33 matches found
Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware
The North Korean state-sponsored hacking group known as ScarCruft aka APT37 has been observed using spear-phishing messages impersonating Microsoft Account security notifications to deliver a new malware called NarwhalRAT. "The attack email contained a message impersonating an MS account security...
ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows
The North Korea-aligned state-sponsored hacking group known as ScarCruft has compromised a video game platform in a supply chain espionage attack, trojanizing its components with a backdoor called BirdCall to likely target ethnic Koreans residing in China. While prior versions of the backdoor hav...
ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks
The North Korean threat actor known as ScarCruft has been attributed to a fresh set of tools, including a backdoor that uses Zoho WorkDrive for command-and-control C2 communications to fetch more payloads and an implant that uses removable media to relay commands and breach air-gapped networks. T...
North Korea’s ScarCruft Targets Academics With RokRAT Malware
A new report reveals North Korea-linked ScarCruft is using RokRAT malware to target academics in a phishing campaign.…...
ScarCruft Uses RokRAT Malware in Operation HanKook Phantom Targeting South Korean Academics
Cybersecurity researchers have discovered a new phishing campaign undertaken by the North Korea-linked hacking group called ScarCruft aka APT37 to deliver a malware known as RokRAT. The activity has been codenamed Operation HanKook Phantom by Seqrite Labs, stating the attacks appear to target...
North Korean Group ScarCruft Expands From Spying to Ransomware Attacks
North Korean hackers ScarCruft shift from spying to ransomware, using VCD malware in phishing attacks, targeting South Korea…...
North Korea's ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps
The North Korea-linked threat actor known as ScarCruft is said to have been behind a never-before-seen Android surveillance tool named KoSpy targeting Korean and English-speaking users. Lookout, which shared details of the malware campaign, said the earliest versions date back to March 2022. The...
North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware
The North Korean threat actor known as ScarCruft has been linked to the zero-day exploitation of a now-patched security flaw in Windows to infect devices with malware known as RokRAT. The vulnerability in question is CVE-2024-38178 CVSS score: 7.5, a memory corruption bug in the Scripting Engine...
PT-2024-5547
Name of the Vulnerable Software and Affected Versions Microsoft Edge versions prior to the fixed version Microsoft Windows 10 version 1507 prior to 10.0.10240.20751 Description The vulnerability is related to a memory corruption issue in the Windows Scripting Engine, which can be exploited by...
ScarCruft Unleashes Tailored Attacks on Cybersecurity Frontlines
Summary: The ScarCruft APT group is actively targeting attacks on media organizations and individuals in the realm of threat intelligence. ScarCruft employs persistent tactics, using phishing emails to deliver RokRAT, a custom-designed backdoor. Threat Level - Amber | Attack Report For a detailed...
North Korean Hackers Weaponize Fake Research to Deliver RokRAT Backdoor
Media organizations and high-profile experts in North Korean affairs have been at the receiving end of a new campaign orchestrated by a threat actor known as ScarCruft in December 2023. "ScarCruft has been experimenting with new infection chains, including the use of a technical threat research...
North Korean Hackers Targets Russian Missile Engineering Firm
Two different North Korean nation-state actors have been linked to a cyber intrusion against NPO Mashinostroyeniya, a major Russian missile engineering company. Cybersecurity firm SentinelOne said it identified "two instances of North Korea related compromise of sensitive internal IT...
ScarCruft Hackers Exploit Ably Service for Stealthy Wiretapping Attacks
The North Korean threat actor known as ScarCruft has been observed using an information-stealing malware with previously undocumented wiretapping features as well as a backdoor developed using Golang that exploits the Ably real-time messaging service. "The threat actor sent their commands through...
ScarCruft Hackers Exploit Ably Service for Stealthy Wiretapping Attacks
The North Korean threat actor known as ScarCruft has been observed using an information-stealing malware with previously undocumented wiretapping features as well as a backdoor developed using Golang that exploits the Ably real-time messaging service. "The threat actor sent their commands through...
N. Korean ScarCruft Hackers Exploit LNK Files to Spread RokRAT
Cybersecurity researchers have offered a closer look at the RokRAT remote access trojan that's employed by the North Korean state-sponsored actor known as ScarCruft. "RokRAT is a sophisticated remote access trojan RAT that has been observed as a critical component within the attack chain, enablin...
N. Korean ScarCruft Hackers Exploit LNK Files to Spread RokRAT
Cybersecurity researchers have offered a closer look at the RokRAT remote access trojan that's employed by the North Korean state-sponsored actor known as ScarCruft. "RokRAT is a sophisticated remote access trojan RAT that has been observed as a critical component within the attack chain, enablin...
North Korea's ScarCruft Deploys RokRAT Malware via LNK File Infection Chains
The North Korean threat actor known as ScarCruft started experimenting with oversized LNK files as a delivery route for RokRAT malware as early as July 2022, the same month Microsoft began blocking macros across Office documents by default. "RokRAT has not changed significantly over the years, bu...
North Korea's ScarCruft Deploys RokRAT Malware via LNK File Infection Chains
The North Korean threat actor known as ScarCruft started experimenting with oversized LNK files as a delivery route for RokRAT malware as early as July 2022, the same month Microsoft began blocking macros across Office documents by default. "RokRAT has not changed significantly over the years, bu...
Tonto Team Uses Anti-Malware File to Launch Attacks on South Korean Institutions
South Korean education, construction, diplomatic, and political institutions are at the receiving end of new attacks perpetrated by a China-aligned threat actor known as the Tonto Team. "Recent cases have revealed that the group is using a file related to anti-malware products to ultimately execu...
ScarCruft's Evolving Arsenal: Researchers Reveal New Malware Distribution Techniques
The North Korean advanced persistent threat APT actor dubbed ScarCruft is using weaponized Microsoft Compiled HTML Help CHM files to download additional malware onto targeted machines. According to multiple reports from AhnLab Security Emergency response Center ASEC, SEKOIA.IO, and Zscaler, the...