APT37 Archives • Daily CyberSecurity

APT37’s New “Python-in-a-Cat” Malware Uses Environment Variable Obfuscation APT37 Phishing Campaign Python Malware Obfuscation

APT37’s New “Python-in-a-Cat” Malware Uses Environment Variable Obfuscation

Do Son May 12, 2026

In the world of cyberespionage, familiarity can be a fatal mistake for defenders. Just as security teams...

The Friend Request from Pyongyang: How APT37 Hijacks Facebook to Deploy RokRAT APT37 RokRAT Social Engineering Phishing

The Friend Request from Pyongyang: How APT37 Hijacks Facebook to Deploy RokRAT

Do Son April 15, 2026

A new investigation has revealed that the notorious state-sponsored threat group APT37 has significantly evolved its tactics,...

Bridging the Gap: North Korean APT37 Deploys ‘Ruby Jumper’ to Infiltrate Isolated Air-Gapped Networks CVE-2024-3393 - Zservers sanctions

Bridging the Gap: North Korean APT37 Deploys ‘Ruby Jumper’ to Infiltrate Isolated Air-Gapped Networks

Do Son March 3, 2026

In a sophisticated escalation of cyber espionage, the North Korean-linked threat group APT37 (also known as ScarCruft...

“Casting Call” for Malware: APT37 Poses as TV Writers to Hack Targets APT37 Artemis, Korean TV Casting Phishing

“Casting Call” for Malware: APT37 Poses as TV Writers to Hack Targets

Do Son December 24, 2025

A notorious threat group is auditioning victims for a new cyber-espionage campaign, masquerading as television production staff...

APT37 Expands Arsenal with Rustonotto Backdoor, PowerShell Chinotto, and FadeStealer North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

APT37 Expands Arsenal with Rustonotto Backdoor, PowerShell Chinotto, and FadeStealer

Do Son September 10, 2025

Zscaler ThreatLabz has uncovered new details about North Korean-aligned threat actor APT37 (also known as ScarCruft, Ruby...

ScarCruft APT Deploys VCD Ransomware, Uses PubNub & New Malware in Espionage Campaign North Korea APT, PubNub Abuse

ScarCruft APT Deploys VCD Ransomware, Uses PubNub & New Malware in Espionage Campaign

Do Son August 11, 2025

S2W’s Threat Analysis and Intelligence Center (TALON) has uncovered a sophisticated malware campaign attributed to the North...

APT37 Escalates Cyber-Espionage on South Korea: New RoKRAT Backdoor Uses Stealthy LNK Files & Steganography

Do Son August 4, 2025

The North Korea-linked threat actor APT37, known for its persistent cyberespionage campaigns in South Korea and beyond,...

North Korean APT37’s “ToyBox Story”: Stealthy Attacks Unveiled APT37, RoKRAT

North Korean APT37’s “ToyBox Story”: Stealthy Attacks Unveiled

Do Son May 13, 2025

In a recent expose by Genians Security Center (GSC), North Korean-linked APT group APT37 has once again...

Konni RAT Resurfaces: North Korean Espionage Malware Evolves with Stealth and Persistence North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

Konni RAT Resurfaces: North Korean Espionage Malware Evolves with Stealth and Persistence

Do Son April 1, 2025

Cyfirma’s recent analysis sheds light on Konni RAT, a sophisticated Remote Access Trojan (RAT) targeting Windows systems....

North Korean ScarCruft APT Targets Users with Novel KoSpy Android Spyware

Do Son March 15, 2025

A new Android surveillance tool, dubbed KoSpy, has been discovered by Lookout Threat Lab researchers, with evidence...

Squid Werewolf APT Masquerades as Recruiters in Espionage Campaign Targeting Key Employees WhatsApp Worm, Brazilian Banking Trojan LAPSUS$ Alliance, Scattered Spider Ransomware, Cybercrime RedCurl APT group Russian Cyberespionage, ApolloShadow Malware

WhatsApp Worm, Brazilian Banking Trojan LAPSUS$ Alliance, Scattered Spider Ransomware, Cybercrime RedCurl APT group Russian Cyberespionage, ApolloShadow Malware

Squid Werewolf APT Masquerades as Recruiters in Espionage Campaign Targeting Key Employees

Do Son March 14, 2025

The BI.ZONE Threat Intelligence team has uncovered a new cyber-espionage campaign attributed to Squid Werewolf, also known...

North Korean APT-C-28 Expands Cyber Espionage Campaign

Do Son February 23, 2025

A recent report from 360 Threat Intelligence Center has detailed the persistent cyber espionage activities of APT-C-28...

South Korean CSOs Under Cyberattack: 3-Year Study South Korean Cyberattack

South Korean CSOs Under Cyberattack: 3-Year Study

Do Son February 13, 2025

A three-year study conducted by independent security researcher Ovie (Ovi) has exposed the scale and sophistication of...

North Korean Hackers Exploit Zero-Day Flaw (CVE-2024-38178) in “Operation Code on Toast” CVE-2024-38178 - TA-RedAnt - Operation Code on Toast

North Korean Hackers Exploit Zero-Day Flaw (CVE-2024-38178) in “Operation Code on Toast”

Do Son October 16, 2024

A joint report by AhnLab Security Emergency response Center (ASEC) and the National Cyber Security Center (NCSC)...

SHROUDED#SLEEP: APT37’s Advanced Evasion and Persistence Tactics in Southeast Asia VeilShell-backdoor

SHROUDED#SLEEP: APT37’s Advanced Evasion and Persistence Tactics in Southeast Asia

Do Son October 6, 2024

In a recent discovery, the Securonix Threat Research team, led by Den Iuzvyk and Tim Peck, has...

ScarCruft Strikes: North Korea’s Cyber Espionage Against Media and Experts Unveiled ScarCruft threat actor

ScarCruft Strikes: North Korea’s Cyber Espionage Against Media and Experts Unveiled

Do Son January 22, 2024

In the intricate web of global cyber espionage, the activities of state-sponsored Advanced Persistent Threat (APT) groups...

Cyberattackers Target South Korean Inboxes with LNK Weaponry Konni group

Cyberattackers Target South Korean Inboxes with LNK Weaponry

Do Son December 19, 2023

Cybersecurity specialists at Qi An Xin have unearthed malicious LNK files specifically targeting users in South Korea....

North Korea hacker group APT37 is using zero-day vulnerability to attack Japan, Vietnam and the Middle East countries

Do Son February 27, 2018

On February 2, 2018, a research team from FireEye, a cyber-security company, published a blog detailing how...

Critical Alert 1 Active Exploit Detected Today