#apt37 — Public Fediverse posts

Python Backdoor Threat Analysis Following an AI Deepfake Impersonation Campaign

A sophisticated campaign linked to APT37 delivers Python-based backdoors through spear-phishing emails containing malicious LNK files disguised as legitimate documents. Attackers use themes including airline e-tickets, North Korea research invitations, and impersonation of defense and police officials to induce execution. The LNK files employ environment variable-based obfuscation techniques to download additional BAT files, which establish a Python runtime environment and execute compiled Python bytecode disguised with .cat extensions. The malware functions as a remote command execution backdoor, communicating with C2 servers to receive commands and exfiltrate results. Persistence is maintained through scheduled tasks executing at one-minute intervals. The campaign shows strong tactical similarities to previous APT37 operations, including infrastructure patterns, script obfuscation methods, and the abuse of legitimate tools.

Pulse ID: 6a04a9a090a64de310cb0568
Pulse Link: https://otx.alienvault.com/pulse/6a04a9a090a64de310cb0568
Pulse Author: AlienVault
Created: 2026-05-13 16:41:04

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#APT37 #BackDoor #CyberSecurity #Email #InfoSec #Korea #LNK #Malware #NorthKorea #OTX #OpenThreatExchange #Phishing #Python #RAT #RemoteCommandExecution #SpearPhishing #bot #AlienVault

Python Backdoor Threat Analysis Following an AI Deepfake Impersonation Campaign

A sophisticated campaign linked to APT37 delivers Python-based backdoors through spear-phishing emails containing malicious LNK files disguised as legitimate documents. Attackers use themes including airline e-tickets, North Korea research invitations, and impersonation of defense and police officials to induce execution. The LNK files employ environment variable-based obfuscation techniques to download additional BAT files, which establish a Python runtime environment and execute compiled Python bytecode disguised with .cat extensions. The malware functions as a remote command execution backdoor, communicating with C2 servers to receive commands and exfiltrate results. Persistence is maintained through scheduled tasks executing at one-minute intervals. The campaign shows strong tactical similarities to previous APT37 operations, including infrastructure patterns, script obfuscation methods, and the abuse of legitimate tools.

Pulse ID: 6a04a9a090a64de310cb0568
Pulse Link: https://otx.alienvault.com/pulse/6a04a9a090a64de310cb0568
Pulse Author: AlienVault
Created: 2026-05-13 16:41:04

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#APT37 #BackDoor #CyberSecurity #Email #InfoSec #Korea #LNK #Malware #NorthKorea #OTX #OpenThreatExchange #Phishing #Python #RAT #RemoteCommandExecution #SpearPhishing #bot #AlienVault

Python Backdoor Threat Analysis Following an AI Deepfake Impersonation Campaign

A sophisticated campaign linked to APT37 delivers Python-based backdoors through spear-phishing emails containing malicious LNK files disguised as legitimate documents. Attackers use themes including airline e-tickets, North Korea research invitations, and impersonation of defense and police officials to induce execution. The LNK files employ environment variable-based obfuscation techniques to download additional BAT files, which establish a Python runtime environment and execute compiled Python bytecode disguised with .cat extensions. The malware functions as a remote command execution backdoor, communicating with C2 servers to receive commands and exfiltrate results. Persistence is maintained through scheduled tasks executing at one-minute intervals. The campaign shows strong tactical similarities to previous APT37 operations, including infrastructure patterns, script obfuscation methods, and the abuse of legitimate tools.

Pulse ID: 6a04a9a090a64de310cb0568
Pulse Link: https://otx.alienvault.com/pulse/6a04a9a090a64de310cb0568
Pulse Author: AlienVault
Created: 2026-05-13 16:41:04

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#APT37 #BackDoor #CyberSecurity #Email #InfoSec #Korea #LNK #Malware #NorthKorea #OTX #OpenThreatExchange #Phishing #Python #RAT #RemoteCommandExecution #SpearPhishing #bot #AlienVault

Python Backdoor Threat Analysis Following an AI Deepfake Impersonation Campaign

A sophisticated campaign linked to APT37 delivers Python-based backdoors through spear-phishing emails containing malicious LNK files disguised as legitimate documents. Attackers use themes including airline e-tickets, North Korea research invitations, and impersonation of defense and police officials to induce execution. The LNK files employ environment variable-based obfuscation techniques to download additional BAT files, which establish a Python runtime environment and execute compiled Python bytecode disguised with .cat extensions. The malware functions as a remote command execution backdoor, communicating with C2 servers to receive commands and exfiltrate results. Persistence is maintained through scheduled tasks executing at one-minute intervals. The campaign shows strong tactical similarities to previous APT37 operations, including infrastructure patterns, script obfuscation methods, and the abuse of legitimate tools.

Pulse ID: 6a04a9a090a64de310cb0568
Pulse Link: https://otx.alienvault.com/pulse/6a04a9a090a64de310cb0568
Pulse Author: AlienVault
Created: 2026-05-13 16:41:04

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#APT37 #BackDoor #CyberSecurity #Email #InfoSec #Korea #LNK #Malware #NorthKorea #OTX #OpenThreatExchange #Phishing #Python #RAT #RemoteCommandExecution #SpearPhishing #bot #AlienVault

Python Backdoor Threat Analysis Following an AI Deepfake Impersonation Campaign

A sophisticated campaign linked to APT37 delivers Python-based backdoors through spear-phishing emails containing malicious LNK files disguised as legitimate documents. Attackers use themes including airline e-tickets, North Korea research invitations, and impersonation of defense and police officials to induce execution. The LNK files employ environment variable-based obfuscation techniques to download additional BAT files, which establish a Python runtime environment and execute compiled Python bytecode disguised with .cat extensions. The malware functions as a remote command execution backdoor, communicating with C2 servers to receive commands and exfiltrate results. Persistence is maintained through scheduled tasks executing at one-minute intervals. The campaign shows strong tactical similarities to previous APT37 operations, including infrastructure patterns, script obfuscation methods, and the abuse of legitimate tools.

Pulse ID: 6a04a9a090a64de310cb0568
Pulse Link: https://otx.alienvault.com/pulse/6a04a9a090a64de310cb0568
Pulse Author: AlienVault
Created: 2026-05-13 16:41:04

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#APT37 #BackDoor #CyberSecurity #Email #InfoSec #Korea #LNK #Malware #NorthKorea #OTX #OpenThreatExchange #Phishing #Python #RAT #RemoteCommandExecution #SpearPhishing #bot #AlienVault

APT37 Targets Android Devices with BirdCall Malware

Pulse ID: 69fba09cc8c1a2797734624e
Pulse Link: https://otx.alienvault.com/pulse/69fba09cc8c1a2797734624e
Pulse Author: cryptocti
Created: 2026-05-06 20:12:12

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#APT37 #Android #CyberSecurity #InfoSec #Malware #OTX #OpenThreatExchange #bot #cryptocti

APT37 Targets Android Devices with BirdCall Malware

Pulse ID: 69fba09cc8c1a2797734624e
Pulse Link: https://otx.alienvault.com/pulse/69fba09cc8c1a2797734624e
Pulse Author: cryptocti
Created: 2026-05-06 20:12:12

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#APT37 #Android #CyberSecurity #InfoSec #Malware #OTX #OpenThreatExchange #bot #cryptocti

APT37 Targets Android Devices with BirdCall Malware

Pulse ID: 69fba09cc8c1a2797734624e
Pulse Link: https://otx.alienvault.com/pulse/69fba09cc8c1a2797734624e
Pulse Author: cryptocti
Created: 2026-05-06 20:12:12

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#APT37 #Android #CyberSecurity #InfoSec #Malware #OTX #OpenThreatExchange #bot #cryptocti

APT37 Targets Android Devices with BirdCall Malware

Pulse ID: 69fba09cc8c1a2797734624e
Pulse Link: https://otx.alienvault.com/pulse/69fba09cc8c1a2797734624e
Pulse Author: cryptocti
Created: 2026-05-06 20:12:12

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#APT37 #Android #CyberSecurity #InfoSec #Malware #OTX #OpenThreatExchange #bot #cryptocti

APT37 Targets Android Devices with BirdCall Malware

Pulse ID: 69fba09cc8c1a2797734624e
Pulse Link: https://otx.alienvault.com/pulse/69fba09cc8c1a2797734624e
Pulse Author: cryptocti
Created: 2026-05-06 20:12:12

