BTC $51524.6928
ETH $3102.2833
BNB $384.2776
SOL $103.2311
XRP $0.5405
ADA $0.5849
AVAX $36.9511
TRX $0.1377
DOGE $0.0856
wstETH $3587.3896
LINK $18.6494
DOT $7.8438
WETH $3100.0078
UNI $11.0945
MATIC $0.9971
WBTC $51554.8458
IMX $3.3401
ICP $12.4013
LTC $70.0025
BCH $266.3236
CAKE $3.1426
FIL $8.1456
ETC $27.0947
RNDR $7.2587
DAI $1.0009
KAS $0.1676
HBAR $0.1071
ATOM $10.3461
INJ $35.4309
VET $0.0467
TON $2.0697
OKB $50.3127
FDUSD $0.9994
LDO $3.3633
GRT $0.3004
ARB $1.8920
XMR $128.8577
TIA $16.5811
XLM $0.1156
STX $2.5143
ENS $22.4126
NEAR $3.6605
APEX $2.4601
WEMIX $2.0774
MKR $2060.5410
BEAM $0.0332
MNT $0.8950
BTC $51524.6928
ETH $3102.2833
BNB $384.2776
SOL $103.2311
XRP $0.5405
ADA $0.5849
AVAX $36.9511
TRX $0.1377
DOGE $0.0856
wstETH $3587.3896
LINK $18.6494
DOT $7.8438
WETH $3100.0078
UNI $11.0945
MATIC $0.9971
WBTC $51554.8458
IMX $3.3401
ICP $12.4013
LTC $70.0025
BCH $266.3236
CAKE $3.1426
FIL $8.1456
ETC $27.0947
RNDR $7.2587
DAI $1.0009
KAS $0.1676
HBAR $0.1071
ATOM $10.3461
INJ $35.4309
VET $0.0467
TON $2.0697
OKB $50.3127
FDUSD $0.9994
LDO $3.3633
GRT $0.3004
ARB $1.8920
XMR $128.8577
TIA $16.5811
XLM $0.1156
STX $2.5143
ENS $22.4126
NEAR $3.6605
APEX $2.4601
WEMIX $2.0774
MKR $2060.5410
BEAM $0.0332
MNT $0.8950
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • North Korean hackers steal data via MP3 files

    Yandex and Microsoft clouds have also become sponsors of spy campaigns against South Korea.

    Security researchers at security firm Check Point have discovered that the North Korean gang ScarCruft has been using LNK files to deliver the RAT Trojan RokRAT since July 2022.

    ScarCruft (APT37, InkySquid, Nickel Foxcroft, Reaper, RedEyes, and Ricochet Chollima) is a threat group that exclusively targets South Korean individuals and entities as part of spear-phishing attacks designed to deliver multiple backdoors and carry out espionage.

    The main malware of the group is RokRAT (DOGCALL for Windows, CloudMensis for macOS, RambleOn for Android), which means that the backdoor is actively developed and maintained. RokRAT and its variants are designed to perform a wide range of activities such as:

    theft of credentials;
    data exfiltration;
    capture screenshots;
    collection of system information;
    execution of commands and shellcode;
    file and directory management.

    The collected information, some of which is stored as MP3 files (for disguise), is sent to the attacker via the Dropbox, Microsoft OneDrive, pCloud and Yandex Cloud cloud services in an attempt to present the messages to the C2 server as legitimate.

    Other malware used by the group includes but is not limited to Chinotto, BLUELIGHT, GOLDBACKDOOR, Dolphin, and M2RAT. Another attack wave in November 2022 used ZIP archives containing LNK files to deploy the Amadey loader to deliver additional payloads.

    Check Point said that using an LNK file can initiate the same effective infection chain with a simple double-click, which is more reliable than n-day exploits or Microsoft Office macros that require additional clicks to infect.

    Author DeepWeb
    The US will use AI to fight slavery and drug trafficking
    a new ReconShark malware can settle in an infected system for a long time

    Comments 0

    Add comment