A hacker group called APT37, also known as ScarCruft, has launched a new espionage campaign targeting organizations in South Korea with interests in national security. The group uses phishing emails with Dropbox links to distribute malware and gather intelligence, often employing social engineering tactics.
Affected: South Korean organizations, North Korea-focused think tanks, government entities, private companies.
Affected: South Korean organizations, North Korea-focused think tanks, government entities, private companies.
Keypoints
- APT37, a North Korea-sponsored hacking group also known as ScarCruft, is conducting a new espionage campaign in South Korea.
- The group impersonates experts and think tanks to lure victims into opening phishing emails with Dropbox links.
- The emails contain information on North Korean military deployments and fake conference invitations to deceive targets.
- Malicious code embedded in the emails triggers PowerShell commands to deploy RoKRAT malware for data collection.
- APT37 has a history of using cloud services like Dropbox, Yandex, OneDrive, and Google Drive to distribute malware.
- The group may be connected to North Koreaβs Ministry of State Security and employs social engineering tactics extensively.
- Similar campaigns have targeted Ukrainian government entities and South Korean academic and media outlets, indicating broad regional cyber-espionage activity.
Read More: https://therecord.media/apt37-scarcruft-cyber-espionage-campaign-south-korea