Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

North Korean APT37 Cyber Attack Campaign

July 31, 2023
Reading Time: 2 mins read
in Alerts
North Korean APT37 Cyber Attack Campaign

 

An ongoing cyber attack campaign, known as STARK#MULE, has targeted Korean-speaking individuals using U.S. Military-themed document lures to trick them into running malware on compromised systems. The attacks are attributed to APT37, a North Korean nation-state actor known for targeting South Korea, particularly government officials and those involved in reporting on North Korea and supporting defectors. The group has historically relied on social engineering to phish victims and deliver malware, but recent campaigns have showcased an expansion of offensive tactics, including the use of compromised Korean e-commerce websites for staging payloads and command-and-control (C2) operations to evade detection by security solutions.

The phishing emails in this campaign use U.S. Army recruitment messages to convince recipients to open ZIP archive files, containing a decoy PDF and a rogue “Thumbs.db” file that executes further stagers and establishes persistence. The attack utilizes modules retrieved from compromised e-commerce websites to gather system details and establish connections. The disclosure comes alongside APT37’s use of CHM files in phishing emails impersonating security communications to deploy information-stealing malware and other binaries.

APT37 is part of a group of North Korean state-sponsored actors, including the Lazarus Group, known for perpetrating financial theft and gathering intelligence for political and national security objectives.

The Lazarus Group and its sub-clusters, Andariel and BlueNoroff, have been observed leveraging a new backdoor called ScoutEngine and a rewritten version of the MATA framework (MATAv5) in intrusions targeting defense contractors in Eastern Europe.

Kaspersky describes the malware as sophisticated, with advanced architecture that makes use of loadable and embedded modules and plugins, employing Inter-Process Communication (IPC) channels and a diverse range of commands to establish proxy chains across various protocols within the victim’s environment. With the rise of cyber threats from state-sponsored actors like APT37 and Lazarus Group, users are advised to be cautious of phishing emails and refrain from opening attachments from unknown sources to avoid falling victim to sophisticated cyber attacks.

Reference:
  • Detecting Ongoing STARK#MULE Attack Campaign Targeting Victims Using US Military Document Lures
Tags: APT37Cyber AlertCyber Alerts 2023CyberattackCybersecurityJuly 2023MalwareNorth KoreaPhishingSTARK#MULEUSAVulnerabilities
ADVERTISEMENT

Related Posts

Glibc Flaw Gives Linux Root Access Risk

Mozilla Urgent Firefox Patch Fixes RCE Flaws

May 19, 2025
Fileless Remcos RAT Delivery Via LNK Files

ModiLoader Malware Targets Windows Users

May 19, 2025
Glibc Flaw Gives Linux Root Access Risk

Glibc Flaw Gives Linux Root Access Risk

May 19, 2025
Fileless Remcos RAT Delivery Via LNK Files

APT28 RoundPress Webmail Hack Steals Emails

May 16, 2025
Fileless Remcos RAT Delivery Via LNK Files

FBI Warns of AI Voice Phishing Scams

May 16, 2025
Fileless Remcos RAT Delivery Via LNK Files

Fileless Remcos RAT Delivery Via LNK Files

May 16, 2025

Latest Alerts

Mozilla Urgent Firefox Patch Fixes RCE Flaws

ModiLoader Malware Targets Windows Users

Glibc Flaw Gives Linux Root Access Risk

Fileless Remcos RAT Delivery Via LNK Files

FBI Warns of AI Voice Phishing Scams

APT28 RoundPress Webmail Hack Steals Emails

Subscribe to our newsletter

    Latest Incidents

    Massive DDoS Hits Poland’s Civic Platform

    Arla Plant Cyberattack Halts Operations

    Georgia’s Harbin Clinic Hit by Data Breach

    Hackers Target Swiss Reserve Power Plant

    Coinbase Insider Attack Exposed User Data

    Cyberattack Hits J Batista Group

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial