North Korean state-sponsored threat operation APT37, also known as ScarCruft, has targeted South Korean national security organizations as part of a new cyberespionage campaign, according to The Record.
Malicious emails either detailing North Korean troop deployment to Russia or purporting to be a national security conference invitation have been sent by APT37 to spread Dropbox links with nefarious code enabling the eventual deployment of the RokRAT malware, which features system information gathering and screenshot capturing capabilities, a report from South Korean cybersecurity firm Genians showed. Numerous Yandex email accounts have also been used in the attack campaign but further investigation is still needed to determine their association although Dropbox, Yandex, and other cloud services have been leveraged by APT37 in previous attacks. Such a development comes months after South Korean academics and a North Korean-focused news organization were targeted by APT37. Fellow North Korean threat group TA406 was also reported to have launched intrusions against Ukrainian government organizations.
Malicious emails either detailing North Korean troop deployment to Russia or purporting to be a national security conference invitation have been sent by APT37 to spread Dropbox links with nefarious code enabling the eventual deployment of the RokRAT malware, which features system information gathering and screenshot capturing capabilities, a report from South Korean cybersecurity firm Genians showed. Numerous Yandex email accounts have also been used in the attack campaign but further investigation is still needed to determine their association although Dropbox, Yandex, and other cloud services have been leveraged by APT37 in previous attacks. Such a development comes months after South Korean academics and a North Korean-focused news organization were targeted by APT37. Fellow North Korean threat group TA406 was also reported to have launched intrusions against Ukrainian government organizations.
