BTC $57054.0562
ETH $3243.0497
BNB $394.9600
SOL $108.4177
XRP $0.5865
stETH $3239.3493
ADA $0.6239
AVAX $39.2702
DOGE $0.0977
TRX $0.1428
wstETH $3750.7519
DOT $8.3691
LINK $19.0300
WETH $3348.6813
MATIC $1.0282
UNI $10.8579
WBTC $56903.9273
IMX $3.3452
ICP $13.0217
BCH $292.5040
LTC $74.0124
CAKE $3.1570
ETC $28.0992
LEO $4.3640
FIL $7.6578
KAS $0.1689
RNDR $7.2011
DAI $1.0000
ATOM $11.2097
HBAR $0.1082
INJ $40.1071
VET $0.0489
TON $2.1280
OKB $51.4855
FDUSD $0.9985
LDO $3.4670
STX $2.9465
XMR $135.8398
XLM $0.1230
ARB $1.8948
NEAR $3.9608
TIA $17.0031
WEMIX $2.3756
GRT $0.2795
ENS $22.1963
MKR $2154.9330
APEX $2.3329
BTC $57054.0562
ETH $3243.0497
BNB $394.9600
SOL $108.4177
XRP $0.5865
stETH $3239.3493
ADA $0.6239
AVAX $39.2702
DOGE $0.0977
TRX $0.1428
wstETH $3750.7519
DOT $8.3691
LINK $19.0300
WETH $3348.6813
MATIC $1.0282
UNI $10.8579
WBTC $56903.9273
IMX $3.3452
ICP $13.0217
BCH $292.5040
LTC $74.0124
CAKE $3.1570
ETC $28.0992
LEO $4.3640
FIL $7.6578
KAS $0.1689
RNDR $7.2011
DAI $1.0000
ATOM $11.2097
HBAR $0.1082
INJ $40.1071
VET $0.0489
TON $2.1280
OKB $51.4855
FDUSD $0.9985
LDO $3.4670
STX $2.9465
XMR $135.8398
XLM $0.1230
ARB $1.8948
NEAR $3.9608
TIA $17.0031
WEMIX $2.3756
GRT $0.2795
ENS $22.1963
MKR $2154.9330
APEX $2.3329
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • North Korean hackers steal data via MP3 files

    Yandex and Microsoft clouds have also become sponsors of spy campaigns against South Korea.

    Security researchers at security firm Check Point have discovered that the North Korean gang ScarCruft has been using LNK files to deliver the RAT Trojan RokRAT since July 2022.

    ScarCruft (APT37, InkySquid, Nickel Foxcroft, Reaper, RedEyes, and Ricochet Chollima) is a threat group that exclusively targets South Korean individuals and entities as part of spear-phishing attacks designed to deliver multiple backdoors and carry out espionage.

    The main malware of the group is RokRAT (DOGCALL for Windows, CloudMensis for macOS, RambleOn for Android), which means that the backdoor is actively developed and maintained. RokRAT and its variants are designed to perform a wide range of activities such as:

    theft of credentials;
    data exfiltration;
    capture screenshots;
    collection of system information;
    execution of commands and shellcode;
    file and directory management.

    The collected information, some of which is stored as MP3 files (for disguise), is sent to the attacker via the Dropbox, Microsoft OneDrive, pCloud and Yandex Cloud cloud services in an attempt to present the messages to the C2 server as legitimate.

    Other malware used by the group includes but is not limited to Chinotto, BLUELIGHT, GOLDBACKDOOR, Dolphin, and M2RAT. Another attack wave in November 2022 used ZIP archives containing LNK files to deploy the Amadey loader to deliver additional payloads.

    Check Point said that using an LNK file can initiate the same effective infection chain with a simple double-click, which is more reliable than n-day exploits or Microsoft Office macros that require additional clicks to infect.

    Author DeepWeb
    The US will use AI to fight slavery and drug trafficking
    a new ReconShark malware can settle in an infected system for a long time

    Comments 0

    Add comment