#scarcruft — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #scarcruft, aggregated by home.social.
-
📰 North Korean APT ScarCruft Hits Gaming Platform in Supply-Chain Attack
North Korean APT ScarCruft (APT37) targets gamers in a supply-chain attack, compromising a gaming site to distribute Android spyware. The 'BirdCall' backdoor spies on ethnic Koreans in China. 🕵️♂️ #APT37 #ScarCruft #CyberSecurity #Android
-
📰 North Korean APT ScarCruft Hits Gaming Platform in Supply-Chain Attack
North Korean APT ScarCruft (APT37) targets gamers in a supply-chain attack, compromising a gaming site to distribute Android spyware. The 'BirdCall' backdoor spies on ethnic Koreans in China. 🕵️♂️ #APT37 #ScarCruft #CyberSecurity #Android
-
#ScarCruft hackers push #BirdCall #Android #malware via game platform
-
#ScarCruft hackers push #BirdCall #Android #malware via game platform
-
#ScarCruft hackers push #BirdCall #Android #malware via game platform
-
#ScarCruft hackers push #BirdCall #Android #malware via game platform
-
#ScarCruft hackers push #BirdCall #Android #malware via game platform
-
A rigged game: ScarCruft compromises gaming platform in a supply-chain attack
#ScarCruft #BirdCall
https://www.welivesecurity.com/en/eset-research/rigged-game-scarcruft-compromises-gaming-platform-supply-chain-attack/ -
A rigged game: ScarCruft compromises gaming platform in a supply-chain attack
#ScarCruft #BirdCall
https://www.welivesecurity.com/en/eset-research/rigged-game-scarcruft-compromises-gaming-platform-supply-chain-attack/ -
A rigged game: ScarCruft compromises gaming platform in a supply-chain attack
#ScarCruft #BirdCall
https://www.welivesecurity.com/en/eset-research/rigged-game-scarcruft-compromises-gaming-platform-supply-chain-attack/ -
A rigged game: ScarCruft compromises gaming platform in a supply-chain attack
#ScarCruft #BirdCall
https://www.welivesecurity.com/en/eset-research/rigged-game-scarcruft-compromises-gaming-platform-supply-chain-attack/ -
A rigged game: ScarCruft compromises gaming platform in a supply-chain attack
#ScarCruft #BirdCall
https://www.welivesecurity.com/en/eset-research/rigged-game-scarcruft-compromises-gaming-platform-supply-chain-attack/ -
ScarCruft APT Exploits Yanbian Gaming Platform for Intelligence Gathering
Meet ScarCruft, a notorious North Korea-aligned espionage group that's been caught exploiting a popular gaming platform in China to gather intel on its users. The group trojanized a site serving traditional Yanbian-themed games, compromising both Windows and Android software.
-
A rigged game: compromises gaming platform in a supply-chain attack
North Korea-aligned APT group ScarCruft executed a multiplatform supply-chain attack targeting ethnic Koreans in China's Yanbian region, an area significant for North Korean refugees and defectors. Since late 2024, the group compromised a video gaming platform dedicated to Yanbian-themed games, trojanizing both Windows and Android components with the BirdCall backdoor. The Windows client received malicious updates leading to RokRAT and subsequently BirdCall deployment, while Android games were directly trojanized. This marks the first discovery of Android BirdCall, capable of comprehensive surveillance including data collection, screenshots, and voice recording. The campaign focuses on espionage against individuals of interest to the North Korean regime, particularly refugees and defectors.
Pulse ID: 69f9c539da459757922d22d8
Pulse Link: https://otx.alienvault.com/pulse/69f9c539da459757922d22d8
Pulse Author: AlienVault
Created: 2026-05-05 10:23:53Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Android #BackDoor #China #CyberSecurity #Espionage #InfoSec #Korea #NorthKorea #OTX #OpenThreatExchange #RAT #ScarCruft #Trojan #Windows #bot #AlienVault
-
ScarCruft Expands Malware Arsenal with Multi-Platform BirdCall Backdoor
ScarCruft hackers have launched a sneaky attack on a popular video game platform, infecting both Windows and Android users with a new backdoor called BirdCall. The multi-platform threat has been targeting ethnic Koreans in China since late 2024, allowing hackers to gain unauthorized access.
