Lucene search
K

33 matches found

The Hacker News
The Hacker News
added 2026/06/16 8:14 a.m.15 views

Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware

The North Korean state-sponsored hacking group known as ScarCruft aka APT37 has been observed using spear-phishing messages impersonating Microsoft Account security notifications to deliver a new malware called NarwhalRAT. "The attack email contained a message impersonating an MS account security...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/05 9:7 a.m.11 views

ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows

The North Korea-aligned state-sponsored hacking group known as ScarCruft has compromised a video game platform in a supply chain espionage attack, trojanizing its components with a backdoor called BirdCall to likely target ethnic Koreans residing in China. While prior versions of the backdoor hav...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/27 12:43 p.m.9 views

ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks

The North Korean threat actor known as ScarCruft has been attributed to a fresh set of tools, including a backdoor that uses Zoho WorkDrive for command-and-control C2 communications to fetch more payloads and an implant that uses removable media to relay commands and breach air-gapped networks. T...

6.3AI score
Exploits0
HackRead
HackRead
added 2025/09/01 5:21 p.m.3 views

North Korea’s ScarCruft Targets Academics With RokRAT Malware

A new report reveals North Korea-linked ScarCruft is using RokRAT malware to target academics in a phishing campaign.…...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/09/01 8:26 a.m.4 views

ScarCruft Uses RokRAT Malware in Operation HanKook Phantom Targeting South Korean Academics

Cybersecurity researchers have discovered a new phishing campaign undertaken by the North Korea-linked hacking group called ScarCruft aka APT37 to deliver a malware known as RokRAT. The activity has been codenamed Operation HanKook Phantom by Seqrite Labs, stating the attacks appear to target...

7AI score
Exploits0
HackRead
HackRead
added 2025/08/11 11:15 a.m.4 views

North Korean Group ScarCruft Expands From Spying to Ransomware Attacks

North Korean hackers ScarCruft shift from spying to ransomware, using VCD malware in phishing attacks, targeting South Korea…...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/13 2:23 p.m.13 views

North Korea's ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps

The North Korea-linked threat actor known as ScarCruft is said to have been behind a never-before-seen Android surveillance tool named KoSpy targeting Korean and English-speaking users. Lookout, which shared details of the malware campaign, said the earliest versions date back to March 2022. The...

6.4AI score
Exploits0
The Hacker News
The Hacker News
added 2024/10/16 10:50 a.m.65 views

North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware

The North Korean threat actor known as ScarCruft has been linked to the zero-day exploitation of a now-patched security flaw in Windows to infect devices with malware known as RokRAT. The vulnerability in question is CVE-2024-38178 CVSS score: 7.5, a memory corruption bug in the Scripting Engine...

8.8CVSS8.3AI score0.39196EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/08/13 12:0 a.m.4 views

PT-2024-5547

Name of the Vulnerable Software and Affected Versions Microsoft Edge versions prior to the fixed version Microsoft Windows 10 version 1507 prior to 10.0.10240.20751 Description The vulnerability is related to a memory corruption issue in the Windows Scripting Engine, which can be exploited by...

7.6CVSS9.8AI score0.39196EPSS
Exploits0References113
hivepro
hivepro
added 2024/01/24 9:28 a.m.9 views

ScarCruft Unleashes Tailored Attacks on Cybersecurity Frontlines

Summary: The ScarCruft APT group is actively targeting attacks on media organizations and individuals in the realm of threat intelligence. ScarCruft employs persistent tactics, using phishing emails to deliver RokRAT, a custom-designed backdoor. Threat Level - Amber | Attack Report For a detailed...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2024/01/22 4:47 p.m.43 views

North Korean Hackers Weaponize Fake Research to Deliver RokRAT Backdoor

Media organizations and high-profile experts in North Korean affairs have been at the receiving end of a new campaign orchestrated by a threat actor known as ScarCruft in December 2023. "ScarCruft has been experimenting with new infection chains, including the use of a technical threat research...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2023/08/07 1:56 p.m.35 views

North Korean Hackers Targets Russian Missile Engineering Firm

Two different North Korean nation-state actors have been linked to a cyber intrusion against NPO Mashinostroyeniya, a major Russian missile engineering company. Cybersecurity firm SentinelOne said it identified "two instances of North Korea related compromise of sensitive internal IT...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/06/21 4:16 p.m.5 views

ScarCruft Hackers Exploit Ably Service for Stealthy Wiretapping Attacks

The North Korean threat actor known as ScarCruft has been observed using an information-stealing malware with previously undocumented wiretapping features as well as a backdoor developed using Golang that exploits the Ably real-time messaging service. "The threat actor sent their commands through...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2023/06/21 4:16 p.m.31 views

ScarCruft Hackers Exploit Ably Service for Stealthy Wiretapping Attacks

The North Korean threat actor known as ScarCruft has been observed using an information-stealing malware with previously undocumented wiretapping features as well as a backdoor developed using Golang that exploits the Ably real-time messaging service. "The threat actor sent their commands through...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/06/01 6:58 a.m.31 views

N. Korean ScarCruft Hackers Exploit LNK Files to Spread RokRAT

Cybersecurity researchers have offered a closer look at the RokRAT remote access trojan that's employed by the North Korean state-sponsored actor known as ScarCruft. "RokRAT is a sophisticated remote access trojan RAT that has been observed as a critical component within the attack chain, enablin...

7.9AI score
Exploits0
The Hacker News
The Hacker News
added 2023/06/01 6:58 a.m.5 views

N. Korean ScarCruft Hackers Exploit LNK Files to Spread RokRAT

Cybersecurity researchers have offered a closer look at the RokRAT remote access trojan that's employed by the North Korean state-sponsored actor known as ScarCruft. "RokRAT is a sophisticated remote access trojan RAT that has been observed as a critical component within the attack chain, enablin...

7.6AI score
Exploits0
The Hacker News
The Hacker News
added 2023/05/02 6:54 a.m.3 views

North Korea's ScarCruft Deploys RokRAT Malware via LNK File Infection Chains

The North Korean threat actor known as ScarCruft started experimenting with oversized LNK files as a delivery route for RokRAT malware as early as July 2022, the same month Microsoft began blocking macros across Office documents by default. "RokRAT has not changed significantly over the years, bu...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2023/05/02 6:54 a.m.31 views

North Korea's ScarCruft Deploys RokRAT Malware via LNK File Infection Chains

The North Korean threat actor known as ScarCruft started experimenting with oversized LNK files as a delivery route for RokRAT malware as early as July 2022, the same month Microsoft began blocking macros across Office documents by default. "RokRAT has not changed significantly over the years, bu...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/04/28 6:44 a.m.52 views

Tonto Team Uses Anti-Malware File to Launch Attacks on South Korean Institutions

South Korean education, construction, diplomatic, and political institutions are at the receiving end of new attacks perpetrated by a China-aligned threat actor known as the Tonto Team. "Recent cases have revealed that the group is using a file related to anti-malware products to ultimately execu...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2023/03/22 12:24 p.m.3 views

ScarCruft's Evolving Arsenal: Researchers Reveal New Malware Distribution Techniques

The North Korean advanced persistent threat APT actor dubbed ScarCruft is using weaponized Microsoft Compiled HTML Help CHM files to download additional malware onto targeted machines. According to multiple reports from AhnLab Security Emergency response Center ASEC, SEKOIA.IO, and Zscaler, the...

7AI score
Exploits0
Rows per page
Query Builder