groups that carry out cyber operations on behalf of or in concert with nation states. Yet analysts know very little about how these groups operate and the nature of their relations with their state sponsors: the clandestine nature of cyber operations means these proxies have largely gone unnoticed. If the United States is to respond effectively to this emerging risk, it needs a better understanding of their activities.