#Scarcruft #NorthKorea #SupplyChain #MalwareOperations #StateSponsored
-
ScarCruft hackers deploy BirdCall malware via gaming platform.
North Korean hackers APT37, also known as ScarCruft, have cleverly expanded their BirdCall malware to target Android devices, adapting their Windows backdoor to spy on mobile users. They even used a popular gaming platform to sneak the malware onto unsuspecting devices.
#Apt37 #Scarcruft #RicochetChollima #BirdcallMalware #AndroidSpyware
-
North Korea’s ScarCruft Targets Academics With RokRAT Malware – Source:hackread.com https://ciso2ciso.com/north-koreas-scarcruft-targets-academics-with-rokrat-malware-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #HanKookPhantom #cybersecurity #CyberAttack #NorthKorea #ScarCruft #Hackread #Phishing #security #malware #RokRAT #APT37
-
North Korea’s ScarCruft Targets Academics With RokRAT Malware – Source:hackread.com https://ciso2ciso.com/north-koreas-scarcruft-targets-academics-with-rokrat-malware-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #HanKookPhantom #cybersecurity #CyberAttack #NorthKorea #ScarCruft #Hackread #Phishing #security #malware #RokRAT #APT37
-
North Korea’s ScarCruft Targets Academics With RokRAT Malware – Source:hackread.com https://ciso2ciso.com/north-koreas-scarcruft-targets-academics-with-rokrat-malware-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #HanKookPhantom #cybersecurity #CyberAttack #NorthKorea #ScarCruft #Hackread #Phishing #security #malware #RokRAT #APT37
-
North Korea’s ScarCruft Targets Academics With RokRAT Malware – Source:hackread.com https://ciso2ciso.com/north-koreas-scarcruft-targets-academics-with-rokrat-malware-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #HanKookPhantom #cybersecurity #CyberAttack #NorthKorea #ScarCruft #Hackread #Phishing #security #malware #RokRAT #APT37
-
North Korea’s ScarCruft Targets Academics With RokRAT Malware https://hackread.com/north-korea-scarcruft-target-academics-rokrat-malware/ #HanKookPhantom #Cybersecurity #CyberAttack #NorthKorea #ScarCruft #Security #Phishing #Malware #RokRAT #APT37
-
North Korea’s ScarCruft Targets Academics With RokRAT Malware https://hackread.com/north-korea-scarcruft-target-academics-rokrat-malware/ #HanKookPhantom #Cybersecurity #CyberAttack #NorthKorea #ScarCruft #Security #Phishing #Malware #RokRAT #APT37
-
North Korea’s ScarCruft Targets Academics With RokRAT Malware https://hackread.com/north-korea-scarcruft-target-academics-rokrat-malware/ #HanKookPhantom #Cybersecurity #CyberAttack #NorthKorea #ScarCruft #Security #Phishing #Malware #RokRAT #APT37
-
North Korea’s ScarCruft Targets Academics With RokRAT Malware https://hackread.com/north-korea-scarcruft-target-academics-rokrat-malware/ #HanKookPhantom #Cybersecurity #CyberAttack #NorthKorea #ScarCruft #Security #Phishing #Malware #RokRAT #APT37
-
North Korea-linked ScarCruft is using spear-phishing with RokRAT malware to spy on academics, dubbed the #HanKookPhantom campaign.
Read: https://hackread.com/north-korea-scarcruft-target-academics-rokrat-malware/
-
North Korea-linked ScarCruft is using spear-phishing with RokRAT malware to spy on academics, dubbed the #HanKookPhantom campaign.
