At a glance.
- North Korea's APT37 is distributing M2RAT.
- Multilingual BEC attacks, and how they happen.
- Grand Theft Auto: now also a TikTok challenge.
- The cyber labor force and how it might fare during layoffs.
- Assessing the cyber phase of Russia's war at the first anniversary of the invasion approaches.
- Killnet's attempt to rally hacktivists and criminals to the cause of Russia.
North Korea's APT37 is distributing M2RAT.
North Korea’s APT37 (also known as “RedEyes or “StarCruft”) is distributing a new strain of malware dubbed “M2RAT,” according to a report from AhnLab Security Emergency Response Center (ASEC). ASEC spotted M2RAT being distributed via phishing emails last month. The emails contain documents that will execute shellcode by exploiting an EPS vulnerability in the Hangul word processor, which BleepingComputer notes is commonly used in South Korea. The shellcode will download a JPEG image to the victim’s machine, then uses steganography to extract code that will download M2RAT. The malware is designed to exfiltrate data via keylogging and screenshotting. M2RAT will also scan for mobile devices that are connected to the infected machine, and will transfer any documents or voice recordings to the PC. ASEC explains that APT37 usually targets “human rights activists, journalists, and North Korean defectors.” The researchers note that since the threat actor targets individuals and personal devices rather than companies with expensive security solutions, the victims often don’t know they’ve been compromised. For more on APT37, see CyberWire Pro.