A previously unknown network of North Korean hackers has targeted companies worldwide, including one in the Middle East, in retaliation for a failed business deal.
The network, known as 'Reaper' or APT37, has been operating since 2012, but has become increasingly active and sophisticated in recent months, a new report reveals.
According the cyber-security company FireEye, its victims included at least one company in the region, after it pulled out of a telecommunications deal with the regime of Kim Jong-un.
FireEye, which has offices in Dubai, says the organisation was hit because “it had been involved with a North Korean company and a business deal that went bad".
“The firm was targeted shortly [after] media reports of this schism had gone public," it said.
FireEye has declined to name the company, beyond saying it is based in Egypt, has “extensive relationships inside North Korea”, and that the Reaper network has expanded its sphere of operations worldwide and to a range of industries.
Mohammed Abukhater, FireEye's vice president for sales in the Middle East, said the Reaper network had come to the attention of the company's team of undercover investigators in 2015 but, speaking to The National, said they had recently become "very sophisticated and expanded their scope".
Mr Abukhater said that there was a lack of awareness in the region about the dangers of these attacks and that he "would not be surprised if there are more".
Complete protection against hackers was impossible, he said "but you need to have the right measures in place to to minimise the risk".
____________
Read more:
UAE terminates diplomatic presence in North Korea and blocks entry visas into the Emirates
____________
While the motivation in the attack on the Egyptian company was revenge, other incidents were designed to steal secrets or for extortion, Mr Abukhater said.
In December it was reported that the Egyptian telecommunications giant Orascom had pulled out of a mobile phone service it was providing to North Korea.
The deal had been set up in 2008, as a collaboration that established the country’s only 3G service with an estimated 300,000 new customers.
Orascom's chairman, the billionaire Naguib Sawaris, has told The Wall Street Journal that he was not aware of any North Korean cyberattack.
The company has also previously insisted that it has always followed UN requirements on trading with the regime.
The timing of the attacks appears to be linked to increasing pressure by the United States and the UN to enforce sanctions against Pyongyang as a result of its nuclear weapons and ballistic missile programme.
Last September, South Korean news agencies reported that Egypt’s defence minister, Sodki Sobhi, had agreed to cut all military ties to the North on a visit to Seoul.
According to FireEye: “The targeting effort may have been an attempt by the North Korean government to gather information on a former business partner.”
It reported that in May last year, APT37 used a bank liquidation letter as a front for a phishing attack on a board member of a company in the Middle East.
Phishing is a tactic in which an email closely resembles a genuine communication but can include attachments with malware or viruses.
In this instance, the report says, the board member was sent an attachment that exploited a known weakness in Microsoft Office that allowed the North Koreans to install a tool which could collect information and install more malicious files. Other attacks have used a vulnerability in Adobe Flash.
FireEye says it has “high confidence” that the Reaper attacks originate from North Korea because it inadvertently revealed IP addresses based in the country in at least one case.
Almost unknown until now, APT37: “has expanded its operations in both scope and sophistication”.
The timing of the attacks is also consistent with North Korean time zones, while the majority were aimed at defectors and South Korean organisations.
Last year the Reaper hackers expanded the range of their targets to include companies and organisations in Japan, Vietnam and the Middle East and in the fields of health care, electronics and aerospace.
In the past, North Korea has been blamed for the WannaCry ransomware, which infected an estimated 200,000 users, and the hacking of Sony Pictures, releasing confidential material, apparently in retaliation for the film The Interview, a comedy which imagined the assassination of Kim Jong-un by bumbling American agents.
Funk Wav Bounces Vol.1
Calvin Harris
Columbia
Key facilities
- Olympic-size swimming pool with a split bulkhead for multi-use configurations, including water polo and 50m/25m training lanes
- Premier League-standard football pitch
- 400m Olympic running track
- NBA-spec basketball court with auditorium
- 600-seat auditorium
- Spaces for historical and cultural exploration
- An elevated football field that doubles as a helipad
- Specialist robotics and science laboratories
- AR and VR-enabled learning centres
- Disruption Lab and Research Centre for developing entrepreneurial skills
The smuggler
Eldarir had arrived at JFK in January 2020 with three suitcases, containing goods he valued at $300, when he was directed to a search area.
