TLDR:
- North Korean hackers are targeting cybersecurity professionals to steal threat research reports.
- The hackers, known as ScarCruft, are using decoy documents that mimic threat reports to trick victims.
- The targeted individuals are mostly based in South Korea and are experts on North Korea.
- ScarCruft uses malware called RokRAT, which is a backdoor that allows the hackers to gain control over the victims’ systems.
- The tactics used by ScarCruft are similar to those used in previous campaigns in 2023.
North Korean hackers, known as ScarCruft, are actively targeting cybersecurity professionals to steal threat research reports, according to cybersecurity researchers at SentinelOne. ScarCruft is using decoy documents that mimic threat reports to trick victims, most of whom are based in South Korea and are experts on North Korea. The malware used by ScarCruft is called RokRAT, which is a backdoor that allows the hackers to gain control over the victims’ systems. The tactics used by ScarCruft resemble those used in previous campaigns in 2023. This targeting of cybersecurity professionals suggests that ScarCruft is interested in defense strategies and gathering strategic intelligence for North Korea. The researchers at SentinelOne advise targeted individuals to be more aware of and comprehend the attacks and infection strategies by the threat actors in order to protect themselves effectively.