Today > 1 Critical | 2 Medium vulnerabilities - You can now download lists of IOCs here!
4 attack reports | 0 vulnerabilities
The report analyzes the covert cyber reconnaissance activities of the state-sponsored APT37 group targeting South Korea. The group uses spear-phishing emails with malicious LNK files to deploy the RoKRAT malware, collecting sensitive information from victims' devices. The attackers employ various t…
CVE-2024-38178 is a type confusion vulnerability in JScript9.dll, patched by Microsoft in August 2024. It allows bypassing the CVE-2022-41128 patch through incorrect JIT engine optimizations. APT37, a North Korean threat group, exploited this vulnerability in June 2024 against South Korean targets.…
This analysis delves into the continuous distribution of malicious shortcut files (*.LNK) targeting South Korean users, particularly those related to North Korea. These LNK files contain legitimate documents, script code, and encoded malware data. When executed, they create and run a document file …
The report details a recent cyber attack campaign by the APT-C-28 (ScarCruft) group, known for targeting organizations in Korea and Asia. The campaign utilized a malicious LNK file disguised as a document related to a 'North Korean Human Rights Expert Debate' to deliver the RokRat remote access tro…