South Korean researchers (Genians) report that APT37 is abusing Google Find Hub to track victims and remotely wipe Android devices.

The attackers use phished Google credentials to access legitimate Find Hub functions - no exploit involved.

Google has confirmed this and advises enabling 2-Step Verification or passkeys.

Credential security remains the weakest link in most modern attacks.

#CyberSecurity #APT37 #GoogleFindHub #ThreatIntel #AndroidSecurity #InfoSec #MalwareAnalysis #Kimsuky #TechNadu

North Korean hackers are using Google’s own tools to remotely wipe Android devices and hijack messaging apps. Think your account is safe? Dive into how a single breach can trigger a digital meltdown.

https://thedefendopsdiaries.com/konni-activity-cluster-north-korean-apts-exploit-google-find-hub-for-advanced-cyber-espionage/

#konni
#apt37
#cyberespionage
#androidsecurity
#googlefindhub
#malware
#northkorea
#spearphishing
#infosec

ScarCruft (APT37) is running Operation HanKook Phantom → phishing South Korean academics w/ RokRAT malware.
🔹 LNK loaders + fileless PowerShell
🔹 Exfil via Dropbox & GDrive
🔹 Goal: espionage & persistence
💬 Should academia ramp up defenses to enterprise SOC levels, or is that unrealistic?
Follow @technadu for more threat intel.

#CyberSecurity #APT37 #ScarCruft #RokRAT #Phishing #ThreatIntel

#North #Korea’s #APT37 deploys #RokRAT in new phishing campaign against academics
https://securityaffairs.com/181782/hacking/north-koreas-apt37-deploys-rokrat-in-new-phishing-campaign-against-academics.html
#securityaffairs #hacking #malware

"탈북자 분들을 노리는 북한 해킹 단체 APT37(Reaper)에 만든 악성코드-김x민대표님모금캠페인.lnk(2024.10.31)" published by Sakai. #APT37, #LNK, #DPRK, #CTI https://wezard4u.tistory.com/429521

"대북관계자를 노리는 북한 해킹 단체 리퍼(Reaper)에서 만든 악성코드-국가정보와 방첩 원고.lnk(2025.6.3)" published by Sakai. #APT37, #LNK, #RokRAT, #DPRK, #CTI https://wezard4u.tistory.com/429506

Genians Security Center researchers analyse #APT37's “Operation: ToyBox Story”, in which the group used fake academic forum invites from a South Korean security think tank to lure victims and delivered malicious LNK files via the Dropbox cloud platform. https://genians.co.kr/en/blog/threat_intelligence/toybox-story

"Analysis of APT37 Attack Case Disguised as a Think Tank for National Security Strategy in South Korea (Operation. ToyBox Story)" published by Genians. #APT37, #LNK, #ToyBoxStory, #RokRAT, #DPRK, #CTI https://www.genians.co.kr/en/blog/threat_intelligence/toybox-story

"한국 국가안보전략 싱크탱크 위장 APT37 공격 사례 분석 (작전명. 토이박스 스토리)" published by Genians. #APT37, #LNK, #RokRAT, #ToyBoxStory, #DPRK, #CTI https://www.genians.co.kr/blog/threat_intelligence/toybox-story

"Hello 0-Days, My Old Friend: A 2024 Zero-Day Exploitation Analysis" published by Google. #APT37, #CVE-2024-21338, #CVE-2024-38178, #Trend, #DPRK, #CTI https://cloud.google.com/blog/topics/threat-intelligence/2024-zero-day-trends/?hl=en

"NSFOCUS APT Monthly Briefing - March 2025" published by NSFOCUS. #APT37, #Lazarus, #Trend, #DPRK, #CTI https://nsfocusglobal.com/nsfocus-apt-briefing-march-2025/

"한글 문서로 위장한 두 공격 그룹의 악성코드 비교" published by Logpresso. #APT37, #Konni, #RokRAT, #LNK, #DPRK, #CTI https://logpresso.com/ko/blog/2025-04-17-cti-report-vol11

"북한 해킹 단체 APT37(Reaper)에서 만든 악성코드-한국군사학논총(2025.3.26)" published by Sakai. #APT37, #LNK, #RokRAT, #DPRK, #CTI https://wezard4u.tistory.com/429443

"APT37 공격 그룹의 지속적 위협 공격" published by Hauri. #APT37, #LNK, #DPRK, #CTI https://download.hauri.net/DownSource/down/dwn_detail_down.html?uid=74

KoSpy: Unmasking the North Korean Spyware Threat

https://thedefendopsdiaries.com/kospy-unmasking-the-north-korean-spyware-threat/

#kospy
#northkoreanhackers
#androidspyware
#cybersecuritythreats
#apt37

Lookout Discovers New Spyware by North Korean APT37
#KoSpy #APT37
https://www.lookout.com/threat-intelligence/article/lookout-discovers-new-spyware-by-north-korean-apt37

"Lookout Discovers North Korean APT37 Mobile Spyware" published by Lookout. #APT37, #KoSpy, #Mobile, #DPRK, #CTI https://www.lookout.com/threat-intelligence/article/lookout-discovers-new-spyware-by-north-korean-apt37

"APT37 - RokRat" published by ZW01f. #APT37, #LNK, #RokRAT, #DPRK, #CTI https://zw01f.github.io/malware%20analysis/apt37/

"한글 문서로 위장한 두 공격 그룹의 악성코드 비교" published by Logpresso. #APT37, #Konni, #LNK, #RokRAT, #DPRK, #CTI https://logpresso.com/ko/blog/2025-03-04-comparison-of-malware-disguised-as-a-hangul-document

"Targeted Threats Research - South & North Korea (a breakdown of 3 years of threat research in Korea)" published by 0x0v1. #APT37, #CVE-2022-41128, #Kimsuky, #RambleOn, #RokRAT, #UCID902, #DPRK, #CTI https://www.0x0v1.com/targeted-threats-research-south-north-korea/