North Korea's APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware

North Korean APT group APT37 (ScarCruft) has launched a sophisticated multi-stage social engineering campaign targeting users on Facebook. The threat actors approached potential victims by adding them as friends, exploiting the platform's trust mechanisms to deliver the RokRAT remote access trojan. This campaign demonstrates the continued use of social media platforms as attack vectors by state-sponsored threat actors. Organizations should educate employees about social engineering risks on professional and personal networking platforms, implement verification procedures for unexpected friend requests from unknown parties, and deploy advanced email and endpoint detection solutions capable of identifying RAT malware and command-and-control communications.

The North Korean hacking group tracked as APT37 (aka ScarCruft) has been attributed to a fresh multi-stage, social engineering campaign in which threat actors approached targets on Facebook and added them as friends on the social media platform, turning the trust-building exercise into a delivery channel for a remote access trojan called RokRAT. "The threat actor used two Facebook

North Korean APT group APT37 (ScarCruft) has launched a sophisticated multi-stage social engineering campaign targeting users on Facebook. The threat actors approached potential victims by adding them as friends, exploiting the platform's trust mechanisms to deliver the RokRAT remote access trojan. This campaign demonstrates the continued use of social media platforms as attack vectors by state-sponsored threat actors. Organizations should educate employees about social engineering risks on professional and personal networking platforms, implement verification procedures for unexpected friend requests from unknown parties, and deploy advanced email and endpoint detection solutions capable of identifying RAT malware and command-and-control communications. The North Korean hacking group tracked as APT37 (aka ScarCruft) has been attributed to a fresh multi-stage, social engineering campaign in which threat actors approached targets on Facebook and added them as friends on the social media platform, turning the trust-building exercise into a delivery channel for a remote access trojan called RokRAT. "The threat actor used two Facebook The North Korean hacking group tracked as APT37 (aka ScarCruft) has been attributed to a fresh multi-stage, social engineering campaign in which threat actors approached targets on Facebook and added them as friends on the social media platform, turning the trust-building exercise into a delivery channel for a remote access trojan called RokRAT. "The threat actor used two Facebook