RUHAPPY
The North Korean group of hackers known as APT3 is infamous for the diverse toolset that allows them to carry out swift and threatening attacks against high-profile targets in South Korea and the Middle East. While the group is not as active as Lazarus (another famous group with links to the North Korean government), it is an Advanced Persistent Threat actor that specializes in long-term reconnaissance operations and data exfiltration from its targets. While the majority of its arsenal consists of backdoor Trojans, Remote Access Trojans (RATs), and infostealers, they also rely on very destructive wipers like RUHAPPY.
The RUHAPPY Wiper Targets the Hard Disk's Master Boot Record
The RUHAPPY malware has been utilized in very few attacks, and it was often used after a machine was infected by APT37's DOGCALL malware, a threat dedicated to providing attackers with backdoor access to compromised hosts. However, while DOGCALL is responsible for executing remote commands and gathering intelligence, the RUHAPPY wiper malware is far simpler and more destructive – it attempts to overwrite a hard drive's Master Boot Record (MBR). If this task is accomplished, the RUHAPPY malware may render the target's computer inoperable – the victim will see the message 'Are you Happy?' whenever they try to boot the computer.
Copies of the RUHAPPY wiper malware were found on computers belonging to the South Korean government and military organizations whose security was breached by APT37's DOGCALL backdoor. The last traces of RUHAPPY's activities date back to 2017 so that it is not clear whether the threat actors are using this wiper malware currently.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.