North Korea’s ScarCruft Targets Academics With RokRAT Malware

A new report reveals North Korea-linked ScarCruft is using RokRAT malware to target academics in a phishing campaign. Read about the cyber-espionage threat and the group’s evolving tactics.

Cybersecurity researchers from Seqrite Labs have discovered a new and highly targeted attack campaign linked to North Korea. The hacking group, known as ScarCruft or APT37, is deploying a malicious tool called RokRAT to spy on South Korean academics, researchers, and former government officials.

This operation has been named HanKook Phantom– HanKook means Korea, while Phantom represents the stealthy and evasive nature of the attack.

A Deceptive Attack

The attacks begin with a fake email, a technique known as spear-phishing. This is a very focused kind of fraud where the attackers pretend to be a trustworthy source to trick a specific person. In this case, the emails were disguised as a newsletter from a research society.

When a victim opens the ...