Read: https://hackread.com/north-korea-scarcruft-target-academics-rokrat-malware/
-
North Korea-linked ScarCruft is using spear-phishing with RokRAT malware to spy on academics, dubbed the #HanKookPhantom campaign.
Read: https://hackread.com/north-korea-scarcruft-target-academics-rokrat-malware/
-
North Korea-linked ScarCruft is using spear-phishing with RokRAT malware to spy on academics, dubbed the #HanKookPhantom campaign.
Read: https://hackread.com/north-korea-scarcruft-target-academics-rokrat-malware/
-
North Korea-linked ScarCruft is using spear-phishing with RokRAT malware to spy on academics, dubbed the #HanKookPhantom campaign.
Read: https://hackread.com/north-korea-scarcruft-target-academics-rokrat-malware/
-
ScarCruft (APT37) is running Operation HanKook Phantom → phishing South Korean academics w/ RokRAT malware.
🔹 LNK loaders + fileless PowerShell
🔹 Exfil via Dropbox & GDrive
🔹 Goal: espionage & persistence
💬 Should academia ramp up defenses to enterprise SOC levels, or is that unrealistic?
Follow @technadu for more threat intel.#CyberSecurity #APT37 #ScarCruft #RokRAT #Phishing #ThreatIntel
-
ScarCruft (APT37) is running Operation HanKook Phantom → phishing South Korean academics w/ RokRAT malware.
🔹 LNK loaders + fileless PowerShell
🔹 Exfil via Dropbox & GDrive
🔹 Goal: espionage & persistence
💬 Should academia ramp up defenses to enterprise SOC levels, or is that unrealistic?
Follow @technadu for more threat intel.#CyberSecurity #APT37 #ScarCruft #RokRAT #Phishing #ThreatIntel
-
ScarCruft Uses RokRAT Malware in Operation HanKook Phantom Targeting South Korean Academics – Source:thehackernews.com https://ciso2ciso.com/scarcruft-uses-rokrat-malware-in-operation-hankook-phantom-targeting-south-korean-academics-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #Scarcruft
-
North Korean Group ScarCruft Expands From Spying to Ransomware Attacks https://hackread.com/north-korean-group-scarcruft-spying-ransomware-attacks/ #Cybersecurity #VCDRansomware #ChillyChino #CyberAttack #NorthKorea #SouthKorea #ScarCruft #Security #Malware #NubSpy #Spying
-
North Korean Group ScarCruft Expands From Spying to Ransomware Attacks – Source:hackread.com https://ciso2ciso.com/north-korean-group-scarcruft-expands-from-spying-to-ransomware-attacks-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #cybersecurity #VCDRansomware #ChillyChino #CyberAttack #NorthKorea #SouthKorea #ScarCruft #Hackread #security #malware #NubSpy #Spying
-
North Korean elite hackers from #ScarCruft group have moved from spying to ransomware, using VCD malware in phishing attacks, targeting #SouthKorea with advanced tools.
Read: https://hackread.com/north-korean-group-scarcruft-spying-ransomware-attacks/
#CyberSecurity #NorthKorea #VCDRansomware #Malware #Ransowmare
-
North Korea-linked APT group ScarCruft spotted using new Android spyware KoSpy – Source: securityaffairs.com https://ciso2ciso.com/north-korea-linked-apt-group-scarcruft-spotted-using-new-android-spyware-kospy-source-securityaffairs-com/ #rssfeedpostgeneratorecho #informationsecuritynews #ITInformationSecurity #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #SecurityAffairs #SecurityAffairs #BreakingNews #SecurityNews #hackingnews #Scarcruft #Security #hacking #Malware #Spyware #KoSpy
-
North Korean Hackers Distributed Android Spyware via Google Play – Source: www.securityweek.com https://ciso2ciso.com/north-korean-hackers-distributed-android-spyware-via-google-play-source-www-securityweek-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #Mobile&Wireless #securityweekcom #Uncategorized #securityweek #NorthKorea #Scarcruft #Spyware #KoSpy #APT
-
North Korean Hackers Distributed Android Spyware via Google Play https://www.securityweek.com/north-korean-hackers-distributed-android-spyware-via-google-play/ #Mobile&Wireless #Uncategorized #NorthKorea #ScarCruft #spyware #KoSpy #APT
-
North Korean Hackers Distributed Android Spyware via Google Play https://www.securityweek.com/north-korean-hackers-distributed-android-spyware-via-google-play/ #Mobile&Wireless #Uncategorized #NorthKorea #ScarCruft #spyware #KoSpy #APT
-
Happy Tuesday everyone!
