ScarCruft
Coverage of ScarCruft in the Nexus archive.
- Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware
The North Korean state-sponsored hacking group ScarCruft (APT37) used spear-phishing emails impersonating Microsoft Account security alerts to deploy NarwhalRAT malware, as reported by Genians Security Center. The attack aimed to exploit concerns over possible account security issues.
- ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows
The ScarCruft hacking group has compromised a gaming platform, deploying BirdCall malware on Android and Windows to target ethnic Koreans in China. The attack is a supply chain espionage effort. Prior versions of the backdoor primarily targeted Windows users.
- North Korea's APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware
North Korea's hacking group APT37 (ScarCruft) conducted a social engineering campaign via Facebook, using friend requests to deliver RokRAT malware. The multi-stage attack exploited trust-building on the platform to deploy a remote access trojan.