ScarCruft, active since at least 2012, is a cyber espionage group that operates on behalf of the North Korean government.
The group is believed to be a subordinate element within North Korea’s Ministry of State Security.
Attack chains mounted by the group have leaned heavily on social engineering to spearphish victims and deliver payloads onto target networks.
ScarCruft uses a trojan called the RokRAT remote access trojan.
The URL registered in the task scheduler appears to be a normal homepage, but it contains a web shell, ASEC noted.
Cybersecurity researchers have offered a closer look at the ROKRAT Remote Access Trojan that’s employed by the North Koreans state-sponsored actor known as ScarCruncher.
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply