Summary: APT-C-28, also known as ScarCruft, has been actively conducting cyber espionage against strategic industries in South Korea and other Asian countries since at least 2012, utilizing a cloud-based remote access Trojan named RokRat. Their sophisticated multi-stage attack process includes custom phishing campaigns, fileless malware delivery, and advanced evasion techniques to maintain long-term access to targeted networks. Recent trends indicate a shift towards embedding payloads directly into malicious LNK files, adapting to defensive measures from cloud security providers.
Affected: Strategic industries in South Korea and other Asian countries
Keypoints :
- APT-C-28 (ScarCruft) targets sectors like chemicals, electronics, and healthcare.
- Employs a multi-stage infection strategy using LNK shortcut files to deliver payloads.
- Utilizes evasion techniques, including fileless execution and encrypted shellcode, to bypass detection.
- RokRat enables extensive capabilities like screen capture, keylogging, and data exfiltration.
- Recent campaigns show a shift from cloud-based C2 servers to direct payload embedding in LNK files.
Source: https://securityonline.info/north-korean-apt-c-28-expands-cyber-espionage-campaign/
Views: 18