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#APT37 #Android #CyberSecurity #InfoSec #Malware #OTX #OpenThreatExchange #bot #cryptocti

📰 North Korean APT ScarCruft Hits Gaming Platform in Supply-Chain Attack

North Korean APT ScarCruft (APT37) targets gamers in a supply-chain attack, compromising a gaming site to distribute Android spyware. The 'BirdCall' backdoor spies on ethnic Koreans in China. 🕵️‍♂️ #APT37 #ScarCruft #CyberSecurity #Android

🔗 https://cyber.netsecops.io

📰 North Korean APT ScarCruft Hits Gaming Platform in Supply-Chain Attack

North Korean APT ScarCruft (APT37) targets gamers in a supply-chain attack, compromising a gaming site to distribute Android spyware. The 'BirdCall' backdoor spies on ethnic Koreans in China. 🕵️‍♂️ #APT37 #ScarCruft #CyberSecurity #Android

🔗 https://cyber.netsecops.io

ScarCruft APT Exploits Yanbian Gaming Platform for Intelligence Gathering

Meet ScarCruft, a notorious North Korea-aligned espionage group that's been caught exploiting a popular gaming platform in China to gather intel on its users. The group trojanized a site serving traditional Yanbian-themed games, compromising both Windows and Android software.

https://osintsights.com/scarcruft-apt-exploits-yanbian-gaming-platform-for-intelligence-gathering?utm_source=mastodon&utm_medium=social

#Scarcruft #Apt37 #SupplyChain #Espionage #NationState

ScarCruft hackers deploy BirdCall malware via gaming platform.

North Korean hackers APT37, also known as ScarCruft, have cleverly expanded their BirdCall malware to target Android devices, adapting their Windows backdoor to spy on mobile users. They even used a popular gaming platform to sneak the malware onto unsuspecting devices.

https://osintsights.com/scarcruft-hackers-deploy-birdcall-malware-via-gaming-platform?utm_source=mastodon&utm_medium=social

#Apt37 #Scarcruft #RicochetChollima #BirdcallMalware #AndroidSpyware

AI-Assisted Code Targets Crypto Wallets via Malicious npm Dependency

Researchers have uncovered a sneaky malicious npm campaign, dubbed PromptMink, linked to North Korean hackers Famous Chollima, which targets crypto developers with fake utility packages that secretly steal sensitive info and funds. The campaign's clever tactics even involve an AI-assisted code commit to fly under the radar.

https://osintsights.com/ai-assisted-code-targets-crypto-wallets-via-malicious-npm-dependency?utm_source=mastodon&utm_medium=social

#MaliciousNpmDependency #AiassistedCode #CryptoWallets #FamousChollima #Apt37

APT37’s Pretexting-Based Targeted Intrusion: Analysis of Facebook Reconnaissance and Software Tampering Attacks
#APT37
https://www.genians.co.kr/en/blog/threat_intelligence/pretexting

APT37’s Pretexting-Based Targeted Intrusion: Analysis of Facebook Reconnaissance and Software Tampering Attacks
#APT37
https://www.genians.co.kr/en/blog/threat_intelligence/pretexting

APT37’s Pretexting-Based Targeted Intrusion: Analysis of Facebook Reconnaissance and Software Tampering Attacks
#APT37
https://www.genians.co.kr/en/blog/threat_intelligence/pretexting

APT37’s Pretexting-Based Targeted Intrusion: Analysis of Facebook Reconnaissance and Software Tampering Attacks
#APT37
https://www.genians.co.kr/en/blog/threat_intelligence/pretexting

APT37’s Pretexting-Based Targeted Intrusion: Analysis of Facebook Reconnaissance and Software Tampering Attacks
#APT37
https://www.genians.co.kr/en/blog/threat_intelligence/pretexting

Pretexting-Based Targeted Intrusion: Analysis of Facebook Reconnaissance and Software Tampering Attacks

APT37 conducted a sophisticated social engineering campaign utilizing Facebook accounts claiming locations in Pyongyang and Pyongsong, North Korea, to conduct reconnaissance and build trust with targets. After establishing relationships through Facebook Messenger, the threat actor migrated conversations to Telegram and employed pretexting tactics, claiming to share encrypted PDF documents containing military weapons information. Victims were persuaded to install a tampered Wondershare PDFelement installer that executed embedded shellcode for initial compromise. The attack chain delivered follow-on commands through a JPG-disguised payload hosted on a compromised Japanese real estate website. The malware abused Zoho WorkDrive OAuth2 APIs as C2 channels, exfiltrating screenshots, documents, system information, and audio files. The campaign employed multiple evasion techniques including code cave injection, process hollowing into legitimate dism.exe, XOR encryption layers, and fileless in-memory execution.

