Malicious ads exploited Internet Explorer zero day to drop malware

October 16, 2024 at 10:08AM North Korean hacking group ScarCruft executed a large-scale attack in May using an Internet Explorer zero-day vulnerability (CVE-2024-38178) to disseminate the RokRAT malware via deceptive toast ads. A joint report from South Korea’s NCSC and AhnLab highlights the threat, with Microsoft releasing a security update in August 2024. **Meeting Notes … Read more

North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware

October 16, 2024 at 07:45AM North Korean group ScarCruft exploited a zero-day vulnerability (CVE-2024-38178) in Windows to deploy RokRAT malware via a compromised advertising server. Users are tricked into clicking malicious links. This incident showcases ScarCruft’s evolving techniques, emphasizing the need for software updates to enhance security against such threats. ### Meeting Takeaways – October … Read more

North Korea’s ScarCruft Attackers Gear Up to Target Cybersecurity Pros

January 22, 2024 at 03:46PM ScarCruft, a North Korea-sponsored APT group, is preparing for targeted cyberattacks on threat intelligence professionals. They aim to steal nonpublic threat intel and enhance their offensive tactics. The innovative campaign involves using lure related to the Kimsuky APT group to target cybersecurity professionals, and the group is refining their malicious … Read more

October 10, 2023 at 12:16PM – North Korea’s State-Sponsored APTs Organize & Align

October 10, 2023 at 12:16PM North Korean APT groups have increased collaboration and coordination during the COVID-19 pandemic. The lines are blurring between individual groups, making it difficult to determine responsibility for specific threat activities. North Korean actors are diversifying attacks, sharing tools and code, and targeting the supply chain. Collaboration between defenders, governments, and … Read more