#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

ScarCruft | Breaking Cybersecurity News | The Hacker News

Category — ScarCruft
North Korean Hackers Weaponize Research Lures to Deliver RokRAT Backdoor

North Korean Hackers Weaponize Research Lures to Deliver RokRAT Backdoor

Jan 22, 2024 Cyber Attack / Hacking
Media organizations and high-profile experts in North Korean affairs have been at the receiving end of a new campaign orchestrated by a threat actor known as  ScarCruft  in December 2023. "ScarCruft has been experimenting with new infection chains, including the use of a technical threat research report as a decoy, likely targeting consumers of threat intelligence like cybersecurity professionals," SentinelOne researchers Aleksandar Milenkoski and Tom Hegel  said  in a report shared with The Hacker News. The North Korea-linked adversary, also known by the name APT37, InkySquid, RedEyes, Ricochet Chollima, and Ruby Sleet, is  assessed  to be part of the Ministry of State Security (MSS), placing it apart from Lazarus Group and Kimsuky, which are elements within the Reconnaissance General Bureau (RGB). The group is  known  for its targeting of governments and defectors, leveraging  spear-phishing lures  to deliver  RokRAT and othe...
North Korean Hackers Targets Russian Missile Engineering Firm

North Korean Hackers Targets Russian Missile Engineering Firm

Aug 07, 2023 Cyber Attack
Two different North Korean nation-state actors have been linked to a cyber intrusion against NPO Mashinostroyeniya, a major Russian missile engineering company. Cybersecurity firm SentinelOne  said  it identified "two instances of North Korea related compromise of sensitive internal IT infrastructure," including a case of an email server compromise and the deployment of a Windows backdoor dubbed OpenCarrot. The breach of the Linux email server has been attributed to  ScarCruft . OpenCarrot, on the other hand, is a known implant  previously identified  as used by the Lazarus Group. The attacks were flagged in mid-May 2022. A rocket design bureau based in Reutov, NPO Mashinostroyeniya was  sanctioned  by the U.S. Treasury Department in July 2014 in  connection  to "Russia's continued attempts to destabilize eastern Ukraine and its ongoing occupation of Crimea." While both ScarCruft (aka APT37) and the Lazarus Group are affiliated to North...
Unlocking Google Workspace Security: Are You Doing Enough to Protect Your Data?

Crowdstrike Named A Leader In Endpoint Protection Platforms

Nov 22, 2024Endpoint Security / Threat Detection
CrowdStrike is named a Leader in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms for the fifth consecutive time, positioned highest on Ability to Execute and furthest to the right on Completeness of Vision.
N. Korean ScarCruft Hackers Exploit LNK Files to Spread RokRAT

N. Korean ScarCruft Hackers Exploit LNK Files to Spread RokRAT

Jun 01, 2023 Cyber Threat / Malware
Cybersecurity researchers have offered a closer look at the RokRAT remote access trojan that's employed by the North Korean state-sponsored actor known as  ScarCruft . "RokRAT is a sophisticated remote access trojan (RAT) that has been observed as a critical component within the attack chain, enabling the threat actors to gain unauthorized access, exfiltrate sensitive information, and potentially maintain persistent control over compromised systems," ThreatMon  said . ScarCruft , active since at least 2012, is a  cyber espionage group  that operates on behalf of the North Korean government, exclusively focusing on targets in its southern counterpart. The group is believed to be a subordinate element within North Korea's Ministry of State Security (MSS). Attack chains mounted by the group have leaned heavily on social engineering to spear-phish victims and deliver payloads onto target networks. This includes exploiting vulnerabilities in Hancom's Hangul Word ...
cyber security

The AppSec & R&D Playbook: How to Align Security and Innovation

websiteBackslashApplication Security
AppSec vs. R&D? Bridge the gap with clear steps to streamline workflows and foster collaboration.
Expert Insights / Articles Videos
Cybersecurity Resources