Pulse ID: 69de00eccc0fa8439b871c56
Pulse Link: https://otx.alienvault.com/pulse/69de00eccc0fa8439b871c56
Pulse Author: AlienVault
Created: 2026-04-14 08:55:08

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#APT37 #CyberSecurity #Encryption #Facebook #ICS #InfoSec #Japan #Korea #Malware #Military #NorthKorea #OTX #OpenThreatExchange #PDF #RAT #Rust #ShellCode #SocialEngineering #Telegram #bot #AlienVault

APT37 Exploits Facebook for RokRAT Malware Delivery

North Korean hackers APT37 have cleverly turned Facebook friend requests into a sneaky way to deliver RokRAT malware, exploiting our natural tendency to trust social connections. By accepting a friend request, victims unwittingly open the door to a remote access trojan that can compromise their device.

https://osintsights.com/apt37-exploits-facebook-for-rokrat-malware-delivery?utm_source=mastodon&utm_medium=social

#Apt37 #Rokrat #SocialEngineering #MalwareDelivery #NorthKorea

APT37 abusing .LNK files with GitHub-based C2 in targeted campaign against South Korean organizations and supply chain partners. Malicious shortcuts execute PowerShell, deploy XenoRAT for remote access and keylogging. Detection challenge: legitimate GitHub traffic masks command execution. Fortinet researchers identified deliberate targeting of financial services, defense contractors, critical infrastructure handling sensitive government contracts. #APT37...

https://bit.ly/4vdNa42

APT37 Adds New Capabilities for Air-Gapped Networks
#APT37 #RESTLEAF #SNAKEDROPPER #THUMBSBD #VIRUSTASK #BLUELIGHT
https://threatlabz.zscaler.com/blogs/security-research/apt37-adds-new-capabilities-air-gapped-networks

APT37 Adds New Capabilities for Air-Gapped Networks
#APT37 #RESTLEAF #SNAKEDROPPER #THUMBSBD #VIRUSTASK #BLUELIGHT
https://threatlabz.zscaler.com/blogs/security-research/apt37-adds-new-capabilities-air-gapped-networks

APT37 Adds New Capabilities for Air-Gapped Networks
#APT37 #RESTLEAF #SNAKEDROPPER #THUMBSBD #VIRUSTASK #BLUELIGHT
https://threatlabz.zscaler.com/blogs/security-research/apt37-adds-new-capabilities-air-gapped-networks

APT37 Adds New Capabilities for Air-Gapped Networks
#APT37 #RESTLEAF #SNAKEDROPPER #THUMBSBD #VIRUSTASK #BLUELIGHT
https://threatlabz.zscaler.com/blogs/security-research/apt37-adds-new-capabilities-air-gapped-networks

APT37 Adds New Capabilities for Air-Gapped Networks
#APT37 #RESTLEAF #SNAKEDROPPER #THUMBSBD #VIRUSTASK #BLUELIGHT
https://threatlabz.zscaler.com/blogs/security-research/apt37-adds-new-capabilities-air-gapped-networks

#APT37 hackers use new #malware to breach air-gapped networks

https://www.bleepingcomputer.com/news/security/apt37-hackers-use-new-malware-to-breach-air-gapped-networks/

#NorthKorea #cybersecurity #AirGap

#APT37 hackers use new #malware to breach air-gapped networks

https://www.bleepingcomputer.com/news/security/apt37-hackers-use-new-malware-to-breach-air-gapped-networks/

#NorthKorea #cybersecurity #AirGap

#APT37 hackers use new #malware to breach air-gapped networks

https://www.bleepingcomputer.com/news/security/apt37-hackers-use-new-malware-to-breach-air-gapped-networks/

