A hacker group known as APT37 has launched a new espionage campaign against organizations in South Korea with interests in national security, researchers have found. The group, also known as ScarCruft, impersonated a North Korea-focused expert and a think tank to lure victims into opening phishing emails, reports South Korean cybersecurity firm Genians. One email discovered by Genians offered information on North Korean troops deployed to Russia, while another contained a fake invitation to a national security conference. Both emails included Dropbox links, a tactic APT37 frequently employs to disguise its operations. APT37 is generally considered to be state-sponsored by North Korea and has previously targeted high-profile individuals, as well as public and private entities, primarily in South Korea. Allegedly operating within North Korea’s Ministry of State Security, it is one of the country’s most active hacking units, known for using social engineering tactics to deceive victims into opening malicious files. The group has a history of using Dropbox and other global cloud services, such as Yandex, OneDrive and Google Drive, to distribute malicious files, researchers said. In the latest attack, the group embedded malicious code that triggered PowerShell commands to deploy RoKRAT malware, a tool capable of collecting detailed system information, capturing real-time screenshots, and storing them for later analysis.

Full report : South Korean researchers uncover another cyber-espionage campaign from the North Korea.