Hackread.comNorth Korea-linked ScarCruft is using spear-phishing with RokRAT malware to spy on academics, dubbed the #HanKookPhantom campaign.
Read: https://hackread.com/north-korea-scarcruft-target-academics-rokrat-malware/
TechNaduScarCruft (APT37) is running Operation HanKook Phantom → phishing South Korean academics w/ RokRAT malware.
🔹 LNK loaders + fileless PowerShell
🔹 Exfil via Dropbox & GDrive
🔹 Goal: espionage & persistence
💬 Should academia ramp up defenses to enterprise SOC levels, or is that unrealistic?
Follow @technadu for more threat intel.
#CyberSecurity #APT37 #ScarCruft #RokRAT #Phishing #ThreatIntel
North Korean elite hackers from #ScarCruft group have moved from spying to ransomware, using VCD malware in phishing attacks, targeting #SouthKorea with advanced tools.
Read: https://hackread.com/north-korean-group-scarcruft-spying-ransomware-attacks/
#CyberSecurity #NorthKorea #VCDRansomware #Malware #Ransowmare
securityaffairs
lazarusholic"An exploratory analysis of the DPRK cyber threat landscape using publicly available reports" published by lazarusholic. #Andariel, #BlueNoroff, #Kimsuky, #Konni, #Lazarus, #ScarCruft, #DPRK, #CTI https://link.springer.com/article/10.1007/s10207-025-00980-x
An exploratory analysis of the DPRK cyber threat landscape using publicly available reports - International Journal of Information Security
Cyber activities have evolved to mirror real-world operations, prompting state-sponsored intelligence agencies to pivot swiftly to cyberspace. Notably, Democratic People’s Republic of Korea (DPRK) state-sponsored threat actors have emerged as significant global players, targeted not only the Republic of Korea but also engaged in espionage activities worldwide. Their activities have expanded to include ransomware distribution and cryptocurrency heists, indicating a pursuit of financial gain. To comprehensively understand and track their activities, the research utilized exploratory analysis of publicly available reports. This research involved meticulous analysis of over 2000 publicly available reports spanning a significant period from 2009 to May 2024. Our analysis focused on identifying the code names employed in these reports to denote DPRK state-sponsored threat actors. By analyzing the naming conventions used by cyber threat intelligence companies, the study clustered groups believed to represent the same entity. This approach identified 160 distinct code names for these actors. Additionally, the threat actors were categorized into seven widely recognized groups in the threat intelligence industry. Furthermore, 154 notable incidents attributed to these actors were extracted and documented. Detailed analysis of these incidents, including motivations, targeted sectors, and related factors, provided valuable insights into the evolving tactics of DPRK state-sponsored threat actors. In a concerted effort to contribute to the cybersecurity community, our findings have been openly shared as a dataset and presented through a dedicated website for easy access. This initiative aims to significantly enhance the understanding of researchers interested in their activities. The dataset, now publicly available, serves as a valuable resource for researchers seeking comprehensive material on their activities. Openly sharing the findings aims to foster collaboration and further research in the cybersecurity community to effectively combat emerging threats.
TheDoctorZiel sind vor allem südkoreanische Menschenrechtsaktivisten und politische Einrichtungen in Europa. #CyberSecurity #ScarCruft #RokRAT #ZeroDay
TheDoctorDie nordkoreanische Hackergruppe ScarCruft startet eine neue Cyber-Überwachungskampagne, die eine Zero-Day-Schwachstelle im Internet Explorer ausnutzt, um RokRAT-Malware zu verbreiten. Über 'Toast'-Pop-up-Werbung wird der Schadcode ohne Benutzerinteraktion ausgeführt. Ziel sind vor allem südkoreanische Menschenrechtsaktivisten und politische Einrichtungen in Europa. #CyberSecurity #ScarCruft #RokRAT #ZeroDay
"Introduction to the North Korea-backed Scarcruft ROKRAT Malware Cluster" published by S2W. #CloudMensis, #RokRAT, #ScarCruft, #DPRK, #CTI https://www.s2w.inc/en/resource/detail/678
"ESET APT Activity Report Q2 2024–Q3 2024" published by ESET. #CitrineSleet, #Kimsuky, #Lazarus, #ScarCruft, #Trend, #DPRK, #CTI https://www.welivesecurity.com/en/eset-research/eset-apt-activity-report-q2-2024-q3-2024/
gtbarryMalicious ads exploited Internet Explorer zero day to drop malware
The North Korean hacking group ScarCruft launched a large-scale attack in May that leveraged an Internet Explorer zero-day flaw to infect targets with the RokRAT malware and exfiltrate data.
#Microsoft #InternetExplorer #zeroday #northkorea #ScarCruft #malware #security #cybersecurity #infosec #hackers #hacking #hacked
