Security News ScarCruft APT Group Gears Up to Target Cybersecurity Pros


Level 27
Thread author
Aug 17, 2017
ScarCruft, the North Korea-sponsored advanced persistent threat (APT) group, is gearing up for targeted attacks on cybersecurity researchers and other members of the threat intelligence community — likely in a bid to steal nonpublic threat intel and improve its operational playbook.

According to an analysis from SentinelLabs, ScarCruft (aka APT37, Inky Squid, RedEyes, and Reaper) spent November and December targeting media organizations and think-tank personnel that focus on North Korean affairs, in a series of fairly typical impersonation-style attacks that researchers expect to continue into 2024. However, while analyzing that campaign, SentinelLabs researchers came across new, in-development malware and some trial infection chains that suggest that a different type of offensive is in the offing.

This is not the first time that North Korean actors have targeted cybersecurity pros; but notably, the infection routine the attackers have been testing out is innovative in that it uses technical threat research on the North Korean APT known as Kimsuky as a lure. The report is legit, published in October by Genians, a South Korean cybersecurity company — and calling out a fellow APT in such a way is a twist that appears to break new ground, according to Aleksandar Milenkoski, senior threat researcher at SentinelOne.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.