ScarCruft Hackers Exploit Ably Service for Stealthy Wiretapping Attacks

2023-06-21 16:16

The North Korean threat actor known as ScarCruft has been observed using an information-stealing malware with previous undocumented wiretapping features as well as a backdoor developed using Golang that exploits the Ably real-time messaging service.

"The threat actor sent their commands through the Golang backdoor that is using the Ably service," the AhnLab Security Emergency response Center said in a technical report.

ScarCruft is a state-sponsored outfit with links to North Korea's Ministry of State Security.

"The RedEyes group carries out attacks against specific individuals such as North Korean defectors, human rights activists, and university professors," ASEC said.

CHM files have also been employed by other North Korea-affiliated groups such as Kimsuky, what with SentinelOne disclosing a recent campaign leveraging the file format to deliver a reconnaissance tool called RandomQuery.

In a new set of attacks spotted by ASEC, the CHM files are configured to drop a BAT file, which is then used to download next-stage malware and exfiltrate user information from the compromised host.

News URL

https://thehackernews.com/2023/06/scarcruft-hackers-exploit-ably-service.html

#attack #exploit #hacker

News URL

Related news