Officers found 41 gold artefacts among the bags, including amulets from a funerary set which prepared the deceased for the afterlife.
Also found was a cartouche of a Ptolemaic king on a relief that was originally part of a royal building or temple.
The largest single group of items found in Eldarir’s cases were 400 shabtis, or figurines.
Khouli conviction
Khouli smuggled items into the US by making false declarations to customs about the country of origin and value of the items.
According to Immigration and Customs Enforcement, he provided “false provenances which stated that [two] Egyptian antiquities were part of a collection assembled by Khouli's father in Israel in the 1960s” when in fact “Khouli acquired the Egyptian antiquities from other dealers”.
He was sentenced to one year of probation, six months of home confinement and 200 hours of community service in 2012 after admitting buying and smuggling Egyptian antiquities, including coffins, funerary boats and limestone figures.
For sale
A number of other items said to come from the collection of Ezeldeen Taha Eldarir are currently or recently for sale.
Their provenance is described in near identical terms as the British Museum shabti: bought from Salahaddin Sirmali, "authenticated and appraised" by Hossen Rashed, then imported to the US in 1948.
- An Egyptian Mummy mask dating from 700BC-30BC, is on offer for £11,807 ($15,275) online by a seller in Mexico
- A coffin lid dating back to 664BC-332BC was offered for sale by a Colorado-based art dealer, with a starting price of $65,000
- A shabti that was on sale through a Chicago-based coin dealer, dating from 1567BC-1085BC, is up for $1,950
Living in...
This article is part of a guide on where to live in the UAE. Our reporters will profile some of the country’s most desirable districts, provide an estimate of rental prices and introduce you to some of the residents who call each area home.
Banned items
Dubai Police has also issued a list of banned items at the ground on Sunday. These include:
-
-
-
-
-
-
-
-
-
Political flags or banners
-
Bikes, skateboards or scooters
Tips for job-seekers
- Do not submit your application through the Easy Apply button on LinkedIn. Employers receive between 600 and 800 replies for each job advert on the platform. If you are the right fit for a job, connect to a relevant person in the company on LinkedIn and send them a direct message.
- Make sure you are an exact fit for the job advertised. If you are an HR manager with five years’ experience in retail and the job requires a similar candidate with five years’ experience in consumer, you should apply. But if you have no experience in HR, do not apply for the job.
David Mackenzie, founder of recruitment agency Mackenzie Jones Middle East
The White Lotus: Season three
Creator: Mike White
Starring: Walton Goggins, Jason Isaacs, Natasha Rothwell
Rating: 4.5/5
UAE currency: the story behind the money in your pockets
2025 Fifa Club World Cup groups
Group A: Palmeiras, Porto, Al Ahly, Inter Miami.
Group B: Paris Saint-Germain, Atletico Madrid, Botafogo, Seattle.
Group C: Bayern Munich, Auckland City, Boca Juniors, Benfica.
Group D: Flamengo, ES Tunis, Chelsea, (Leon banned).
Group E: River Plate, Urawa, Monterrey, Inter Milan.
Group F: Fluminense, Borussia Dortmund, Ulsan, Mamelodi Sundowns.
Group G: Manchester City, Wydad, Al Ain, Juventus.
Group H: Real Madrid, Al Hilal, Pachuca, Salzburg.
COMPANY PROFILE
Name: Kumulus Water
Started: 2021
Founders: Iheb Triki and Mohamed Ali Abid
Based: Tunisia
Sector: Water technology
Number of staff: 22
Investment raised: $4 million
2025 Fifa Club World Cup groups
Group A: Palmeiras, Porto, Al Ahly, Inter Miami.
