#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cloud Security

ScarCruft | Breaking Cybersecurity News | The Hacker News

North Korean Hackers Weaponize Research Lures to Deliver RokRAT Backdoor

North Korean Hackers Weaponize Research Lures to Deliver RokRAT Backdoor
Jan 22, 2024 Cyber Attack / Hacking
Media organizations and high-profile experts in North Korean affairs have been at the receiving end of a new campaign orchestrated by a threat actor known as  ScarCruft  in December 2023. "ScarCruft has been experimenting with new infection chains, including the use of a technical threat research report as a decoy, likely targeting consumers of threat intelligence like cybersecurity professionals," SentinelOne researchers Aleksandar Milenkoski and Tom Hegel  said  in a report shared with The Hacker News. The North Korea-linked adversary, also known by the name APT37, InkySquid, RedEyes, Ricochet Chollima, and Ruby Sleet, is  assessed  to be part of the Ministry of State Security (MSS), placing it apart from Lazarus Group and Kimsuky, which are elements within the Reconnaissance General Bureau (RGB). The group is  known  for its targeting of governments and defectors, leveraging  spear-phishing lures  to deliver  RokRAT and other backdoors  with the ultimate goal of  cove

North Korean Hackers Targets Russian Missile Engineering Firm

North Korean Hackers Targets Russian Missile Engineering Firm
Aug 07, 2023 Cyber Attack
Two different North Korean nation-state actors have been linked to a cyber intrusion against NPO Mashinostroyeniya, a major Russian missile engineering company. Cybersecurity firm SentinelOne  said  it identified "two instances of North Korea related compromise of sensitive internal IT infrastructure," including a case of an email server compromise and the deployment of a Windows backdoor dubbed OpenCarrot. The breach of the Linux email server has been attributed to  ScarCruft . OpenCarrot, on the other hand, is a known implant  previously identified  as used by the Lazarus Group. The attacks were flagged in mid-May 2022. A rocket design bureau based in Reutov, NPO Mashinostroyeniya was  sanctioned  by the U.S. Treasury Department in July 2014 in  connection  to "Russia's continued attempts to destabilize eastern Ukraine and its ongoing occupation of Crimea." While both ScarCruft (aka APT37) and the Lazarus Group are affiliated to North Korea, it's  wo

AI Copilot: Launching Innovation Rockets, But Beware of the Darkness Ahead

AI Copilot: Launching Innovation Rockets, But Beware of the Darkness Ahead
Apr 15, 2024Secure Coding / Artificial Intelligence
Imagine a world where the software that powers your favorite apps, secures your online transactions, and keeps your digital life could be outsmarted and taken over by a cleverly disguised piece of code. This isn't a plot from the latest cyber-thriller; it's actually been a reality for years now. How this will change – in a positive or negative direction – as artificial intelligence (AI) takes on a larger role in software development is one of the big uncertainties related to this brave new world. In an era where AI promises to revolutionize how we live and work, the conversation about its security implications cannot be sidelined. As we increasingly rely on AI for tasks ranging from mundane to mission-critical, the question is no longer just, "Can AI  boost cybersecurity ?" (sure!), but also "Can AI  be hacked? " (yes!), "Can one use AI  to hack? " (of course!), and "Will AI  produce secure software ?" (well…). This thought leadership article is about the latter. Cydrill  (a

N. Korean ScarCruft Hackers Exploit LNK Files to Spread RokRAT

N. Korean ScarCruft Hackers Exploit LNK Files to Spread RokRAT
Jun 01, 2023 Cyber Threat / Malware
Cybersecurity researchers have offered a closer look at the RokRAT remote access trojan that's employed by the North Korean state-sponsored actor known as  ScarCruft . "RokRAT is a sophisticated remote access trojan (RAT) that has been observed as a critical component within the attack chain, enabling the threat actors to gain unauthorized access, exfiltrate sensitive information, and potentially maintain persistent control over compromised systems," ThreatMon  said . ScarCruft , active since at least 2012, is a  cyber espionage group  that operates on behalf of the North Korean government, exclusively focusing on targets in its southern counterpart. The group is believed to be a subordinate element within North Korea's Ministry of State Security (MSS). Attack chains mounted by the group have leaned heavily on social engineering to spear-phish victims and deliver payloads onto target networks. This includes exploiting vulnerabilities in Hancom's Hangul Word

Today's Top 4 Identity Threat Exposures: Where To Find Them and How To Stop Them

cyber security
websiteSilverfort Identity Protection / Attack Surface
Explore the first ever threat report 100% focused on the prevalence of identity security gaps you may not be aware of.
Cybersecurity Resources