"North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware"

The North Korean threat actor "ScarCruft" exploited a Windows security flaw to infect devices with the "RokRAT" malware. The flaw is a memory corruption bug in the Scripting Engine that enables Remote Code Execution (RCE) when using the Edge browser in Internet Explorer Mode. To exploit it, an attacker must convince a user to click on a specially crafted URL to execute the malicious code. This article continues to discuss findings regarding ScarCruft's delivery of RokRAT malware.

THN reports "North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware"

Submitted by grigby1

Submitted by Gregory Rigby on