Group B: Paris Saint-Germain, Atletico Madrid, Botafogo, Seattle.
Group C: Bayern Munich, Auckland City, Boca Juniors, Benfica.
Group D: Flamengo, ES Tunis, Chelsea, Leon.
Group E: River Plate, Urawa, Monterrey, Inter Milan.
Group F: Fluminense, Borussia Dortmund, Ulsan, Mamelodi Sundowns.
Group G: Manchester City, Wydad, Al Ain, Juventus.
Group H: Real Madrid, Al Hilal, Pachuca, Salzburg.
The Specs
Price, base Dh379,000
Engine 2.9-litre, twin-turbo V6
Gearbox eight-speed automatic
Power 503bhp
Torque 443Nm
On sale now
360Vuz PROFILE
Date started: January 2017
Founder: Khaled Zaatarah
Based: Dubai and Los Angeles
Sector: Technology
Size: 21 employees
Funding: $7 million
Investors: Shorooq Partners, KBW Ventures, Vision Ventures, Hala Ventures, 500Startups, Plug and Play, Magnus Olsson, Samih Toukan, Jonathan Labin
Dubai Bling season three
Cast: Loujain Adada, Zeina Khoury, Farhana Bodi, Ebraheem Al Samadi, Mona Kattan, and couples Safa & Fahad Siddiqui and DJ Bliss & Danya Mohammed
Rating: 1/5
About%20My%20Father
%3Cp%3E%3Cstrong%3EDirector%3A%20%3C%2Fstrong%3ELaura%20Terruso%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EStars%3A%20%3C%2Fstrong%3ERobert%20De%20Niro%2C%20Sebastian%20Maniscalco%2C%20Kim%20Cattrall%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3ERating%3A%3C%2Fstrong%3E%202%2F5%26nbsp%3B%3C%2Fp%3E%0A
In numbers: PKK’s money network in Europe
Germany: PKK collectors typically bring in $18 million in cash a year – amount has trebled since 2010
Revolutionary tax: Investigators say about $2 million a year raised from ‘tax collection’ around Marseille
Extortion: Gunman convicted in 2023 of demanding $10,000 from Kurdish businessman in Stockholm
Drug trade: PKK income claimed by Turkish anti-drugs force in 2024 to be as high as $500 million a year
Denmark: PKK one of two terrorist groups along with Iranian separatists ASMLA to raise “two-digit million amounts”
Contributions: Hundreds of euros expected from typical Kurdish families and thousands from business owners
TV channel: Kurdish Roj TV accounts frozen and went bankrupt after Denmark fined it more than $1 million over PKK links in 2013
The specs
Engine: Four electric motors, one at each wheel
Power: 579hp
Torque: 859Nm
Transmission: Single-speed automatic
Price: From Dh825,900
On sale: Now
Skewed figures
In the village of Mevagissey in southwest England the housing stock has doubled in the last century while the number of residents is half the historic high. The village's Neighbourhood Development Plan states that 26% of homes are holiday retreats. Prices are high, averaging around £300,000, £50,000 more than the Cornish average of £250,000. The local average wage is £15,458.
Mercer, the investment consulting arm of US services company Marsh & McLennan, expects its wealth division to at least double its assets under management (AUM) in the Middle East as wealth in the region continues to grow despite economic headwinds, a company official said.
Mercer Wealth, which globally has $160 billion in AUM, plans to boost its AUM in the region to $2-$3bn in the next 2-3 years from the present $1bn, said Yasir AbuShaban, a Dubai-based principal with Mercer Wealth.
“Within the next two to three years, we are looking at reaching $2 to $3 billion as a conservative estimate and we do see an opportunity to do so,” said Mr AbuShaban.
Mercer does not directly make investments, but allocates clients’ money they have discretion to, to professional asset managers. They also provide advice to clients.
“We have buying power. We can negotiate on their (client’s) behalf with asset managers to provide them lower fees than they otherwise would have to get on their own,” he added.
