Lazarus Group

ScarCruft Uses RokRAT in HanKook Phantom Campaign Targeting South Korea

Cybercrime, News, Privacy, Risk

September 1, 2025

Researchers have uncovered a targeted phishing campaign by North Korea-linked ScarCruft (APT37), dubbed Operation HanKook Phantom, delivering RokRAT to South Korean academics, former officials, and researchers via a manipulated LNK attack chain and PowerShell-based payloads, with exfiltration to multiple cloud services and a willingness to use decoy documents tied to high-profile statements.
North Korea’s Lazarus Group Shifts Tactics; Canadian City Faces Major Security Costs

Cybercrime, News, Policy, Vulnerabilities

August 4, 2025

North Korea’s Lazarus Group has reportedly transitioned to tactics involving the distribution of malware-laden open-source software, raising concerns over cybersecurity. Meanwhile, the city of Hamilton has incurred major costs due to a significant ransomware attack amid a slow rollout of security measures, while ethical hackers eye substantial rewards in the upcoming Pwn2Own competition. Additionally, CISA…