North Korean state-sponsored threat actor ScarCruft, also known as APT37, Ruby Sleet, Ricochet Chollima, InkySquid, and RedEyes, has targeted media outfits and individuals knowledgeable in North Korean affairs in a new attack campaign deploying the RokRAT backdoor, The Hacker News reports.
Attacks involved the delivery of emails purportedly from a member of a North Korea Research Institute that lured targets into opening a ZIP archive file, which included malicious Windows shortcut files for RokRAT backdoor deployment, a report from SentinelOne showed. Opening the news.lnk file enabled the execution of a shellcode that would eventually prompt RokRAT delivery. However, researchers noted that active use of such infection method has yet to be discovered.
"ScarCruft remains committed to acquiring strategic intelligence and possibly intends to gain insights into non-public cyber threat intelligence and defense strategies. This enables the adversary to gain a better understanding of how the international community perceives developments in North Korea, thereby contributing to North Korea's decision-making processes," said researchers.
New variants of the QBot malware, also known as Qakbot, have emerged since mid-December despite having been disrupted in August, suggesting continuous testing by the malware developer, BleepingComputer reports.
More than $10 billion in fraud-related losses were reported by U.S. consumers for the first time in 2023, representing a 14% growth over 2022, even though the number of individuals who reported being targeted by fraud held steady at over 2.6 million, BleepingComputer reports.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news