#NorthKorea #cybersecurity #AirGap

#APT37 hackers use new #malware to breach air-gapped networks

https://www.bleepingcomputer.com/news/security/apt37-hackers-use-new-malware-to-breach-air-gapped-networks/

#NorthKorea #cybersecurity #AirGap

#APT37 hackers use new #malware to breach air-gapped networks

https://www.bleepingcomputer.com/news/security/apt37-hackers-use-new-malware-to-breach-air-gapped-networks/

#NorthKorea #cybersecurity #AirGap

APT37’s Ruby Jumper campaign demonstrates a mature approach to air-gap traversal.

Observed tradecraft includes:
• LNK-based initial execution
• Embedded PowerShell payload extraction
• Ruby interpreter abuse (v3.3.0)
• Scheduled task persistence (5-minute interval)
• USB-based covert bidirectional C2
• Multi-stage backdoor deployment
Toolset: RESTLEAF, SNAKEDROPPER, THUMBSBD, VIRUSTASK, FOOTWINE, BLUELIGHT.

The removable media relay model enables:
– Command staging offline
– Data exfiltration without internet access
– Lateral spread across isolated systems
– Surveillance via Windows spyware
This reinforces a critical point:
Air-gap controls must extend beyond physical disconnection — including USB governance, device auditing, behavioral monitoring, and strict runtime execution policies.

Are critical infrastructure operators prepared for USB-mediated C2 relays?

Source: https://www.bleepingcomputer.com/news/security/apt37-hackers-use-new-malware-to-breach-air-gapped-networks/

Engage below.

Follow TechNadu for high-signal threat intelligence insights.
Repost to elevate awareness.

#Infosec #APT37 #AirGapSecurity #ThreatModeling #MalwareAnalysis #NationStateThreats #USBExfiltration #SOC #DetectionEngineering #CyberDefense #OperationalSecurity #ThreatHunting #ZeroTrustArchitecture

APT37’s Ruby Jumper campaign demonstrates a mature approach to air-gap traversal.

Observed tradecraft includes:
• LNK-based initial execution
• Embedded PowerShell payload extraction
• Ruby interpreter abuse (v3.3.0)
• Scheduled task persistence (5-minute interval)
• USB-based covert bidirectional C2
• Multi-stage backdoor deployment
Toolset: RESTLEAF, SNAKEDROPPER, THUMBSBD, VIRUSTASK, FOOTWINE, BLUELIGHT.

The removable media relay model enables:
– Command staging offline
– Data exfiltration without internet access
– Lateral spread across isolated systems
– Surveillance via Windows spyware
This reinforces a critical point:
Air-gap controls must extend beyond physical disconnection — including USB governance, device auditing, behavioral monitoring, and strict runtime execution policies.

Are critical infrastructure operators prepared for USB-mediated C2 relays?

Source: https://www.bleepingcomputer.com/news/security/apt37-hackers-use-new-malware-to-breach-air-gapped-networks/

Engage below.

Follow TechNadu for high-signal threat intelligence insights.
Repost to elevate awareness.

#Infosec #APT37 #AirGapSecurity #ThreatModeling #MalwareAnalysis #NationStateThreats #USBExfiltration #SOC #DetectionEngineering #CyberDefense #OperationalSecurity #ThreatHunting #ZeroTrustArchitecture

APT37’s Ruby Jumper campaign demonstrates a mature approach to air-gap traversal.

Observed tradecraft includes:
• LNK-based initial execution
• Embedded PowerShell payload extraction
• Ruby interpreter abuse (v3.3.0)
• Scheduled task persistence (5-minute interval)
• USB-based covert bidirectional C2
• Multi-stage backdoor deployment
Toolset: RESTLEAF, SNAKEDROPPER, THUMBSBD, VIRUSTASK, FOOTWINE, BLUELIGHT.

The removable media relay model enables:
– Command staging offline
– Data exfiltration without internet access
– Lateral spread across isolated systems
– Surveillance via Windows spyware
This reinforces a critical point:
Air-gap controls must extend beyond physical disconnection — including USB governance, device auditing, behavioral monitoring, and strict runtime execution policies.

Are critical infrastructure operators prepared for USB-mediated C2 relays?

