North Korea's APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware

North Korean threat actors linked to APT37 (ScarCruft) are leveraging Facebook's social networking features to execute targeted attacks. By sending friend requests and building trust with potential victims, the group delivers RokRAT, a remote access trojan, through what appears to be legitimate social media interactions. Organizations face significant risk from this multi-stage approach that combines social engineering with sophisticated malware. Critical defenses include educating users about social media-based attacks and closely monitoring communication from unfamiliar profiles on networking platforms.

The North Korean hacking group tracked as APT37 (aka ScarCruft) has been attributed to a fresh multi-stage, social engineering campaign in which threat actors approached targets on Facebook and added them as friends on the social media platform, turning the trust-building exercise into a delivery channel for a remote access trojan called RokRAT. "The threat actor used two Facebook

North Korean threat actors linked to APT37 (ScarCruft) are leveraging Facebook's social networking features to execute targeted attacks. By sending friend requests and building trust with potential victims, the group delivers RokRAT, a remote access trojan, through what appears to be legitimate social media interactions. Organizations face significant risk from this multi-stage approach that combines social engineering with sophisticated malware. Critical defenses include educating users about social media-based attacks and closely monitoring communication from unfamiliar profiles on networking platforms. The North Korean hacking group tracked as APT37 (aka ScarCruft) has been attributed to a fresh multi-stage, social engineering campaign in which threat actors approached targets on Facebook and added them as friends on the social media platform, turning the trust-building exercise into a delivery channel for a remote access trojan called RokRAT. "The threat actor used two Facebook The North Korean hacking group tracked as APT37 (aka ScarCruft) has been attributed to a fresh multi-stage, social engineering campaign in which threat actors approached targets on Facebook and added them as friends on the social media platform, turning the trust-building exercise into a delivery channel for a remote access trojan called RokRAT. "The threat actor used two Facebook