"ScarCruft's Evolving Arsenal: Researchers Reveal New Malware Distribution Techniques"

The North Korean Advanced Persistent Threat (APT) group called ScarCruft downloads additional malware using weaponized Microsoft Compiled HTML Help (CHM) files. According to different reports from AhnLab Security Emergency Response Center (ASEC), SEKOIA.IO, and Zscaler, the discoveries demonstrate the group's ongoing efforts to polish and retool its techniques to evade detection. Researchers at Zscaler commented that the ScarCruft group is continuously enhancing its tactics, techniques, and procedures (TTPs) while experimenting with new file formats and approaches to avoid security companies. ScarCruft, also known as APT37, Reaper, RedEyes, and Ricochet Chollima, has targeted multiple South Korean entities for espionage purposes with a heightened operational tempo since the start of 2023. It has been in operation since at least 2012. This article continues to discuss new findings regarding the North Korean APT group ScarCruft.

THN reports "ScarCruft's Evolving Arsenal: Researchers Reveal New Malware Distribution Techniques"