Mercer Wealth’s clients include sovereign wealth funds, family offices, and insurance companies among others.
From its office in Dubai, Mercer also looks after Africa, India and Turkey, where they also see opportunity for growth.
Wealth creation in Middle East and Africa (MEA) grew 8.5 per cent to $8.1 trillion last year from $7.5tn in 2015, higher than last year’s global average of 6 per cent and the second-highest growth in a region after Asia-Pacific which grew 9.9 per cent, according to consultancy Boston Consulting Group (BCG). In the region, where wealth grew just 1.9 per cent in 2015 compared with 2014, a pickup in oil prices has helped in wealth generation.
BCG is forecasting MEA wealth will rise to $12tn by 2021, growing at an annual average of 8 per cent.
Drivers of wealth generation in the region will be split evenly between new wealth creation and growth of performance of existing assets, according to BCG.
Another general trend in the region is clients’ looking for a comprehensive approach to investing, according to Mr AbuShaban.
“Institutional investors or some of the families are seeing a slowdown in the available capital they have to invest and in that sense they are looking at optimizing the way they manage their portfolios and making sure they are not investing haphazardly and different parts of their investment are working together,” said Mr AbuShaban.
Some clients also have a higher appetite for risk, given the low interest-rate environment that does not provide enough yield for some institutional investors. These clients are keen to invest in illiquid assets, such as private equity and infrastructure.
“What we have seen is a desire for higher returns in what has been a low-return environment specifically in various fixed income or bonds,” he said.
“In this environment, we have seen a de facto increase in the risk that clients are taking in things like illiquid investments, private equity investments, infrastructure and private debt, those kind of investments were higher illiquidity results in incrementally higher returns.”
The Abu Dhabi Investment Authority, one of the largest sovereign wealth funds, said in its 2016 report that has gradually increased its exposure in direct private equity and private credit transactions, mainly in Asian markets and especially in China and India. The authority’s private equity department focused on structured equities owing to “their defensive characteristics.”
COMPANY%20PROFILE
%3Cp%3E%3Cstrong%3EName%3A%20%3C%2Fstrong%3ESmartCrowd%0D%3Cbr%3E%3Cstrong%3EStarted%3A%20%3C%2Fstrong%3E2018%0D%3Cbr%3E%3Cstrong%3EFounder%3A%20%3C%2Fstrong%3ESiddiq%20Farid%20and%20Musfique%20Ahmed%0D%3Cbr%3E%3Cstrong%3EBased%3A%20%3C%2Fstrong%3EDubai%0D%3Cbr%3E%3Cstrong%3ESector%3A%20%3C%2Fstrong%3EFinTech%20%2F%20PropTech%0D%3Cbr%3E%3Cstrong%3EInitial%20investment%3A%20%3C%2Fstrong%3E%24650%2C000%0D%3Cbr%3E%3Cstrong%3ECurrent%20number%20of%20staff%3A%3C%2Fstrong%3E%2035%0D%3Cbr%3E%3Cstrong%3EInvestment%20stage%3A%20%3C%2Fstrong%3ESeries%20A%0D%3Cbr%3E%3Cstrong%3EInvestors%3A%20%3C%2Fstrong%3EVarious%20institutional%20investors%20and%20notable%20angel%20investors%20(500%20MENA%2C%20Shurooq%2C%20Mada%2C%20Seedstar%2C%20Tricap)%3C%2Fp%3E%0A
First Person
Richard Flanagan
Chatto & Windus
England-South Africa Test series
1st Test England win by 211 runs at Lord's, London
2nd Test South Africa win by 340 runs at Trent Bridge, Nottingham
3rd Test July 27-31 at The Oval, London
4th Test August 4-8 at Old Trafford, Manchester
NO OTHER LAND
Director: Basel Adra, Yuval Abraham, Rachel Szor, Hamdan Ballal
Stars: Basel Adra, Yuval Abraham
Rating: 3.5/5
