A suspected North Korean state-sponsored risk actor known as “ScarCruft” is launching spear phishing assaults towards cybersecurity professionals, in accordance with researchers at SentinelOne.
“ScarCruft is testing malware an infection chains that use a technical risk analysis report on Kimsuky as a decoy doc,” the researchers write. “Kimsuky is one other suspected North Korean risk group noticed to share operational traits with ScarCruft, like infrastructure and C2 server configurations. Given ScarCruft’s observe of utilizing decoy paperwork related to focused people, we suspect that the deliberate campaigns will doubtless goal customers of technical risk intelligence studies, like risk researchers, cyber coverage organizations, and different cybersecurity professionals.”
The researchers consider the risk actor’s objective is cyber espionage in assist of the North Korean authorities.
“By focusing on high-profile consultants in North Korean affairs and information organizations targeted on North Korea, ScarCruft continues to meet its main goal of gathering strategic intelligence,” the researchers write.
“This allows the adversary to achieve a greater understanding of how the worldwide group perceives developments in North Korea, thereby contributing to North Korea’s decision-making processes.”
SentinelOne concludes that the risk actor will proceed impersonating cybersecurity researchers in future spear phishing campaigns.
“ScarCruft’s deal with customers of technical risk intelligence studies suggests an intent to achieve insights into private cyber risk intelligence and protection methods,” the researchers write.
“This helps in figuring out potential threats to their operations and contributes to refining their operational and evasive approaches. As we proceed to trace suspected North Korean risk actors and their tempo of experimentation, we assess they’ve a rising curiosity in mimicking cybersecurity professionals and companies, finally to be used within the focusing on of particular prospects and contacts immediately, or extra broadly by model impersonation.”
KnowBe4 allows your workforce to make smarter safety choices daily. Over 65,000 organizations worldwide belief the KnowBe4 platform to strengthen their safety tradition and cut back human danger.
SentinelOne has the story.