Source: https://www.bleepingcomputer.com/news/security/apt37-hackers-use-new-malware-to-breach-air-gapped-networks/

Engage below.

Follow TechNadu for high-signal threat intelligence insights.
Repost to elevate awareness.

#Infosec #APT37 #AirGapSecurity #ThreatModeling #MalwareAnalysis #NationStateThreats #USBExfiltration #SOC #DetectionEngineering #CyberDefense #OperationalSecurity #ThreatHunting #ZeroTrustArchitecture

APT37’s Ruby Jumper campaign demonstrates a mature approach to air-gap traversal.

Observed tradecraft includes:
• LNK-based initial execution
• Embedded PowerShell payload extraction
• Ruby interpreter abuse (v3.3.0)
• Scheduled task persistence (5-minute interval)
• USB-based covert bidirectional C2
• Multi-stage backdoor deployment
Toolset: RESTLEAF, SNAKEDROPPER, THUMBSBD, VIRUSTASK, FOOTWINE, BLUELIGHT.

The removable media relay model enables:
– Command staging offline
– Data exfiltration without internet access
– Lateral spread across isolated systems
– Surveillance via Windows spyware
This reinforces a critical point:
Air-gap controls must extend beyond physical disconnection — including USB governance, device auditing, behavioral monitoring, and strict runtime execution policies.

Are critical infrastructure operators prepared for USB-mediated C2 relays?

Source: https://www.bleepingcomputer.com/news/security/apt37-hackers-use-new-malware-to-breach-air-gapped-networks/

Engage below.

Follow TechNadu for high-signal threat intelligence insights.
Repost to elevate awareness.

#Infosec #APT37 #AirGapSecurity #ThreatModeling #MalwareAnalysis #NationStateThreats #USBExfiltration #SOC #DetectionEngineering #CyberDefense #OperationalSecurity #ThreatHunting #ZeroTrustArchitecture

APT37’s Ruby Jumper campaign demonstrates a mature approach to air-gap traversal.

Observed tradecraft includes:
• LNK-based initial execution
• Embedded PowerShell payload extraction
• Ruby interpreter abuse (v3.3.0)
• Scheduled task persistence (5-minute interval)
• USB-based covert bidirectional C2
• Multi-stage backdoor deployment
Toolset: RESTLEAF, SNAKEDROPPER, THUMBSBD, VIRUSTASK, FOOTWINE, BLUELIGHT.

The removable media relay model enables:
– Command staging offline
– Data exfiltration without internet access
– Lateral spread across isolated systems
– Surveillance via Windows spyware
This reinforces a critical point:
Air-gap controls must extend beyond physical disconnection — including USB governance, device auditing, behavioral monitoring, and strict runtime execution policies.

Are critical infrastructure operators prepared for USB-mediated C2 relays?

Source: https://www.bleepingcomputer.com/news/security/apt37-hackers-use-new-malware-to-breach-air-gapped-networks/

Engage below.

Follow TechNadu for high-signal threat intelligence insights.
Repost to elevate awareness.

#Infosec #APT37 #AirGapSecurity #ThreatModeling #MalwareAnalysis #NationStateThreats #USBExfiltration #SOC #DetectionEngineering #CyberDefense #OperationalSecurity #ThreatHunting #ZeroTrustArchitecture

Hackers Use KakaoTalk and Google Find Hub in Android Spyware Attack https://hackread.com/hackers-kakaotalk-google-find-hub-android-spyware/ #ScamsandFraud #Cybersecurity #GoogleFundHub #CyberAttack #NorthKorea #SouthKorea #KakaoTalk #Security #Android #Malware #Kimsuky #APT37 #Konni

Hackers Use KakaoTalk and Google Find Hub in Android Spyware Attack https://hackread.com/hackers-kakaotalk-google-find-hub-android-spyware/ #ScamsandFraud #Cybersecurity #GoogleFundHub #CyberAttack #NorthKorea #SouthKorea #KakaoTalk #Security #Android #Malware #Kimsuky #APT37 #Konni

Hackers Use KakaoTalk and Google Find Hub in Android Spyware Attack https://hackread.com/hackers-kakaotalk-google-find-hub-android-spyware/ #ScamsandFraud #Cybersecurity #GoogleFundHub #CyberAttack #NorthKorea #SouthKorea #KakaoTalk #Security #Android #Malware #Kimsuky #APT37 #Konni