#APT37, aka #ScarCruft, is at it again! SentinelOne researchers noticed that they are targeting media organizations and others that are associated with North Korean affairs. The group leverages .LNK files, zip files, and phishing emails.
I found this article most interesting because of the multiple types of file formats that were used, to include .bat and .dat files, involved in the campaign. They also use a custom backdoor known as #RokRat to aid in their attack. This is a great article and worth the time! Enjoy and Happy Hunting!
Notable MITRE ATT&CK TTPs and Behaviors:
TA0001 - Initial Access
T1566.001 - Phishing: Spearphishing AttachmentTA0002 - Execution
T1059.001 - Command And Scripting Interpreter: Powershell
T1204.001 - User Execution: Malicious Link#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday #gethunting
-
Asec: RedEyes (ScarCruft)’s CHM Malware Using the Topic of Fukushima Wastewater Release https://asec.ahnlab.com/en/56857/ #MalwareInformation #ScarCruft #backdoor #RedEyes #APT37 #chm
-
Asec: RedEyes (ScarCruft)’s CHM Malware Using the Topic of Fukushima Wastewater Release https://asec.ahnlab.com/en/56857/ #MalwareInformation #ScarCruft #backdoor #RedEyes #APT37 #chm
-
Asec: RedEyes (ScarCruft)’s CHM Malware Using the Topic of Fukushima Wastewater Release https://asec.ahnlab.com/en/56857/ #MalwareInformation #ScarCruft #backdoor #RedEyes #APT37 #chm
-
Asec: RedEyes (ScarCruft)’s CHM Malware Using the Topic of Fukushima Wastewater Release https://asec.ahnlab.com/en/56857/ #MalwareInformation #ScarCruft #backdoor #RedEyes #APT37 #chm
-
Asec: RedEyes (ScarCruft)’s CHM Malware Using the Topic of Fukushima Wastewater Release https://asec.ahnlab.com/en/56857/ #MalwareInformation #ScarCruft #backdoor #RedEyes #APT37 #chm
-
Asec: RedEyes (ScarCruft)’s CHM Malware Using the Topic of Fukushima Wastewater Release https://asec.ahnlab.com/en/56857/ #MalwareInformation #ScarCruft #backdoor #RedEyes #APT37 #chm
-
Asec: Distribution of Backdoor via Malicious LNK: RedEyes (ScarCruft) https://asec.ahnlab.com/en/56756/ #MalwareInformation #ScarCruft #RedEyes #chm #lnk
-
Asec: Distribution of Backdoor via Malicious LNK: RedEyes (ScarCruft) https://asec.ahnlab.com/en/56756/ #MalwareInformation #ScarCruft #RedEyes #chm #lnk
-
Asec: Distribution of Backdoor via Malicious LNK: RedEyes (ScarCruft) https://asec.ahnlab.com/en/56756/ #MalwareInformation #ScarCruft #RedEyes #chm #lnk
-
Asec: Distribution of Backdoor via Malicious LNK: RedEyes (ScarCruft) https://asec.ahnlab.com/en/56756/ #MalwareInformation #ScarCruft #RedEyes #chm #lnk