Summary:
Researchers from South Korean cybersecurity firm Genians have uncovered a new cyber-espionage campaign by North Korean state-sponsored group APT37 (also known as ScarCruft). The hackers targeted South Korean organizations involved in national security by impersonating a North Korea expert and a think tank in phishing emails. These emails used Dropbox links to deliver malicious files, ultimately deploying RoKRAT malware, which collects system info and screenshots. APT37 has a long history of using cloud services like Dropbox, Yandex, OneDrive, and Google Drive in their attacks. The campaign also involved several suspicious Russian Yandex email accounts, though it’s unclear how they're connected. This incident follows recent reports of other North Korean threat groups—like TA406 and Konni—targeting South Korea, Russia, and Ukraine in similar operations.

Security Officer Comments:
North Korea’s hackers are at it again, pretending to be experts or important people and tricking people in South Korea into clicking sketchy links. These emails look like they’re about military stuff or serious meetings, but really they’re just bait to get you to open malware. Once someone clicks, their computer secretly sends info back to the hackers. It’s kinda like getting catfished but with your data. What’s wild is that they use normal stuff like Dropbox and Google Drive so it doesn’t look super suspicious at first.

Suggested Corrections:
If you get emails with links to things like Dropbox or Google Drive and they’re from someone you don’t totally trust, don’t click them. Always double-check who’s sending you stuff, even if they look official. Make sure your antivirus is working and that your computer blocks weird PowerShell stuff from running in the background. And if you work in government or security, be super careful, hackers love to go after people in important jobs.

Link(s):
https://therecord.media/apt37-scarcruft-cyber-espionage-campaign-south-korea