Hackers Use KakaoTalk and Google Find Hub in Android Spyware Attack https://hackread.com/hackers-kakaotalk-google-find-hub-android-spyware/ #ScamsandFraud #Cybersecurity #GoogleFundHub #CyberAttack #NorthKorea #SouthKorea #KakaoTalk #Security #Android #Malware #Kimsuky #APT37 #Konni

South Korean researchers (Genians) report that APT37 is abusing Google Find Hub to track victims and remotely wipe Android devices.

The attackers use phished Google credentials to access legitimate Find Hub functions - no exploit involved.

Google has confirmed this and advises enabling 2-Step Verification or passkeys.

Credential security remains the weakest link in most modern attacks.

#CyberSecurity #APT37 #GoogleFindHub #ThreatIntel #AndroidSecurity #InfoSec #MalwareAnalysis #Kimsuky #TechNadu

South Korean researchers (Genians) report that APT37 is abusing Google Find Hub to track victims and remotely wipe Android devices.

The attackers use phished Google credentials to access legitimate Find Hub functions - no exploit involved.

Google has confirmed this and advises enabling 2-Step Verification or passkeys.

Credential security remains the weakest link in most modern attacks.

#CyberSecurity #APT37 #GoogleFindHub #ThreatIntel #AndroidSecurity #InfoSec #MalwareAnalysis #Kimsuky #TechNadu

South Korean researchers (Genians) report that APT37 is abusing Google Find Hub to track victims and remotely wipe Android devices.

The attackers use phished Google credentials to access legitimate Find Hub functions - no exploit involved.

Google has confirmed this and advises enabling 2-Step Verification or passkeys.

Credential security remains the weakest link in most modern attacks.

#CyberSecurity #APT37 #GoogleFindHub #ThreatIntel #AndroidSecurity #InfoSec #MalwareAnalysis #Kimsuky #TechNadu

North Korean hackers are using Google’s own tools to remotely wipe Android devices and hijack messaging apps. Think your account is safe? Dive into how a single breach can trigger a digital meltdown.

https://thedefendopsdiaries.com/konni-activity-cluster-north-korean-apts-exploit-google-find-hub-for-advanced-cyber-espionage/

#konni
#apt37
#cyberespionage
#androidsecurity
#googlefindhub
#malware
#northkorea
#spearphishing
#infosec

North Korean hackers are using Google’s own tools to remotely wipe Android devices and hijack messaging apps. Think your account is safe? Dive into how a single breach can trigger a digital meltdown.

https://thedefendopsdiaries.com/konni-activity-cluster-north-korean-apts-exploit-google-find-hub-for-advanced-cyber-espionage/

#konni
#apt37
#cyberespionage
#androidsecurity
#googlefindhub
#malware
#northkorea
#spearphishing
#infosec

North Korean hackers are using Google’s own tools to remotely wipe Android devices and hijack messaging apps. Think your account is safe? Dive into how a single breach can trigger a digital meltdown.

https://thedefendopsdiaries.com/konni-activity-cluster-north-korean-apts-exploit-google-find-hub-for-advanced-cyber-espionage/

#konni
#apt37
#cyberespionage
#androidsecurity
#googlefindhub
#malware
#northkorea
#spearphishing
#infosec

North Korean hackers are using Google’s own tools to remotely wipe Android devices and hijack messaging apps. Think your account is safe? Dive into how a single breach can trigger a digital meltdown.

https://thedefendopsdiaries.com/konni-activity-cluster-north-korean-apts-exploit-google-find-hub-for-advanced-cyber-espionage/

#konni
#apt37
#cyberespionage
#androidsecurity
#googlefindhub
#malware
#northkorea
#spearphishing
#infosec

North Korea’s ScarCruft Targets Academics With RokRAT Malware – Source:hackread.com https://ciso2ciso.com/north-koreas-scarcruft-targets-academics-with-rokrat-malware-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #HanKookPhantom #cybersecurity #CyberAttack #NorthKorea #ScarCruft #Hackread #Phishing #security #malware #RokRAT #APT37