October 20, 2024 at 09:07PM APT37, a North Korea-backed group, exploited a zero-day vulnerability in Internet Explorer to launch a zero-click attack on South Korean targets via a compromised ad program, delivering malware instead of ads. The malware is known as RokRAT, and Microsoft has since patched the vulnerability. Legacy applications remain at risk. ### … Read more
October 16, 2024 at 10:08AM North Korean hacking group ScarCruft executed a large-scale attack in May using an Internet Explorer zero-day vulnerability (CVE-2024-38178) to disseminate the RokRAT malware via deceptive toast ads. A joint report from South Korea’s NCSC and AhnLab highlights the threat, with Microsoft releasing a security update in August 2024. **Meeting Notes … Read more
October 3, 2024 at 09:03PM APT37, a North Korean state-sponsored threat actor, has targeted Cambodian organizations with a new campaign called “Shrouded#Sleep.” Through spreading malicious emails related to Cambodian affairs in the Khmer language, APT37 introduces a backdoor called “VeilShell” disguised as shortcut files in an infection routine. This campaign demonstrates sophisticated persistence and stealth … Read more
October 3, 2024 at 09:45AM Threat actors linked to North Korea have been identified launching a new campaign named SHROUDED#SLEEP targeting Cambodia and other Southeast Asian countries using the VeilShell backdoor and RAT. The group, APT37, is associated with North Korea’s MSS and uses varied tactics for intelligence gathering. The campaign involves sophisticated techniques and … Read more
October 10, 2023 at 12:16PM North Korean APT groups have increased collaboration and coordination during the COVID-19 pandemic. The lines are blurring between individual groups, making it difficult to determine responsibility for specific threat activities. North Korean actors are diversifying attacks, sharing tools and code, and targeting the supply chain. Collaboration between defenders, governments, and … Read more