Analysis of Cyber Reconnaissance Activities Behind APT37 Threats
Nov. 6, 2024, 11:35 a.m.
Description
The report analyzes the covert cyber reconnaissance activities of the state-sponsored APT37 group targeting South Korea. The group uses spear-phishing emails with malicious LNK files to deploy the RoKRAT malware, collecting sensitive information from victims' devices. The attackers employ various tactics to evade detection, including web beacons for initial reconnaissance and cloud storage services for command and control. The report highlights the group's evolving techniques, use of VPN servers, and specific targeting of individuals in fields related to North Korea. It emphasizes the need for enhanced endpoint security solutions to detect and respond to such sophisticated threats.
Tags
Date
- Created: Nov. 6, 2024, 11:12 a.m.
- Published: Nov. 6, 2024, 11:12 a.m.
- Modified: Nov. 6, 2024, 11:35 a.m.
Indicators
- b1025baa59609708315326fe4279d8113f7af3f292470ef42c33fccbb8aa3e56
- 61.97.243.2
- 175.214.194.61
- 158.247.249.129
- 158.247.219.10
- 141.164.62.19
- 141.164.60.110
- 108.181.52.236
- 108.181.52.235
- 108.181.52.234
- 108.181.52.229
- 108.181.52.169
- 108.181.52.231
- 108.181.50.58
- 223.104.236.114
- http://navarar.com/files/
- http://filedownloadserve.com/download/
- navarar.com
- kakaofilestorage.com
- filedownloadserve.com
Additional Informations
- Media
- Defense
- Education
- Government