Cybersecurity researchers have uncovered a sophisticated phishing campaign by North Korea-linked group ScarCruft (APT37), targeting South Korean officials and researchers with malware known as RokRAT. The campaign involves tailored spear-phishing emails with malicious LNK files, aimed at espionage and sensitive data theft. #ScarCruft #RokRAT
Keypoints
- ScarCruft (APT37) is conducting targeted spear-phishing campaigns against South Korean individuals and organizations.
- The malicious emails often contain ZIP files with LNK shortcuts that deploy RokRAT malware when opened.
- RokRAT can exfiltrate data, capture screenshots, and execute commands remotely, using cloud services for data transfer.
- Threat actors also utilize PowerShell scripts and fileless techniques for deploying additional payloads covertly.
- The campaigns highlight ongoing long-term espionage efforts by North Korean cyber groups focusing on intelligence gathering.
Read More: https://thehackernews.com/2025/09/scarcruft-uses-rokrat-malware-in.html