Tag: RoKRAT
-
Rigged Game: How North Korea’s ScarCruft Group Infiltrated a Gaming Platform to Deploy BirdCall Spyware
The seemingly innocuous download of a mobile game could culminate in a smartphone being compromised by sophisticated spyware. Researchers at ESET have revealed that the ScarCruft group, widely associated with North Korea, infiltrated a gaming platform catering to ethnic Koreans in the Yanbian region of China, embedding the BirdCall backdoor within its infrastructure. The breach…
-
Operation Artemis: North Korean ScarCruft Hijacks HWP Files to Deploy RoKRAT
As part of a large-scale malware campaign dubbed Operation Artemis, the North Korean hacking group APT37—also known as ScarCruft—employed sophisticated attack techniques leveraging South Korea’s HWP word processor and DLL side-loading. The operation targeted South Korean professionals, primarily those working in politics, media, and international affairs. Initial access was achieved through phishing emails masquerading as…
-
North Korean Hackers Launch Widespread Cyberespionage Campaign
The North Korean threat group APT37 (also known as ScarCruft, InkySquid, Reaper, and Ricochet Chollima) has launched a sweeping espionage campaign under the codename Operation HanKook Phantom, targeting government and research organizations in South Korea and across the wider region. Researchers at Seqrite uncovered that the attackers distribute counterfeit documents disguised as bulletins from the…
-
APT37’s Stealthy RoKRAT Malware Uses Steganography in JPEGs to Evade Detection
Experts at the Genians Security Center have uncovered a sophisticated new variant of the RoKRAT malware, attributed to the North Korean threat group APT37. This latest iteration employs an unusually covert method of hiding malicious code—embedding it within ordinary JPEG images. By leveraging this technique, RoKRAT evades conventional antivirus solutions, as its payload is never…